The Right Security Architecture

When it comes to maintaining the best security, size doesn’t matter. Big or small, the dynamics of how companies secure their data have evolved as the security landscape has changed. In the past, security was focused on the perimeter, but today, it must be pervasive: everywhere, in everything and must move from simple access control at the perimeter to application and user awareness and full layer-7 threat prevention at multiple points throughout the environment.


The Right Security Architecture

The right architecture creates a framework for a stable security platform. By implementing the correct architecture, you eliminate single points of failure providing the necessarily strength and resiliency to maintain operations and security under any circumstances. Improper architecture is the most common cause for catastrophic failure that leads to unavailability and security issues.

The full topology of the environment must be known: every company network needs to be documented with known traffic flows. A properly segmented network will reduce the risk of a security failure that exposes systems to the outside world. In case of a compromise, the impact is minimized.

Regardless of the topology, we have solutions to fit: from the smallest SMB appliances to the largest 41k and 61k appliances as well as vSEC for virtualized environments. Most appliances can operate separate virtual systems (VS), each with their own security configuration and functions enabled. Further, most of the devices can be installed in an Active-Standby, Active-Active, or Virtual Systems Load Sharing configuration.

Resilience and segmentation must also be built into the systems that manage this security. We provide both through Multi-Domain Management. Specifically, you can have different policy package for different Virtual Systems in the same hardware. SmartLog and SmartEvent make it easy to find relevant security events. With the R80 release, management is even easier and more powerful!


The Human Element

Nothing is 100% secure. This will often be proved by the weakest link in the chain: humans. Even with the best technology, organizations that don’t have the right people to manage it can become vulnerable to a security attack due to misconfiguration. If people are improperly trained or (worse) disgruntled, they can misconfigure the technology, which can cause catastrophic and unrecoverable disaster to the company. We can reduce this insider threat by ensuring staff is properly trained and by creating a “politics free” environment.


Choosing the Right Security Technology

Security products should prevent the enemy from getting inside the corporate network. Detecting and blocking the threat only after it has penetrated the network does not really make any sense, especially when you can prevent it. I refer to this as “Second time prevention”.

Check Point SandBlast provides zero-day protection, utilizing both CPU and OS-level sandboxes and threat extraction technology to ensure end users only receive information free of malware. This technology can be deployed anywhere as part of a prevention-based architecture.



Without any doubt, you can protect your information assets partnering with right hands and the right technology. Check Point, as a product and technology company has proven its ability for decades.