9

ABSOLUTE WITH

STEPS TO
ZERO TRUST
SECURITY

01
ZERO TRUST FOR NETWORKS
Prevent malicious lateral movement with CHECK POINT
SECURITY GATEWAYS
granular network segmentation Set and enforce a unified access
policy for users, devices, applications
and zones across all environments

Source
HR code
app
App
servers
Data CHECK POINT
Finance
app base APPLICATION CONTROL
Limit usage of ~8000 applications,
and features within them

OT

PUBLIC CLOUD PRIVATE CLOUD

IT CHECK POINT
IDENTITY AWARENESS
ENTERPRISE Allow access only to specific users

ZERO TRUST PEOPLE

02
Use context-aware authorization to protect
against identity-thieves

Single Sign On
(SSO) T IT Y Context Inspection
ID EN

01 03 CHECK POINT
• Device Identity IDENTITY AWARENESS
Seamless integration with a broad • Geo-Location Granting access to your data only to
range of third-party identity and CFO
• Time of connection authorized users, and only after their
Multi-Factor Authentication service
identities have been strictly
ID E N TITY CO

providers. • Connection type (VPN, wireless)

authenticated.
NF

Multi Factor
IR M

Authentication
AT
IO

(MFA) Anomaly Detection

N

02 04
• Multiple unsuccessful login attempts
• Unrecognized device
• Unusual time and location
• And more…

ZERO TRUST DEVICES

03
Protect all devices from threats,
and isolate them if compromised SANDBLAST AGENT
& SANDBLAST MOBILE
Protect employees’ mobile devices
and workstations from advanced
attacks, zero-day malware, malicious
app installation, and more.
BLOCKS INFECTED DEVICES
FROM ACCESSING
INFINITY FOR IoT
CORPORATE DATA & ASSETS Automatically discovers and protect
YOUR DATA smart office and building devices,
Industrial Control Systems (ICS)
and medical devices.

NETWORK-BASED THREAT
PREVENTION

• Threat emulation
• Threat extraction
• Anti-virus
• Anti-bot
EMPLOYEES’ INDUSTRIAL MEDICAL SMART BUILDING SMART OFFICE • IPS
ENDPOINTS CONTROL SYSTEMS DEVICES DEVICES DEVICES

ZERO TRUST WORKLOADS

04 TM

Protect your workloads with extended

visibility and adaptable policy SEAMLESS INTEGRATION
With any cloud infrastructure

VM TM

VISIBILITY INTO THE CLOUD

INFRASTRUCTURE
IPS
Identifies misconfigurations
THREAT PREVENTION FOR and security gaps
NORTH & SOUTH TRAFFIC

Containers EAST-WEST Functions

TRAFFIC FULL CONTROL OVER
EAST-WEST TRAFFIC
Enables to define micro-perimeters

ADAPTIVE ACCESS POLICY

Responsive to cloud environmental
changes

05
ZERO TRUST DATA
Classify, protect and encrypt your data,
wherever it is

DATA AT REST DATA IN TRANSIT DATA IN USE

Capsule docs Data encryption (VPN IPSEC/SSL) SAAS

Cloudguard SAAS

Capsule workspace Data loss prevention Data loss prevention

Full disk encryption Content awareness

Removable media encryption Compliance

06
VISIBILITY & ANALYTICS
Quickly detect and mitigate threats
with a single view into security risks

Identify suspicious activity and track trends Real-time visibility into billions of log records

CHECK POINT R80

Investigate events with real time forensic CENTRALIZED SECURITY Follow compliance to corporate policy and data
MANAGEMENT protection regulations

AUTOMATION & ORCHESTRATION

07
Use rich API’s to automate security
tasks and incident response

Asset and workload discovery in cloud-based data Incident response (IR) ticket enrichment
centers (IaaS) and virtualization

CHECK POINT INFINITY OFFERS

RICH API’S USED BY OVER 160
TECHNOLOGY PARTNERS

Dynamic update of objects and policy rules Automation of security operational tasks

Automated incident remidiation

08
THREAT PREVENTION
Protect from known and unknown threats

64 DIFFERENT SECURITY ENGINES

POWERED BY GLOBALLY SHARED
THREAT INTELLIGENCE

Engines for KNOWN threats Engines for UNKNOWN threats

• Intrusion prevention
• CPU-level inspection
• Anti-bot
• Malware DNA
• Anti-virus
• Threat emulation
• URL filtering
• Threat extraction (CDR)
• URL reputation
• Campaign hunting (AI)
• IP reputation
• Context aware detection (AI)
• Domain reputation
• Huntress (AI)
• Anti phishing
• Zero-phishing
• Identity awareness
• Anti-ransomware
• DDoS
Emulates more than 4 Stops 7,000 zero-day Passes 86 billion IOCs • Account takeover
million files per day attacks per day per day • Malware evasion resistance

CENTRALIZED SECURITY MANAGEMENT

09
Efficiently manage Zero Trust security
with a single console and a unified policy

Devices Apps Private Cloud Mobile

Users Content Gateways Public Cloud

UNIFIED POLICY

ABSOLUTE ZERO TRUST SECURITY

WITH CHECK POINT INFINITY
Rebuilding your security infrastructure around a Zero Trust approach
using disparate technologies might lead to complexities and inherent
security gaps. To avoid that, Check Point offers a more practical and
holistic approach to implement Zero Trust, based on single consolidated
cyber-security architecture, Check Point Infinity.

The single consolidated Check Point Infinity security architecture enables

organizations to fully implement all of the Zero Trust principles. Focused
on threat prevention and centrally managed through a centralized security
console, it empowers Zero Trust implementations with unparalleled
security and efficiency.

Learn more about Absolute Zero Trust with Check Point Infinity
Checkpoint.com/solutions/Zero-Trust-Security