We have made Check Point Security Checkups for many of our customers or sales prospects. This is done via a mirror port configuration (sk83500: How to run a Mirror Port Proof of Concept) of a firewall gateway together with a security management server and SmartEvent.
Today Check Point announced a new R80 version of the Security Checkup in the Cloud (sk112732). This made me curious.
With the cloud version you still need to install a firewall gateway in monitoring mode and a security management server – separately or on the same hardware. You do not need SmartEvent anymore. When you start collecting logs you send them to a management server in the AWS cloud by issuing a script. (You may also send pre-collected log files.) The corresponding Admin Guide states for the log collection and sending:
Download CloudReportGenerator.tgz from the package to the GW
Running the Script
- Copy the attached TGZ file to a directory on the gateway
- Extract the file: tar -zxvf CloudReportGenerator.tgz
- Run the setup script: cd cloudReportGenerator; ./setup.sh
- Follow the setup wizard and fill in the details
- User center name
- User center password
- Full Name
- Customer Name
- Email you want the report to be sent
- Security checkup report language
- Number of days till the logs will be uploaded to the cloud management (recommended – at least 7 days for live checkup) In case you want to run the script at present and sample number of days back choose 0 in the previous section and enter the number of days you would like to sample back
- You need to get a message ‘Setup wizard completed!’
I have not tried this “at home”™ by now but I am very, very curious to know which languages are available for the report. We have some customers being very unhappy with the English versions. And I am curious to see the new reports.
After uploading all logs you will get an e-mail to the address configured with the setup script. This e-mail shall contain two reports, an anonymized and an advanced one. Both are encrypted with Capsule Docs using the User Center account configured. You will also get a link to a SmartView to look into the incidents and create further custom reports.
Since the data is processed in the AWS cloud Check Point asks to sign a legal agreement before.
I am not quite sure if I will be a fan of this new approach to Security Checkups. I see advantages
- You can select other languages for the report besides English. (I do not know which these are by now.)
- You have not to deal with SmartEvent. (But: This does not seem to be a big value for me.)
- Since it is R80 I would expect the reports to look better than in R77.30.
- The customers data is processed in the cloud. This is a real problem for many of our customers, even if the cloud data center is not located within and operated from Germany. This cloud processing will bring up issues with worker’s councils and privacy protection laws. Worker’s councils have been an issue with the onsite generation of security reports, too. But we have to expect more discussions.
- The customer has to sign a legal agreement. This will be in English language and is one more action for the customer that will involve management and legal department. Process complexity raises this way.
- The usage of Capsule Docs adds security to the process but requires more steps when forwarding the findings to the customer.
At the moment I am not convinced that Check Point is on the right way with the cloud solution. In my opinion the disadvantages weigh more than the advantages. But we will see how the acceptance on the customer’s side is. Maybe I will write about that, too. And maybe you see things different and want to discuss that. You are welcome.