HTTPS Inspection
New streamlined and assured approach to deploying HTTPS Inspection.
- Deployment assessment: Enables phased HTTPS Inspection deployment for performance assessment before full-scale activation.
- Full fail-open: Automatically detects client-side HTTPS Inspection failures and adds those clients to an exception list to maintain their HTTPS connectivity.
- Bypass Under Load: Optional HTTPS Inspection bypass in case of a high CPU load.
- Enhanced HTTPS Inspection policy: Enhanced default policy for HTTPS Inspection.
- HTTPS Inspection monitoring: Provides a comprehensive status overview and detailed statistics.
Enhanced Operationalexperience
Introducing new deployment modes for Clustering and VSX.
ElasticXL - new clustering technology:
- Single Management Object (SMO) for delivering simplified configuration of all cluster members.
- Automatic sync of configuration and software packages between all cluster members.
VSNext - new VSX mode:
- Unified management experience between a physical gateway and a Virtual System. This resolves all VSX-specific limitations.
- Improved provisioning experience by supporting Gaia Portal, Gaia Clish, Gaia REST API, and Management API.
Advanced Threat Prevention
Web Security: Support of HTTP/3 over QUIC transport (UDP) for network security, Threat Prevention and Sandboxing.
Zero Phishing automatic mode: Significantly simplifies the configuration process, making the blade activation effortless.
SNORT rules as a Feed: Loading of SNORT rules file as a custom intelligence feed to be enforced as an IPS protection.
Advanced DNS Security:
- DNS statistics are now available in SmartView.
- Configuration granularity for advanced DNS protections.
- Blocks DNS queries to recently created domains.
For more information, refer to the R82 Release Notes
Deep LearningThreat Prevention
Superior Threat Prevention with new AI Deep Learning engines.
-
Prevents 5x more DNS attacks in real-time.
- Uses millions of zero-day IoC to prevent Command & Control connections and block data theft through DNS tunneling.
- Response time to DNS attacks was decreased from hours to minutes.
- Blocks 4x more attacks with patented in-line Zero Phishing (no software is required on the client side).
Security Gateway blocks phishing attacks to prevent theft of credentials in any web browser.
Advanced Security with Cloud Services
- Infinity Services for on-premises Management Servers - increase network security with advanced cloud-based security services.
- IoT Network Security - Discover your IoT assets and enforce zero-trust policies.
- SmartWorkflow - Built-in policy supervision over changes in Security Policies and objects.
- Enforce changes in Access Control automatically without installing policy, using Network Feed objects.
- Integrate with SAML 2.0 Identity Providers to allow secure authentication in SmartConsole and for Remote Access users.
- Get the complete event visibility across all Check Point products for efficient monitoring.
Business DrivenSecurity Performance
- Hyperflow - provides 3x throughput boost for processing large file transfers (elephant flows).
- Maestro Auto-Scaling - dynamically adds and removes Security Group Members based on CPU utilization and traffic.
- Maestro Fastforward - provides ultra-low 1 microsecond latency and 100 Gbps throughput by offloading specific Access Control rules to the Quantum Maestro Orchestrator for hardware acceleration.
- Scalable VPN performance - Security Gateway can process more Remote Access VPN connections at the same time.
For more information, refer to the R81.20 Release Notes
SmartConsole now in your web browser
Web SmartConsole now includes Read/Write capabilities for most commonly used functions. More capabilities to be added over time.
Read SK
Automatic updates for SmartConsole
SmartConsole is now updated automatically! No need to reinstall the client to get the latest fixes.
Logging and Monitoring
Distribute logs between multiple active Log Servers to support higher rate of logs and redundancy of Log Servers.
IPS and Anti-Bot logs now include a MITRE ATT&CK section that details the different techniques for malicious attack attempts.
New APIs and API Enhancements
Faster Management API execution.
REST API commands to simplify the creation of gateways in SmartProvisioning and more.
Access Control
Enhance security with the new Access Control Rulebase settings and defaults.
More Features and Enhancements
Significant Management stability and performance improvements.
IoT support for Multi Domain Management.
Autonomous Threat Prevention Policy
Out of the box, automatically updated policy profiles based on business and IT security needs.
Zero maintenance of policies and protections.
Policy Installation
New acceleration mechanism drastically speeds up the Access Control policy installation time.
Install different policies on multiple Security Gateways in parallel.
New NAT Policy
NAT policy now supports Updatable and Domain objects, Access Roles and Security Zones.
Version Upgrade
Manage upgrade of multiple security gateways and clusters in parallel.
Changes Report
Review the applied changes to Access Control, Threat Prevention policies and common objects and compare revisions.
Query based Objects
Easily represent multiple Data Centers in Security Policy by building query based objects.
