POC Guide

1
Proof of Concept (POC) with NSaaS
This guideline defines a few steps how to execute a NSaaS POC including the
required configurations in the Check Point Infinity Portal. The entire process
for all tasks usually takes between 14 days and 1 month. Onboarding a
customer and investigating the logs can be done within 1 hour.

POC- Definition Task Described at

Step page

1 Architecture Definition/ Understand the 4

Whiteboarding customer’s
environment and build
an architecture for
efficient security
protection
2 Pitching NSaaS Be able to Pitch NSaaS 5
and understand the
Key Values for NSaaS
3 Create Account in Demo NSaaS and 12
NSaaS Create Account for
Customer
4 Login/Introduction to Login to the Portal and 14
the Portal show first functions to
the customer
5 Create a Site Create the first 15
customer’s site based
on the information
gathered in Step 1
6 Configuration of Create Security 18
Security Policies Policies based on the
customer’s
requirements and the
required Security Level
7 Configuration of Branch Add the Branch Edge 21
Edge Devices Device to NSaaS and
service-chain the
traffic from the Branch
Office to NSaaS for
inspection
8 Traffic Test / Integration Verify if the Branch 22
Test Office traffic is
successfully sent
through NSaaS and
therefore protected
against threats
9 Security Check Up Run various tests to 23
underline the

2
 importance of Security
for a SD-WAN based
environment

3
POC Definition Task Described at
Steps Page
10 Reporting Work together with the 24
customer and explain
the outcome of the
POC based on Reports
and Views in NSaaS.
Explain why Security
Matters based on Real
Life Examples from the
customer’s
environment. Explain
the Value proposition
based on the
customer’s
lab/environment.
11 Finalize Security Work together with 28
Architecture (if needed) Sales and other
departments in Check
Point in case of there
are site-opportunities
based on the
Architectural
Discussion with the
customer
12 Handover to Sales Handover the result of 28
the POC to Sales to
finalize the
commercial offering
13 Important SKs List of Important SKs 30
to run the Proof-of-
Concept

4
 1. Architecture Definition / Whiteboarding

The first step of a POC is to engage with the customer and identify how the
new branch office / datacenter strategy looks like. In many cases customers
can provide some details about their plans and elaborate information about:

- Number of Branch Offices

- Location of Branch Offices
- Numbers of Users in each Branch Office
- Expected Bandwidth per Branch Office
- Expected Services (Outgoing Traffic Only, Inbound Traffic – if yes; why
and what type)
- If the customer already defined a SD-WAN solution: which one will be
used;
Alternatively: Which routers are in place and do these support
GRE/IPSec

The more details the customer can provide about his architecture, the better
we can provide a security architecture for this infrastructure. In many cases
NSaaS can already solve most of the customers’ requirements; in some cases,
combined solutions (for example running Check Point VNF on top of SD-WAN
device) might be considered. Usually the following principles can be
considered:

Internet Destinations: NSaaS

Inbound Internet Access, for example hosted Web- Services in Branch Office
or VPN to branch:
NSaaS + or only VNF /physical Check Point Gateway to protect inbound traffic

If possible and the project scope allows, it’s recommended to prove a simple
network drawing (for example with Visio) to the customer after the
Whiteboarding session and explain how these different branches can be
protected.

The numbers defined in the Architecture Definition/ Whiteboarding are also

subject to NSaaS licensing as this is based either on number of protected
users or Bandwidth.

5
 2. Pitching NSaaS
2.1 Introduction
2017 was a global wake-up call to get serious about addressing the cyber
threat landscape. Unprecedented levels of cyber-attacks played out as large-
scale, multi-vector mega attacks that inflicted major damage on business and
reputation. As a result, we find ourselves in the midst of the fifth generation
of cyber-attacks. To remain operationally secure now, businesses require a
new generation of cyber security: Gen V.

In Q1 2018, Check Point surveyed 443 security professionals around the world
about their security infrastructures. The results showed that most security
infrastructures are generationally and dangerously behind the level of attacks
they must protect against. This state of affairs is urgent and startling.

Today, many organizations and enterprises are re-designing their Datacenter

and Branch Offices according to new requirements of today: Adoption of
Cloud Services, more capacity and traffic volume and finally cost savings.
Typically, end-users in an organization or enterprise cannot differentiate any
more if they use a service which is hosted in the cloud or provided by the
enterprise in a Datacenter. Network Borders do exist physically, but the need
of scalable applications merges public cloud services and private cloud
services more and more together into hybrid cloud scenarios. The Network
Border therefore moves from traditional physical borders in an organization
even into the public cloud and beyond.

