By Amit Sharon, Head of Global Customer Community & Market Intelligence, Check Point
I recently met with a major aerospace company and their IT security manager to explore how the organization protects its corporate and national security assets, while maintaining the ability to support and scale highly burstable traffic loads across a global network.
This major aerospace customer is a leader in technologically advanced and intelligent solutions for the global aerospace and defense industry. Its network infrastructure consists of almost a dozen nodes spread around the globe. The infrastructure is capable of delivering massive bandwidth to any link, but traffic is uneven, and can often spike from one to 10 gigabits per second for long periods. The security team had to find a solution that would allow them to scale on demand and stay secure in the face of these dynamically changing bandwidth requirements or overall latency would increase, thus violating customer SLA’s.
Below is an excerpt from our discussion:
Amit Sharon: The threat landscape is constantly changing. How are your security priorities evolving to keep pace with today’s more sophisticated threats?
IT Manager: When we were charged with upgrading our security infrastructure to meet Gen V and future cyber threats, we knew it would not be an easy task. It is no longer enough to protect just North-South traffic; we have to secure East-West traffic as well, along with addressing insider security threats that are becoming more and more prevalent in our industry. We protect all data in transit to make sure what is inside, stays inside.
Amit Sharon: When it was time to choose a security solution, you had many choices. How did you select Check Point?
IT Manager: We decided to hold a “Next-Generation Firewall Bake-Off” and invited five companies to compete in a vigorous trial. We wanted a single security vendor to avoid any finger-pointing in case of potential issues. We also sought a supplier with a proven track record of releasing cutting-edge technology that addressed new types of threats. Check Point 6500 Firewalls, along with the Maestro Hyperscale Orchestrator and R80 Unified Security Management, stood far above the competition. The 6500 Next Generation Firewalls provided the foundation of our security architecture. We enabled the Check Point Intrusion Protection System (IPS), Site-to-Site VPN, Mobile Access, Application Control, URL Filtering, Content Awareness (data security), Identity Awareness, Anti-Bot, and Anti-Virus Protection. These features stopped virtually all incoming attacks.
Amit Sharon: Your network traffic spikes frequently. How do you accommodate these sudden shifts, without impacting customer SLAs?
IT Manager: The Maestro Hyperscale Orchestrator allows us to scale our throughput up or down instantly as required by our customers. It provides near-instantaneous flexibility and scalability across our network’s multiple nodes, without physically changing hardware. Check Point’s Maestro Hyperscale Orchestrator allows us to add capacity on the fly, allowing us to optimize our network and provide the customer with the best experience and lowest latency possible.
Amit Sharon: How do you keep track of such a dynamic environment, and get out in front of changing needs?
IT Manager: The Check Point R80 Unified Security Management system provides tools our IT team needs to monitor their network, respond proactively to potential issues, and develop and test new changes before implementing them in the production environment. R80 gives us a single pane of glass to look through instead of needing to look in multiple locations. Because it acts as a single, unified system with Maestro, we can now implement policies that follow the frequent changes we make in our network, making our work much easier.
For more information about this aerospace enterprise and how they leverage their Hyperscale solution watch the video and read the full story here. Visit the website to learn more about Check Point Maestro or request a demo now!