• Next-generation security prevention, protection and performance
• Industry-leading intrusion protection and firewall—as tested NSS Labs—delivers 1,000s of signature, behavioral and preemptive protections
• Check Point is ranked #1 in Microsoft and Adobe threat coverage
• Combines with best-of-breed firewall, application control, URL filtering, DLP and more on the most comprehensive, network-class next gen firewall
• Unrivaled, multi-Gigabit performance in an integrated IPS
• Up to 15 Gbps of IPS and 30 Gbps of firewall throughput
• Stateful Inspection and SecureXL technology deliver multi-tier IPS inspection and accelerated IPS throughput
• CoreXL technology provides the most efficient and high-performance use of multi-core technologies
• Lowest TCO and fastest ROI of any enterprise-class firewall solution
• One-click activation of IPS and firewall protection on any Check Point gateway
• Delivers unmatched extensibility and flexibility—all without adding CapEx
• Integrated into Check Point Software Blade Architecture for on-demand security

• Malware attacks
• Dos and DDoS attacks
• Application and server vulnerabilities
• Insider threats
• Unwanted application traffic, including IM and P2P
• Geo-protections

• New protections sandbox – Build confidence in a ‘sandbox’ environment with no impact on your network.
• Automatic protection activation – Activation of new protections, based on configurable parameters (performance impact, confidence index, threat severity). The difficulties of constant, individual management of thousands of protections are eliminated.
• Unified Management – The IPS blade is configured and managed through a common Check Point management interface—the same one used to manage other security gateway Software Blades and Check Point dedicated IPS.
• Configurable, actionable monitoring – Track events through detailed reports and logs of what is most important. The new Security Management Software Blade for IPS and Security Provisioning Software Blade simplify threat analysis and reduce operational overhead.
• Business-level views – Customizable reports provide easy monitoring of critical security events associated with your business-critical systems.
• Multi-dimensional sorting – Drag-and-drop columns of event data and the information will be automatically re-ordered.
• Actionable event logs – Edit the associated protection, create an exception or view packet data directly from log entries.

• Identify, allow, block or limit usage of applications, and features within them
• Enable safe Internet use while protecting against threats and malware
• Leverage the world's largest application library with more than 6,600 web 2.0 applications

• Create granular policy definitions per user and group
• Integrate seamlessly with Active Directory
• Protect environments with social media and Internet applications

• Rely on 24/7 advanced protection
• Reap the benefits of application control and intrusion protection (IPS), as well as extensibility support for additional security capabilities
• Get greater understanding into security events with integrated, easy-to-use centralized management
• Join more than 170,000 customers, including 100 percent of Fortune 100 companies

• Querying the Active Directory
• Through a captive portal
• Installing a one-time, thin client-side agent

Check Point SandBlast Agent provides purpose-built advanced Zero-Day Protection capabilities to protect web browsers and endpoints, leveraging Check Point’s industry leading network protections.SandBlast Agent ensures complete real-time coverage across threat vectors, letting your employees work safely no matter where they are without compromising on productivity. Threat Emulation capability emulates unknown files in contained environment to detect malicious behaviors and prevent infections while Threat Extraction provides sanitized risk-free files to the users instantly.

Anti-Ransomware protection stops ransomware in its tracks and reverses the damage automatically, ensures organizations are protected against malicious extortion attacks that encrypt business data and demand ransom payment for its retrieval. Zero Phishing proactively blocks access to new and unknown deceptive websites and safeguards user credentials by preventing the use of corporate passwords on external websites.

SandBlast Agent captures forensics data with continuous collection of all relevant system events, and then provides actionable incident analysis to quickly understand complete attack lifecycle. With visibility into the scope, damage, and attack vectors, incident response teams maximize productivity and minimize organizational exposure.

Features:

• Threat Emulation: Evasion resistant sandbox technology
• Threat Extraction: Delivers sanitized risk-free files to users in real-time
• Anti-ransomware: Prevents and remediates evasive ransomware attacks
• Zero-Phishing: Blocks deceptive phishing sites and alerts on password reuse
• Anti-Bot: Identify and isolate infected hosts
• Anti-Exploit: Protects applications against exploit based attacks
• Behavioral Guard: Detects and blocks malicious behaviors
• Endpoint Antivirus: Protects against known malware
• Forensics: Records and analyzes all endpoint events to provide actionable attack forensics reports

Benefits:

• Advanced threat protection and automated endpoint forensic analysis for all malware types
• Prevents and remediates evasive ransomware attacks
• Proactively blocks known, unknown and zero-day malware
• Provides instant actionable understanding of attacks
• Automatically remediates infections
• Protects users credentials

The Cisco 4000 Family Integrated Services Router (ISR) revolutionizes WAN communications in the enterprise branch. With new levels of built-in intelligent network capabilities and convergence, it specifically addresses the growing need for application-aware networking in distributed enterprise sites. These locations tend to have lean IT resources. But they often also have a growing need for direct communication with both private data centers and public clouds across diverse links, including Multiprotocol Label Switching (MPLS) VPNs and the Internet.