More than before, Branch Offices require fast internet connections to apply all
these requirements and local internet breakouts become a de-facto standard.

All these significant changes have massive impact for organization’s as IT-
Security cannot be delivered in the same way as before. Hardware Firewalls
at the physical network border alone can’t resolve these challenges anymore.
The security level of these solutions will protect the datacenter but can’t
protect hybrid cloud scenarios nor any local breakout of local branch offices.
The same time security attacks move into new areas such as GEN-V; attacks
become more sophisticated, more targeted – using Zero Day based Threads
where Signature based Security can’t provide efficient security levels
anymore.

Enterprises and Organizations need way more flexibility when building new
datacenter and branch office designs and the same time security attack
vectors become more invisible and targeted. This is one of the biggest
challenges for customers and prevents organizations from consuming new
technologies from the Cloud. The same time this becomes critical as only
cloud services provide the same level of agility for the business of enterprises
and organsations.

Enterprises and Organizations need security solutions which can protect the
entire ecosystem and not just single points in the infrastructure. A security

6
solution needs to be able to integrate into modern datacenter and branch
office architectures without adding vendor locks and without preventing the
organization to grow. Security Solutions need to be integrated into hybrid
datacenters with the ability to provide prevention and visibility in terms of
attack analytics and Security Operation Center based reporting over all
physical network borders. Only that level of Security Control can finally stop
modern and sophisticated attacks in the new area of datacenters and branch
offices.

Check Point delivers this level of Integration and provides the highest
standards in terms of Security by introducing:

2.2 Infinity

Real Time Prevention – not just detection

Infinity is a unified threat intelligence platform that delivers real time

prevention of both known and unknown threats

- Prevention with the industry’s best malware catch rate

- Prevention with the fastest response to new vulnerabilities
- Prevention with more than 30 cutting edge innovative technologies to
proactively block cyber-attacks before they cause damage

Infinity is also a consolidated Architecture

- Architecture that simultaneously protects networks, clouds, Endpoints,

mobile and IoT with consistent and unmatched security
- Architecture with the industry’s gold standard Security Management,
feature rich integration with 3rd party capabilities through flexible APIs
for elevated security automation and orchestration
- Architecture, that allows to consolidate and reduce the number of point
solutions in a network, enabling streamlined and efficient security
operations at reduced costs

At Check Point, we provide GEN-V cyber security to prevent any threat,

anytime and anywhere.

7
8
2.3 Check Point’s SD-WAN and Branch Office Strategy
As Organizations and Enterprises develop new Datacenter and Branch Office
networks the need to implement a Cyber Security strategy plays a critical role
in such a process. Check Point delivers Security Solutions since the early
years of the Internet and provides with Infinity a full 360 degrees solution for
all use-cases in enterprise and organizational networks.

Our focus is to integrate with vendors in the SDN, SD-WAN and NFV space in
order to provide a secure network environment for our customers; regardless
what vendor has been chosen for the connectivity part. Connectivity and
Routing are important functions in a network which merge together with SDN
and SD-WAN solutions. Technology Partners from Check Point such as VMware
or Cisco developed products which combine the Software Defined Networking
in the Datacenter with features which are needed to connect Branch Offices in
the SD-WAN space.

Check Point delivers solutions for the following use-cases:

#1 : Branch Edge Virtual Gateway

This use case is relevant for customers who have small uCPE devices in their
branch office and manage inbound and outbound internet traffic. Inbound
traffic to the branch office can be described as hosted service in the branch,
for example web Servers. In that case Check Point delivers a small virtual
security Gateway which is running on top of the uCPE / SD-WAN device which
enables you to secure Servers which are published to the Internet.

This use-case is not part of this POC guide

#2 Network Security as a Service

Network Security as a Service is a Cloud Service offered by Check Point, also

known as Secure Web Gateway. In that case the branch office device (either a
router, uCPE device or SD-WAN device) tunnels outgoing Internet traffic via

9
Check Points service. Usually that use-case is defined in branch offices with
traffic to Internet Destinations.

This use-case is handled by this POC guide

10
#3 MSSP hosted NFV Cloud Service

This use case covers enterprises, which are secured by a solution offered
from a Telco or a MSSP. In that case the MSSP or the Telco provides an
already configured uCPE or SD-WAN device. All configuration in that case is
handled by the MSSP. The MSSP runs Check Point as Virtual Network Function
in the MSSP datacenter. Traffic from or to the branch office is service chained
via the Telco/MSSPs network where the security will be applied automatically.

