• Next-generation security prevention, protection and performance
• Industry-leading intrusion protection and firewall—as tested NSS Labs—delivers 1,000s of signature, behavioral and preemptive protections
• Check Point is ranked #1 in Microsoft and Adobe threat coverage
• Combines with best-of-breed firewall, application control, URL filtering, DLP and more on the most comprehensive, network-class next gen firewall
• Unrivaled, multi-Gigabit performance in an integrated IPS
• Up to 15 Gbps of IPS and 30 Gbps of firewall throughput
• Stateful Inspection and SecureXL technology deliver multi-tier IPS inspection and accelerated IPS throughput
• CoreXL technology provides the most efficient and high-performance use of multi-core technologies
• Lowest TCO and fastest ROI of any enterprise-class firewall solution
• One-click activation of IPS and firewall protection on any Check Point gateway
• Delivers unmatched extensibility and flexibility—all without adding CapEx
• Integrated into Check Point Software Blade Architecture for on-demand security

• Malware attacks
• Dos and DDoS attacks
• Application and server vulnerabilities
• Insider threats
• Unwanted application traffic, including IM and P2P
• Geo-protections

• New protections sandbox – Build confidence in a ‘sandbox’ environment with no impact on your network.
• Automatic protection activation – Activation of new protections, based on configurable parameters (performance impact, confidence index, threat severity). The difficulties of constant, individual management of thousands of protections are eliminated.
• Unified Management – The IPS blade is configured and managed through a common Check Point management interface—the same one used to manage other security gateway Software Blades and Check Point dedicated IPS.
• Configurable, actionable monitoring – Track events through detailed reports and logs of what is most important. The new Security Management Software Blade for IPS and Security Provisioning Software Blade simplify threat analysis and reduce operational overhead.
• Business-level views – Customizable reports provide easy monitoring of critical security events associated with your business-critical systems.
• Multi-dimensional sorting – Drag-and-drop columns of event data and the information will be automatically re-ordered.
• Actionable event logs – Edit the associated protection, create an exception or view packet data directly from log entries.

Multi-Factor Authentication

•     CAP / DPA
•     VISA CodeSure
•     Digital signatures
•     Matrix cards
•     OATH (HOTP / TOTP / OCRA)
•     OTP proprietary tokens (e.g. Vasco)
•     Pattern recognition
•     PKI
•     Secure fax
•     Smart phone applications (e.g. Cryptomathic)
•     SMS OTP
•     Static & partial user name and password

Authentication End-to-end Security

The Authenticator provides a much more secure and comprehensive solution than any other authentication systems - addressing a variety of issues such as audit, compliance and dual control. Here are some of the features:

•     HSMs (Hardware Security Modules), securing cryptographic keys and authentication data
•     Attack detection, e.g. invalid authentication attempts
•     Administrator Security - remote admin client, chip
•     Card log-on, separation of duties and dual controls
•     Tamper evident audit logs, including usage log and security log
•     Database, e.g. HSM encryption

Flexible & Future Proof

Criminals try to defraud users and steal their identities and in various simple and sophisticated ways. The Authenticator addresses relevant attacks and we will continue to add best in class authentication methods over time that foil future attacks ensuring that our customers stay ahead of the criminals. Current major attacks include:

•     Internal Attack
•     Man-In-The-Browser
•     Man-In-The-Middle
•     Mining
•     Pharming
•     Phishing
•     Social Engineering
•     Trojan

Authentication Scalability

The solution is the best 2FA solution for large roll-outs due to its performance and scalability features:

•     Fail-over, e.g. back-up or disaster recovery
•     Clustering
•     Load balancing across servers and HSMs

Authenticator Return on Investment

Support for multiple authentication mechanisms allow companies to achieve full flexibility in adapting and modifying token strategies while avoiding token vendor lock-in.

This ensures the highest ROI of all authentication servers as our customers can shop around for the most cost efficient authentication method.

Industrial data diode designed to deliver the highest level of security to OT networks like industrial control systems (ICS) and safety critical infrastructure via physical isolation when there’s a need to connect them to a lower security network (IT Networks or Internet) for replication or analytics.

The DCU is designed and manufactured in Germany, its chip design forces data to flow one-way only using a unique electromagnetic induction design, to collect data and guarantee that there’s no physical path for remote access to the OT Network.

The DCU has a software complement called, OWG (One-way gateway) software, its two agents, a OWG sender capable of data collection of several protocols (FTP, OPC UA, Syslog), filtering and aggregating data in the OT network (Edge) to then push it thru the DCU and a OWG receiver, which receives data from the DCU and can be configured to send it directly to the cloud (AWS or MindSphere) or to another computer in the IT network.

The DCU and OWG are vendor neutral and support Windows or Linux systems.