The Cisco 4000 Family contains the following platforms: the 4461, 4451, 4431, 4351, 4331, 4321 and 4221 ISRs.

Features and Benefits

Cisco 4000 Family ISRs provide you with Cisco® Software Defined WAN (SDWAN) software features and a converged branch infrastructure. Along with superior throughput, these capabilities form the building blocks of next-generation branch-office WAN solutions.

Cisco Software Defined WAN

Cisco SDWAN is a set of intelligent software services that allow you to reliably and securely connect users, devices, and branch office locations across a diverse set of WAN transport links. SDWAN-enabled routers like the ISR 4000 dynamically route traffic across the “best” link based on up-to-the-minute application and network conditions for great application experiences. You get tight control over application performance, bandwidth usage, data privacy, and availability of your WAN links - control that you need as your branches conduct greater volumes of mission-critical business.

Cisco Converged Branch Infrastructure

The Cisco 4000 Series ISRs consolidate many must-have IT functions, including network, compute, and storage resources. The high-performance, integrated routers run multiple concurrent services, including encryption, traffic management, and WAN optimization, without slowing your data throughput. And you can activate new services on demand through a simple licensing change.

Cisco Intent Based Networking and Digital Network Architecture (Cisco DNA)

The last few years has seen a rapid transformation and adoption of digital technologies. This puts pressure on the on the Network teams supporting this changing infrastructure - especially when provisioning, managing, monitoring and troubleshooting these diverse devices. Additionally innovations such as Software Defined WAN (SDWAN), Network Function Virtualization (NFV), Open APIs and Cloud Management show great promise in transforming Organizations IT networks. This transformation raises further questions and challenges for the IT teams.

The Cisco Digital Network Architecture (Cisco DNA) is an open, extensible, software-driven architecture that provides for faster innovation, helping to generate deeper insights, and deliver exceptional experiences across many different applications. Cisco DNA relies on intent-based networking, a revolutionary approach in networking that helps organizations automate, simplify, and secure the network.

The intent-based Cisco DNA network is:

• Informed by Context: Interprets every byte of data that flows across it, resulting in better security, more customized experiences, and faster operations.
• Powered by Intent: Translates your intent into the right network configuration, making it possible to manage and provision multiple devices and things in minutes.
• Driven by Intuition: Continually learns from the massive amounts of data flowing through it and turns that data into actionable insight. Helps you solve issues before they become problems and learn from every incident.

Cisco DNA Center provides a centralized management dashboard across your entire network — the branch, campus, data center, and cloud. Rather than relying on box-by-box management, you can design, provision, and set policy end-to-end from the single Cisco DNA Center interface. This allows you to respond to organizational needs faster and to simplify day-to-day operations. Cisco DNA Analytics and Assurance and Cisco Network Data Platform (NDP) help you get the most from your network by continuously collecting and putting insights into action. Cisco DNA is open, extensible, and programmable at every layer. It integrates Cisco and third-party technology, open APIs, and a developer platform, to support a rich ecosystem of network-enabled applications.

• Filtering out policy-violating files from the Internet, e-mails, and more.
• Detecting and protecting against client-side exploit attempts and exploit attempts aimed at client applications like Java and Flash.
• Recognizing, blocking, and analyzing malicious files.
• Identifying malware patterns and anticipating potentially breached devices.
• Tracking malware’s spread and communications.
• Alleviating threats of reinfection.

• Automate IT workflows and help organizations shorten app deployment from weeks to minutes.
• Open and programmable. Build programmable SDN fabrics leveraging open APIs and over 65 Cisco ACI global partner ecosystems.
• Security and analytics. Secure applications through whitelist model, policy enforcement, and micro-segmentation.
• Workload mobility at scale. Deploy and migrate applications seamlessly across geographies with consistent policy.

• Offers integrated IPS, VPN, and Unified Communications capabilities
• Helps organizations increase capacity and improve performance through high-performance, multi-site, multi-node clustering
• Delivers high availability for high resiliency applications
• Provides collaboration between physical and virtual devices
• Meets the unique needs of both the network and the data center
• Provides context awareness with Cisco TrustSec security group tags and identity-based firewall technology
• Facilitates dynamic routing and site-to-site VPN on a per-context basis