This use-case is not part of this POC guide

The differentiation between these different cases is important and play a

critical role in a Branch Office datacenter concept. In many cases customers
are looking for hybrid solutions, for example combining the use-case #1 and
use-case #2 depending on size or function of branch offices.

11
2.4 Check Point Network Security as a Service
Basic Description

Check Point NSaaS (Network Security as a Service) is a cloud-based Security

Service fully operated and maintained by Check Point. It covers the
aforementioned use-case #2 and is designed to secure outgoing internet
traffic only. Check Point NSaaS runs in Public Cloud datacenters. The main
differentiation between NSaaS and Capsule Cloud is flexibility in terms of
integrating new technologies and adding new functions on a need’s basis.

Check Point NSaaS also provides a rest-full API which can be integrated in 3 rd
party devices to easy the deployment process of new branch Offices. Check
Point NSaaS will be continually developed and new feature will be added
according to customer requirements.

Architecture of NSaaS

NSaaS Architecture is based on Check Point R80 with multi-tenant

microservices and cloud-native data storage and is running in Public Cloud
datacenters. At time of creating this document NSaaS is available in 15
different public Cloud zones. Check Point is constantly working to extend the
number of POPs in regions and also works very closely with customers in
order to define new POPs based on customer’s requests.

12
In NSaaS multiple accounts can be created. Each account can provide
administrative access to a certain number of administrators. Every account
consists of sites. These sites represent a connection to a branch office. As
soon as a site has been created, NSaaS automatically adds this site to 2
availability zones for High Availability reasons. Once created, devices can
route outgoing internet traffic via GRE or IPSec to NSaaS.

NSaaS automatically scales up and down according to different parameters.

All services in NSaaS are provided and operated/maintained by Check Point.
There is no need for customers to do updates, upgrades or anything which is
related to the backend system. The system is ready to use, and new sites can
be created within a few minutes.

Important: Branch devices need to setup 2 GRE/IPsec tunnels for NSaaS as its
running in 2 different availability zones. Depending on the branch device the
traffic can then be service chained to these NSaaS GRE/IPsec connections.

13
The way how traffic is sent to these 2 availability zones is to be configured at
the branch office device Level.

Check Point provides up to date configuration articles how to configure 3 rd

party devices in Check Point Infinity Portal. These instructions are available in
the site configuration. Other documents are available on a request basis.

Depending on the service model, either the customer or the MSSP is the
owner of the policy definition. Check Point, at no time, has access to the
security policy of a customer or an MSSP even we run the Service for our
customers.

14
2.5 How to be successful with NSaaS
Positioning in the Market

Check Point’s Key Value is related to Infinity. In the past customers needed
many different security solutions for different attack vectors and points in the
infrastructure; with Check Point Customers can benefit from a single security
solution which covers them all.

Especially Branch Office strategies usually are based on different use-cases,

customers are looking for solutions for small branches with less or limited IT
personal and equipment and they are also looking for solutions to secure
medium to large branch Offices. This is exactly where Check Point NSaaS can
be positioned. With Check Point, customers can serve all these different use-
cases and don’t need to consider point solutions for different branch offices
sizes. Furthermore, Check Point integrates with different leading vendors on
the market which enables organizations to create effective security policies
over network borders.

Instead of developing a Check Point owned SD-WAN solution, Check Point

corporates with technology partners such as VMware, Silverpeak and Cisco
and focusses on the delivery of effective GEN-V security. Other security
vendors who develop their own “SD-WAN” solutions compete mid- and long
term with leading organization’s in the network and virtualization space while
Check Point works together with all these organizations. Check Point products
therefore add additional security level instead of replacing or competing with
Routing, Network or Virtualization solutions.

Only a very few vendors in the industry can deliver this level of integration.
Check Point is therefore well positioned in the competitive landscape. Most
important part of any Demo or POC is to deliver the high-level value of Check
Point and not just the feature set of a single solution.

Check Point SmartCenter today can (for example) manage physical

appliances, virtual security gateways, hybrid solutions in the public cloud
and/or SD-WAN as well as NSaaS. That enables customers to have a single
security management and a single point of event analytics instead of dealing
with many different consoles and distributed security events at every single
point in the infrastructure.