• Broad platform support in SELinux®

• Highly configurable and modular to allow interconnection of multiple classifications, programs, compartments, and countries

• Rapid deployment of a proven system

• Easily integrated into existing systems and workflows

• Cost competitive to fit within budgetary constraints

• Allows local development of rule sets and integration of applications

• Complete solutions incorporating content review, data labelling, MAC, RBAC, audit, etc. and high-speed one-way transfer (10Gb Ethernet)

• Transfer files (using SMB, FTP/FTPS, SFTP/SCP)
• Transfer email (SMTP)
• Synchronize time (NTP)

• Forward UDP and TCP data streams (e.g. SYSLOG, SNMP, video streams, etc.)
• In combination with additional industrial software modules from Fox-IT replicate Modbus, OPC and OSIsoft PI
• Easy customization possible
• Adjusted proxy server specifications
• Extra protocol support
• Integrated content filtering

• The multilingual, easy-to-use web interface
• Bandwidth increased up to 890 Mbps

• Guaranteed one-way network connection, enforced in hardware
• Common Criteria certified EAL 7+
• NATO certified for the SECRET level
• Satisfies the requirements of a data diode as set out in NERC-CIP CAN-0024

• Multiplexable: A single Fox DataDiode setup can support as many protocols and data channels as you wish, as long as the bandwidth permits; some alternative solutions require you to buy a separate diode for every single feature.
• 100% hardware solution: some alternative solutions depend on embedded firmware and are essentially low-level software solutions.
• Common Criteria certification at level EAL7+: alternative solutions are only certified to level   EAL4+ at most.
• Independent vendor: Fox-IT is from an independent state. The Fox DataDiode has been independently evaluated by labs from all over the world, including labs linked to the governments of the US, Russian Federation and India.
• Transparent solution: With the Fox DataDiode, you have clarity upfront. There is a clear distinction between the security guarantee and the solution middleware. Some alternative solutions have blurry distinctions such it is unclear how and where the security claim is guaranteed or implemented.

• Adapted to run online connected to our smart system

 

• Adapted to run fully offline for isolated and confidential networks

 

• Your information belongs to you. No “Cloud” technology.

 

• 0 impact on your production environment: connects with TAP or port mirroring

 

• Detection of complex, hidden and obfuscated attacks
• Compatible with all SIEMs available on the market
• Intuitive dashboards and smarter analytics

• Critical infrastructures in transportation

• Power and chemical plants

• Reliably protect networks from external cyber threats through singular data flow

• Securely transfer Ethernet data to the public internet without putting the system at risk

• Easily explain product functionality for simpler governmental approval processes

• Secure Ethernet ports that are safe from vulnerabilities

• Quick data transmission speed for timely monitoring

• Hardware-based device for easy-to-understand operation

• Standard RJ45 and vibration-proof M12 connectors

• Redundant voltage supply for greater availability, including 24 VDC, 110 VDC and 110/230 VAC

• Conformal coating for protection from harsh elements

• Industry-approved for use onboard trains and along railway tracks

• TCP SYN+ACK
• TCP FIN
• TCP RESET
• TCP ACK
• TCP ACK+PSH
• TCP Fragment
• UDP
• Slowloris
• Spoofing
• ICMP
• IGMP
• HTTP Flood
• Brute Force
• Connection Flood
• DNS Flood
• NXDomain
• Mixed SYN + UDP or ICMP + UDP Flood
• Ping of Death
• Smurf
• Reflected ICMP & UDP
• As well as other attacks

• 9.1 Gbit/s;
• Multi Protocol;
• Secure Architecture,

• Database replication / updates;
• Transfer of sensor data (e.g. Radar, ELINT, Satellite);
• Lawful interception;
• Video / Audio streaming;
• Remote Screen View / Website mirror;
• Patch management and malware signatures;
• Logging and backup;
• Secure printing.

• Database / Server replication (e.g. OPC, Modbus, Historian);
• Transfer of OT data;
• IT service management;
• Managed security services (SIEM to SOC);
• Video / Audio streaming;
• Remote Screen View;
• Patch management and malware signatures;
• Logging and backup;
• Secure printing.

• 100% guaranteed one-way information exchange

• Common Criteria EAL7+ evaluated

• High transfer speed and data reliability

• High throughput, ruggedised and small form factor options available

• Secure data transfer to the isolated network(s)

• Prevents data leakage from secure networks

• Range of evaluations to simplify accreditation

OPDS-5D

OPDS-100D

OPDS-100

OPDS-1000

EPDS

The  most  powerful  and  capable  data  diode  solution  available  on  the  market,  the  EPDS  integrates  patented  Owl DualDiode® communication cards into two commercial enterprise servers, providing maximum processing power  and  storage.  The  EPDS  operates  on  a  hardened  Linux  operating  system  and  supports  upgradable  link  speeds from 155 Mbps up to 10 Gbps.