The ThreatCloud correlates data from Check Point users with third party sources of intelligence to help correlate potential risks and threats. While the Check Point already provides intelligence feeds to its network security gateway customer the managed security service goes a step above that.
Avi Rembaum, Director of Consulting at Check Point, explained to EnterpriseNetworkingPlanet that the managed service takes the ThreatCloud feeds and then provides monitoring for customers.
“It’s humans, rather than just straight technology,” Rembaum said. “The service contract is between Check Point Managed Security, actual people that work with customers and the contract provides access to that team.”
With the managed service, Check Point has people that are monitoring the event feeds and they provide pro-active guidance back to customers based on that information. That guidance can include suggestions on what an enterprise should do to adjust their protections and settings.
For example, if a given customer is seeing SQL attacks against web servers, an IPS would notice the attacks and trigger the appropriate signatures. The managed services team could then inform the Check Point user of what fine tuning is required on the IPS signatures in order to optimize them.
Rembaum noted that for the managed services piece, there is a portal as well as phone and email support back to customers. The incident response piece is a parallel piece of the human equation for delivering network security.
“If there is an incident, the customer would call into the incident response hotline,” Rembaum said. “Then we work with the customer, to analyze event data and provide recommendation on how to deal with the incident.”
Rembaum explained that for example if there is a malware event, Check Point will help to reverse engineer the item and its payload. If there is a network breach, they will help the enterprise to understand how the breach occurred and then make recommendations regarding controls that should be in place to prevent future