The positioning of NSaaS therefore goes in one line with Infinity to provide the
best Security Protection for our customers which is based on real time
prevention.

15
 3. Create Account in Check Point’s Infinity Portal
Once the architecture definition has been complete and its clear what solution
is about to recommended to the customer – a new Account for the POC/ the
customer has to be created in
https://portal.checkpoint.com/register/cloudguardnsaas .

Please open a Web-Browser Session to that portal and click on the Register
button:

Follow the instructions to complete the account setup:

16
Please verify the customer receives and automated email from the portal
about the account creating process. In future there might be the need to
confirm the account creating process; so please doublecheck the inbox and
read instructions carefully.

Please keep in mind that demo accounts don’t need to be activated by Check
Point anymore, but are subject to expire after 10 days unless we are asked to
extend that Demo time.
Kindly get in touch with the overlay team and ask for support; if needed.
Also please prepare the information gathered in #1 of this Proof of Concept –
these are needed to qualify the project and to provide you the most valuable
information’s.

Before continuing with Step 3, you need to prepare the POC environment-
especially the Router or the SD-WAN device which needs to be connected to
NSaaS. Everything in the lab should be up and running; if there are multiple
WAN links, they need to be setup first. Most important is that the router or the
SD-WAN device supports GRE or IPSec tunneling.
Please also note the public IP Address of the device as that is needed to
register the site in NSaaS.

17
 4. Login to Infinity Portal
Check Point has re-imagined its security management to protect the new
threat landscape.
For new customers, Infinity Portal is the best way to experience Check Point
for the first time - simply create an account and start exploring.

Configure Quickly.

A new account is ready within minutes, no client or server installation is

required.
Protecting your security assets is simple.

Scale Infinitely.
Your time matters. Focus on defining your security, and let the cloud handle
the capacity.

Partner-Friendly.
Manage all of your customers' security assets from one place (coming soon).

Feature Specifications

Security for Cloud Applications

Prevent identity theft and prevent phishing emails for your SaaS applications
such as
Office 365, SalesForce and G-Suite.

Security for Branch Offices and SD-WAN

Get full threat prevention and access control for your branch offices without
any local hardware or software. Your network is secured within minutes!

Security for Endpoints

Preventing ransomware and avoiding exploits no longer requires a
management server.

Security for your Online Presence (with ThreatGuard)

Get an overview of domains that impersonate your brand and take them
down.
Your on-premises or virtual gateways (coming soon)

Management as a Service is now in Early Availability –

prepare for the future of security management.

18
After the account has been confirmed please login to the Infinity Portal and
make sure you are connected to the NSaaS space.

If NSaaS is not selected by default, please switch to Network Security as a

Service.

19
 5. Creating first Site
Navigate to the Sites Section and Click on the “+” to add a new site.
The new Site Wizard will appear automatically.

Provide the information according to the Wizard. Most important at this stage
is the location of the Cloud Service. As already mentioned, NSaaS typically
runs in public Cloud - select a Site which is near to the Branch Office or the
POC environment to make sure you get the best latencies.

In case of the customer expects Sites in different locations, please collect

some details and inform the overlay team / the NSaaS team about that
request.

After selecting “Next” in the Wizard you are asked to provide details about
the Branch Office Connection. You can select between GRE and IPSec as
tunneling protocols. The decision which protocol to choose typically depends
on the Router/SD-WAN branch office device. In case of the device supports
both tunneling protocols this decision can be made on the customer’s choice.

20
The Shared Secret can be defined manually or automatic depending on the
customer’s choice.
After defining these parameters, you can click on “Next” and continue the
Wizard.
In the next step you need to define the local IPv4 Networks which are
protected by this NSaaS Site- these are the local Networks in the Branch
Office.

If there are more than one subnet per Branch you need to define every
subnet which is connected/routed to the NSaaS environment.

After this has been configured you can click next and finish the Site Wizard.

21
The Site Creation will start automatically; Setup of the first site initial site in a
region takes up to 20 Minutes. Every next site in the same region will be
created within a few seconds then.

Every site consists of 2 Availability zones. These availability Zones are

created in the background. There is no need of manual interaction to start
this process.

22
After finishing the wizard, the site will automatically appear in the dashboard.
There are 3 different status views after a site has been created.

#1 Site Creation in Process:

This can take, as aforementioned, up to 20 minutes – depending if this is the

first site in the region or a site which has been added to an already existing
region.

