What's New in R75
Check Point R75 is based on the Software Blades Architecture.Identity Awareness in the Check Point Security Gateway
- Identity based Firewall and Application Control polices including users, user-group and machines.
- Logging of User Identities makes troubleshooting simpler and allows better trend analysis.
- Multiple and flexible methods for obtaining user identity including seamless integration with Active Directory (no need to install agent on Domain Controller), captive web portal for clientless user authentication or thin client for strong authentication and impersonation prevention based on unique patent-pending technology for light signature of packet information.
- Scalable identity sharing between multiple gateways to identify users in one or many sites and share with other gateways in the same or different sites.
- Granular Application Control to identify, allow or block thousands of applications.
- Largest application library with AppWiki - Comprehensive application control leveraging the largest application library that scans and detects more than 100,000 applications and Social Network widgets.
- Auto-updates for applications database on the gateway (NO need to re-install policy).
- Detect rapidly changing Social Network Widgets via online service.
Check Point's innovative Data Loss Prevention, now available as an integrated Software Blade.
- Prevents data loss of critical business information.
- Network-based solution prevents breach of corporate data.
- Compliance with data protection standards (such as PCI-DSS, HIPPA, GLBA, SOX, etc).
- Cutting edge technology for DLP processes enforcement.
- Innovative MultiSpect data classification engine combines users, content and process into accurate decisions.
- New UserCheck technology empowers users to remediate incidents.
- Low maintenance, self-educating system - does not require IT/security personnel in incident handling while educating the users on proper data sharing policies.
- Easy deployment for immediate data loss prevention.
- Less than one day deployment of preventative DLP solution.
- Over 250 pre-defined types to create your own policy.
- Better control and auditing capabilities with centralized security management.
- New DLP features:
- ClusterXL HA support - quarantine database is synchronized between cluster members.
- Incident storage at Management server.
- Remote Access - SSL VPN technology is used for secure encrypted communication from unmanaged mobile devices, PCs and Macs to your corporate IT infrastructure.
- Check Point Mobile Client - for simple and secure connectivity to corporate resources from smartphones and PCs.
- Mobile Access Portal - for connecting securely to corporate resources through a portal from a web browser.
- SSL Network Extender (On-demand client - SNX) - Best for secure connectivity to corporate resources using non-web-based applications via an on-demand, dissolvable client.
Endpoint Security VPN introduces the Next Generation of SecureClient, including 64-bit support. It provides mobile users seamless and secure connectivity to corporate resources by establishing an encrypted and authenticated IPSec tunnel with Check Point Security Gateways.
Enhanced IPS signature support
- Increase scalability of the IPS engine when adding many more protections.
- Decrease memory footprint (currently some pattern based protections require large memory footprint).
- Provide a new framework for using non-regular keywords replacing complex regular expressions.
- Enhance the IPS engine to support simpler and more efficient CIFS and DCE-RPC protections.
- R75 supports the new licensing scheme of Multi-Domain Security Management. You can easily convert an existing Security Management deployment to a Multi-Domain Security Management deployment by adding Software Blades.
- Security Management Server supports Series 80 Appliances gateways for centrally managed branch offices.
- You can set a different authentication method per blade on the same gateway. For example, a user can login to Mobile Access with certificate authentication and login to DLP with username and password authentication.
In Gateway Properties, configure the desired authentication method for IPSec VPN and Mobile Access in its respective Authentication page, and for Identity Awareness in its Authentication Settings page. - You can now use multiple portals over port 443 and port 80. For example, the SecurePlatform Web User interface and the Mobile Access portal can both be on port 443. In the SmartDashboard Gateway properties window, set the Portal URL for the different portals on the portal configuration pages.
- The user search for remote access users works according to the user groups. If a user authenticates with an IPSEC VPN client and the user is in the LDAP groups of a Remote Access VPN Community, then the user will be found in the LDAP server. If a user authenticates to the Mobile Access portal, and the user is defined in the Access to Application rules as part of the Internal Database groups, the user will be found in the Internal Database.