Custom Intelligence Feeds
Manage custom intelligence feeds fetched by Security Gateways.
MITRE ATT&CK
A new MITRE ATT&CK view provides the ability to investigate security incidents according to the MITRE defense models, and extract immediate action items based on the mitigation flow.
Azure Active Directory Support in Identity Awareness
Use Azure AD users and groups for authentication and authorization.
Multi Domain Capabilities
Backup and restore a domain, migrate Security Management Server to a domain, migrate a domain to a Security Management Server.
HTTPS Inspection Layer
Manage HTTPS Inspection Policy in a new dedicated layer within SmartConsole and share across multiple policy packages.
IPsec VPN
Manage multiple user defined encryption domains per community.
Manage large scale VPN environment using LSV profiles.
SmartTasks
Automate and customize actions based on predefined Management operation triggers.
Watch on YouTube
Hotfix Installation
Centrally deploy Hotfixes and Jumbo Hotfixes on multiple Security Gateways and Clusters in parallel.
Revert To Revision
Revert to a previous management revision and continue working from that point.
IoT Security Controller
Discover every IoT device in the network and turn its data into actionable security intelligence.
Automatically generate security policy based on customer’s profile, connected devices and IoT network status.
MITRE ATT&CK
Expose advance forensics per SandBlast log focusing on Mitre Att&ck Techniques and Tactics.
More Features ...
CloudGuard Controller enhancements,
Captive Portal integration with SAML 2.0 and third party, Partial Search, and more...
SmartConsole Extensions
Add third-party tools as panels and views inside SmartConsole.
Discuss on CheckMates
CloudGuard IaaS
Use vCenter Tags and
NSX Universal Security Groups
in your security policy.
Since R80.20.M2
Logs & Monitoring
Exporting your logs to Splunk Enterprise Security is now simpler.
Check Point's Splunk Add-On contains new dashboards for Check Point logs and events.
Since R80.20.M2
Threat Prevention Dashboard
New Consolidated threat prevention dashboard providing full threat visibility across Networks, Mobile and Endpoints.
Since R80.20.M2
Watch webinar
Advanced Threat Prevention
Threat Extraction now proactively protects against threats contained in Web downloaded documents.
Threat Prevention logs
Threat Prevention logs contain new fields for forensics.
Multi Tasking
One administrator can publish or discard several SmartConsole sessions, independently of the other sessions.
Since R80.20.M1
Logs & Monitoring
Use improved log viewer with cards, profiles, statistics and filters to analyze events.
Create a secure log exporting channel using just 1 line of configuration.
Since R80.20.M1
Threat Prevention
Configure malicious email policy with Threat Profiles in SmartConsole.
Mark IPS Protections to follow-up on them later.
CloudGuard IaaS (vSEC)
User experience enhancements when monitoring and configuring policies for virtual environments.
New data center objects for: Google Cloud Platform, Cisco ISE and Nuage.
Since R80.20.M1
Schedule Install Policy
Create presets for cross-domain
policy installations.
Run policy installation presets with a single click or schedule to run them automatically.
More Features ...
Endpoint Security Server updates, SmartProvisioning, Compliance, GDPR,
Global VPN Communities, Rule-base performance improvements, and more...
Since R80.20.M1
Unified Policy & Logs
Security policy is enhanced to accept or block traffic according to application & data.
One log entry shows network, application and data information.
Policy Layers
Policies can be segmented into layers, allowing simplicity and delegation.
Unified Threat Policy
IPS and the SandBlast family can be unified as one policy and installed separately from Access Control changes.
Faster Policy Enforcement Model
The new rule matching algorithm, improvements in acceleration templates and new FQDN-based domain objects increase your gateways' performance.
Policy Analysis Tools
Packet-mode search, rule navigation shortcuts and a session pane for change history increase your operational efficiency.
Automation and Tooling
New Management API commands for show-changes, verify-policy and more.
Visit Check Point's Github account for open-source tools based on the R80.10 Management API.
Get the tools from Github
Concurrent Administrators
Several administrators can work together using different sessions.
During a session, all modified objects are being locked.
Automation and API
Objects and rules can be modified using CLI and web service API.
All management operations (e.g. policy installation) are supported.
SmartView
Unified threat management for correlated events based on the Check Point logs.
Customized overviews and reports to show real-time events. Drill-down from a chart to see the actual logs.
Integrated Monitor Views
Highlight a rule to view its logs.
All monitor views are integrated into the console.
Advanced Gateway Management
Detailed monitor view of all gateways in the system. Embedded commands of backup, scripts and more.
Operational Efficiency
Revert to previous policy, object tags, tabbed policy view, exporting to CSV files and more manageability enhancements.