#2 Site has been created, but no traffic from Branch Office device received
yet:

#3 Site has been created and already processed traffic: (Example Screenshot
from existing Site)

23
 6. Configuring the Security Policies
Policies for NSaaS are configured in the Policy Section of the Web-UI. The
configuration is divided into 3 categories – Access Control, Threat Prevention
and HTTPS Inspection.

Access Control Policies define the rules for Outbound Internet Access. According
to the customers’ requirements you can define rules and definitions how Internet
Access should be granted. The default access control policy already prevents all
apps in high risk, apps with explicit content, and peer to peer, and allows all
other websites.

The following is an example how that can be defined:

Please keep in mind that these Access Rules only apply for traffic to Internet
destinations. Furthermore, Branch-to-Branch Traffic cannot be regulated in
NSaaS yet. This is planned for the future and not yet part of NSaaS. Finally,
customers can use Check Point’s Smart Center to manage these Security
Policies in Q3/2019. Policy definitions can be done by using

- Categories/Applications
- Custom URLs
- Services & Networks
- My Destinations

Important: The Definition of Access Rules does not handle Threat Prevention
Policies. These Policies are configured in the Threat Prevention Section.

24
The Tab Threat Prevention shows the definition of modern, Threat Prevention
Policies. By today, these policies are defined by Check Point according to best
practices and cannot be changed.

As most of Internet Traffic by today is encrypted HTTPS traffic, handling

HTTPS inspection is critical to identify modern and sophisticated attacks.
Check Point offers different methods to handle HTTPS based content. The
configuration can be done based on customer’s requirements. Nevertheless,
Check Point recommends Full Inspection as this provides the highest level of
Security. The following table shows the main differences between Basic
Inspection and Full Inspection and compares that to the Security Features
which can be achieved with these.

Basic Inspection covers simple Domain name and SSL Certificate Verification
while Full Inspection terminates the HTTPS connection at NSaaS and opens a
new HTTPS connection to the destination Site. By doing that, Check Point
NSaaS can fully decrypt the traffic and identify malicious content and threats.
Customers can upload their own certificate for that process.

25
26
In case of Data Privacy reasons or other concerns, Exceptions can be added
to the HTTPS inspection. The definition is based on URL categories and
therefore can be selected by the customer. Frequently used categories are
(for example)

Software Updates, Health, Government and Financial Services.

Important: All Policy Changes in these sections need to be installed. After

changing the policies to the required changed please make sure you start this
process by executing “Install Policy Button” on the Central Page for Policy
Management.

27
 7. Configuration of the Branch Edge Device
The configuration of the EDGE Device in the Branch Office is one of the last
parts in implementing Network Security as a Service in a POC environment.
Nevertheless, it is recommended to prepare the Edge Device early and start
this process as early as possible – to ensure that we can focus on preventing
attacks during the POC. Check Point provides a various number of instructions
how to configure 3rd Party devices. You can find instructions embedded in the
Infinity Portal right away in the Site Section for each site.

After a site has been configured these instructions can be accessed by

clicking on the “View Instructions” Link at the site level:

Instructions can be either Generic – for any 3 rd party device of the customer’s
choice which supports GRE or IPSec tunneling; or specific for a certain
platform. If you choose a specific platform you can simply follow the
instructions step-by-step to add NSaaS to the Branch Edge Device.

We are continuously updating instructions to integrate with 3 rd party vendors.

Therefore, the list of available vendors will change from time to time.
Important: This list does not exclude other 3 rd party devices from being
supported. This list is just a list of instructions for the most popular edge
devices of vendors we are working with.

Keep in mind that every single NSaaS site provides 2 availability zones by
default. The instructions contain the setup of both GRE/IPSec tunnels. Please
28
make sure you always connect to these 2 Availability Zones for High –
Availability reasons.

29
 8. Traffic Test
Once 3rd Party devices have been connected to NSaaS, traffic needs to be
generated and send through NSaaS. This can be done with any kind of traffic,
but Web Browsing is obviously the easiest way to do that. Open a Web
Browser in the Branch Office and connect to the Internet. You can also verify
the IP address used for Web-Browsing. Platforms such as
www.whatismyip.com will display an amazon-based IP address from an AWS
datacenter in case of the NSaaS integration was successful.

