Checkpoint Software-defined Protection (SDP) is a new, pragmatic security architecture and methodology. It offers an infrastructure that is modular, agile and most importantly, SECURE.
Such architecture must protect organizations of all sizes at any location: headquarters, branch offices, roaming through smartphones or mobile devices, or when using cloud environments. Protections should automatically adapt to the threat landscape without the need for security administrators to follow up manually on thousands of advisories and recommendations. These protections must integrate seamlessly into the larger IT environment, and the architecture must provide a defensive posture that collaboratively leverages both internal and external intelligent sources.
The SDP architecture partitions the security infrastructure into three interconnected layers also called as 3-tier architecture
- Enforcement Layer
- Control Layer
- Management Layer
- Enforcement Layer: An Enforcement Layer that is based on physical, virtual and host-based security enforcement points and that segments the network as well as executes the protection logic in high-demand environments.
Segmentation is the cornerstone of security enforcement. It aims to achieve the following:
- Support a simpler and modular security policy on various segments of the network
- Allow for the creation of security architecture templates for different segments
- Enforce containment policies on compromised hosts within a segment
- Define intra-segment interactions that do not require mediation by security controls
- Control Layer: A Control Layer that analyses different sources of threat information and generates protections and policies to be executed by the Enforcement Layer.
Protection categories include threat prevention, access control and data protection. These strategies differ in the underlying knowledge domain from which security policy rules are drawn:
- Threat Prevention draws on an understanding of threats and threat behavior. It is fed by collaborative real-time threat intelligence received from the community.
- Access Control enforces a security policy model of authorized interactions between users and assets in the enterprise, as configured by the Management Layer.
- Data Protection focuses on data classification rather than on behavior and interactions. The Management Layer determines the data flow policies in the organization.
- Management Layer: A Management Layer that orchestrates the infrastructure and brings the highest degree of agility to the entire architecture.
Network complexity and the requirement for granular policy mean that security administrators can no longer keep up with rapidly evolving business processes. The SDP Management Layer addresses this challenge by providing a framework that is:
- Modular – security policy administration follows security segment boundaries and protection types, providing each administrative user with a simple policy subset that provides only the information and authorizations necessary to fulfil assigned roles
- Open – APIs are used to support automation for synchronizing the Control Layer with enterprise systems, reducing administrator workload and ensuring consistency of security policy within the network
- Resilient – enterprise visibility allows the business to “fight through” attacks while maintaining acceptable levels of service by detecting, containing and repelling cyber attacks, as well as supporting follow-up investigation and recovery and collaboration
Reference Link :