Introduction to Endpoint Security

Check Point endpoint security includes data security, network security, advanced threat prevention, forensics, and remote access VPN solutions. It offers simple and flexible security administration: The entire endpoint security suite can be managed centrally using a single management console.

Managing the Security of Users, Not Just Machines

One user may have multiple computers and some computers may have multiple users. Therefore, the Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. for some Endpoint Security components are enforced for each user, and some are enforced on computers.

Organization-Centric model

You can import users and computers to the Endpoint Security Management Server, which uses your organization's existing hierarchy to provide a graphical tree of endpoints computers. You then define software deployment and security policies centrally for all nodes and entities, making the assignments as global or as granular as you need.

Policy-centric Model

You can predefine security policies before setting up the organization. The Endpoint Security Management ServerClosed A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. interface provides a granular view of all the Endpoint Security policies, grouped by the components they configure.

You create and assign policies to the root node of the organizational tree as a property of each Endpoint Security component. Policies can be deployed one by one or all together. Because different groups, networks, OUs, computers, and users have different security needs, you can configure different components accordingly.

Endpoint Security Client

You can define policies in SmartEndpointClosed A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. for the Endpoint Security client components. The Endpoint Security client is available on Windows and Mac.

These are the Endpoint Security components that are available on Windows:

Component

Description

ComplianceClosed Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.

Allows you to enforce endpoint compliance on multiple checks before users log into the network. You can check that the:

  • appropriate endpoint security components are installed

  • correct OS service pack are installed on the endpoint

  • only approved applications are able to run on the endpoint

  • appropriate anti-malware product and version is running on the endpoint.

Anti-MalwareClosed A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers.

Protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers.

Media Encryption and Media Encryption & Port ProtectionClosed A component on Endpoint Security Windows clients. This component protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). Acronym. MEPP.

Protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on).

Firewall and Application ControlClosed Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.

Defines the topology of the organizational network, separating it into Trusted and Internet domains.

Blocks or allows network traffic based on attributes of network connections.

Controls network access on a per-application basis, letting you restrict application access by zone and direction.

Full Disk EncryptionClosed A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE.

Combines Pre-bootClosed Authentication before the Operating System loads. protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops.

Manages:

  • How a Full Disk Encryption user logs in to the computer

  • How failed logins are handled

  • Password security

  • Access to remote help

Remote Access VPNClosed An encryption tunnel between a Security Gateway and Remote Access clients. Provides secure, seamless access to corporate networks remotely, over IPsec VPN.

Provide secure, seamless access to corporate networks remotely, over IPsec VPNClosed Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access..

Capsule DocsClosed A component on Endpoint Security Windows clients. This component provides security classifications and lets organizations protect and share documents safely with various groups - internal and external.

Provides security classifications and lets organizations protect and share documents safely with various groups - internal and external.

URL FilteringClosed Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.

Lets organizations control access to web sites by category, user or group.

SandBlast Agent Anti-BotClosed Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.

Detects bot-infected machines and blocks bot C&C communication to prevent bot damage. Provides detailed information about the device affected by the bot activity, about the bot process itself, and other relevant information.

SandBlast Agent Anti-Ransomware, Behavioral Guard and Forensics

Prevents ransomware attacks. Monitors files and the registry for suspicious processes and network activity. Analyzes incidents reported by other components.

SandBlast Agent Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX., Emulation and Anti-Exploit

Threat Extraction quickly delivers safe files while the original files are inspected for potential threats.

Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. sends files on the endpoint computer to a sandbox for emulation to detect evasive zero-day attacks.

Centralized Monitoring

The Endpoint Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. provides reports for the whole system as well as individual users and computers.

Centralized Deployment

Deployment in the Endpoint Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. lets you control specific components and Endpoint Security versions installed on the protected end-user computers.