Example from www.whatismyip.com, where you can see the AWS IP details:

30
 9. Security Check-Up
The most value of integrating NSaaS is of course the improvement of the
security level. For that reason and especially in POCs, it makes sense to
highlight that security improvement and show the value to customers. As
NSaaS is for outbound internet access only, you can simply browse some
websites which simulate attacks.

You can also use one of these examples to show / verify the Security
Configuration:

Warning: Documents or emails containing the links from that web page might
get blocked or quarantined by Check Point security products. Therefore we
had to publish the links in our corporate wiki page.

https://wiki.checkpoint.com/confluence/display/SALESENAB/
Security+Check+Up+for+NSaaS

31
 10. Reporting
SD-WAN devices nor routers don’t provide Security Event analytics or Security
Event information’s. Check Point NSaaS provides that as part of the entire
solution. To ensure a high security level it’s critical to prevent threats but it’s
also very important to show the security effectiveness to the respective
teams in an organization. This is especially important after implementing
NSaaS into a branch for some time – as the customer is able to understand
the security effectiveness of the system. This is comparable to Check Point
Security Checkups and provide the same value proposition as such.

Other than that Security Operation Centers (SOC) need to access log files and
event statistics in order to isolate infected computers or sites.

For that reason, it’s important that in every POC both customer as well as
Check Point or partner Security Engineers take some time to browse through
the Reporting Section and clearly talk about the Security Risks, Check Point
NSaaS has been prevented.

To access these logs, open the Infinity Portal and navigate to the “Logs”
Section.
Here you can find 4 pre-defined sections:

- Cyber Attack View

- Access Control
- Security Report
- Logs

10.1 Cyber Attack View

The Cyber Attack View focus on the security part of NSaaS and therefore are
important to mention at a POC review or at any last stage of the Proof of
Concept. The Cyber Attack View helps to understand the most critical
information about infected hosts and types of attacks.

Screenshot from the Cyber Attack View

32
33
10.2 Access Control

The access control tab contains information about traffic statistics, allowed
and block sources and provides activity timelines. Of course, you can apply
filters and use the same google-style search function as in the logs.
Nevertheless, the focus on this report is on the connectivity part.

34
10.3 Security Report

The Security Report is comparable to the Security Report of a Security

CheckUp. While it makes sense to browse through both views/reports
together with the customer; the Security Report can be printed and handed
over to the customer – for example to the CISO – to show the value of Check
Point NSaaS. Especially after a POC the Security Report will clearly show the
value of implementing a secure SD-WAN services based on Check Point
NSaaS instead of just implementing a pure connectivity solution.

Security Reports can be automatically scheduled every week, for example on

Sundays. These reports are sent via E-Mail. These settings can be configured
at Settings -> Reports and Logs. Furthermore, Security Reports can be also
exported into the PDF file format.

35
10.4 Logs

The easiest way to show traffic and to highlight some details is to access logs.
Here you can find traffic logs but also security related Logs. You can apply
filters in order to only see the logs which are needed for the specific scenario.

The search in the Logs can be done google style and is based on the R80 log
search function in Check Point SmartCenter. More details about the Syntax of
the Google Based- Search Style
can be found at this Link. The structure of the Google Search is identical with
Google Based Searches in Check Point R80 SmartCenter:

https://sc1.checkpoint.com/documents/R80.30/SmartConsole_OLH/EN/
html_frameset.htm?topic=zfFmGvPiAIUaJhQr-pxhDQ2

36
 11. Finalize Security Architecture
As already mentioned in the first stages of this document, there might be a
need to implement
not just at the branch office but also at the Datacenter level to finally protect
the customer’s infrastructure. Check Point provides security for the branch
and also for the data center, with a consolidated management using Smart
Console. NSaaS delivers Security for internet destinations and therefore adds
a high level of security to Branch Offices, which had no / or inefficient security
protection before. Nevertheless, there are use-cases where inbound traffic
needs to be considered or where more Security Functions are needed in order
to secure the customers environment.

The stage after implementing a POC with NSaaS is a good time to consider
these different use-cases and build a strategy together with other
departments in Check Point, with Sales and with the customer on how to
secure these use-cases.

12. Handover to Sales

Once the POC is complete and all technical work is done the project including
all material can be handed over to sales to finalize the commercial offering.
Every NSaaS POC has many similarities with Check Point Security Checkup’s
and therefore is also a valuable Sales tool.

37
Important SKs
sk154712 how to submit a support ticket for Network Security as a Service
sk155574 Network Security as a Service – What’s New?
sk154812 Network Security as a Service – Help & Support

38