Keeping Remote-Access Security In "Check"
The feature set of Connectra NGX clearly demonstrates that Check Point has taken into account all the needs of an organization supporting remote users. Solution providers will find SSL VPN connectivity, and endpoint and application security all integrated into a single platform, using a common management console. That combination brings together all the necessary elements to create a secure pipeline between a remote user and the home office, yet is still easy to deploy and manage.
Solution providers will find the initial product installation almost plug and play. The ease of installation could be a detriment in some circumstances, because installers may skip the planning phase when first deploying the product. Solution providers have several choices when it comes to deploying the Connectra appliance: The product can be installed in the DMZ and act as a primary gateway for remote users or inside the network, as part of the internal LAN.
For most sites, installing the product in the DMZ makes the most sense because the primary function of Connectra NGX is to enable secure, verified access for remote users. Administrators with high-demand networks also can deploy Connectra NGX in a cluster, allowing numerous concurrent connections into the network without increased latency.
CRN Test Center engineers went the DMZ route when testing Connectra NGX. A single Connectra NGX appliance was connected to a test network for setup and evaluation. Engineers found the unit as easy to setup as advertised. The product's ability to secure remote clients offers a powerful level of protection, not seen on many SSL type solutions. When a remote client attaches, a defined policy is enacted, which can detect and disable spyware on the client PC, enforce security policies and ensure session confidentiality. That level of endpoint security allows remote users to connect from almost any machine, including public PCs or unmanaged PCs. Since confidentiality is assured, worries about identity theft or password cracking is greatly reduced.
Administrators have the option of enacting application security. Connectra's take on application security is defined by the product's built-in application intelligence. In other words, the product can identify what is normal for most popular apps and make sure nothing out of the norm happens to compromise security of the application.
Solution providers will find application intelligence included for e-mail access, network access, file sharing, remote control and several other elements. For applications not natively supported, administrators have the ability to define custom rules to help protect those applications. The basis for application security comes from defining users and groups. Connectra can integrate with any LDAP-compatible system and then use that information for access control. Users are authenticated to the system and then policies drive the level of access allowed. Administrators have granular control of user and group rights to applications and access events. The product's logging capabilities help administrators troubleshoot or investigate security-related problems, and also provide the basis for forensic or legislative requirements.
The company offers a five-tier channel program, which is well-defined but somewhat complex.
One of the levels is geared toward distribution, not solution providers. The entry level, Bronze, targets the SMB perimeter. A Bronze partner must be able to provide end users with any combination of procurement, installation and technical expertise for the Safe@ appliance and Express security products.
The next tier, Silver, focuses on the midsize enterprise space. Silver partners can engage end users in all market segments, including Perimeter, Internal and Web Security.
Gold-level partners must demonstrate a proven level of value-added sales, technical and support expertise, and provide solutions based on Check Point's entire product line. Check Point offers Co-op funds to Gold partners, along with lead generation. Gold-level partners are expected to focus on high-end and enterprise products and provide end users with proven procurement, consulting, integration, installation, training and technical support.
The top tier, Platinum, builds on the Gold-level offerings. Platinum partners are expected to have five CCSEs (Check Point Certified Security Experts) on staff. These partners also must achieve completion as sales experts in Perimeter, Internal and Web security focus, while focusing on high-end and enterprise products.
Margins vary greatly based upon distribution agreements, volume and partner level.
