CHECK POINT TECHNOLOGY PARTNERSHIPS
OPSEC Alliance
1
OPSEC Alliance
Check Point security products combine network, data and
endpoint protection into a unified security architecture that
simplifies security processes and delivers uncompromised
security for thousands of businesses and organizations of all
sizes including all Fortune 100 companies.
OPSEC (Open Platform for Security) is an open, multi-vendor
security framework with over 350 partners since the inception
of the program in 1997. OPSEC guarantees customers the
broadest choice of best-of-breed integrated applications and
deployment platforms.
The OPSEC Alliance is open to all vendors of security and related
solutions, including Internet and intranet software, server and
internetworking hardware, client/server applications, managed
security services and complementary security applications.
OPSEC Alliance Benefits
The Check Point OPSEC Alliance logo represents your partnership with Check Point as part of the industry’s strongest and
broadest group of Internet security experts.
When you have earned the right to distribute your product with
the OPSEC Certified logo you become eligible to list your product
as an OPSEC Certified solution and join us in marketing the
joint solution.
n Inform
n
n
n
n
the industry that your product is compliant with the
OPSEC framework
Gain access to the largest security channel and customer
install base
Associate your company and product with the standard
for Integrated Internet Security
Gain industry recognition and meet a key requirement of
customers and Check Point Channel Partners
Verified interoperability so that the user can buy OPSEC
Certified products with total confidence in their integration
Sign the OPSEC Agreement
When you join the OPSEC Alliance you receive the following
partner benefits:
n access to the Check Point SecureKnowledge database
n access to download Check Point software
n access to Check Point Products for evaluation
n eligibility for product discounts
All members of the OPSEC Alliance may use the Partner
logo on their website, product collateral, packaging,
and advertising.
Develop and Test the Product
Completion of the initial business analysis and signing the OPSEC
agreement enables further discussions of product design and
discussions with Check Point Engineering. Check Point provides
Test Plans and Integration Guide Templates to assist you in the
development and testing of the joint solution.
OPSEC Certification Testing
Provide Check Point with access to a generally and commercially
available copy of your product for testing in the Check Point labs.
OPSEC Certification Testing validates that the partner product
meets the requirements as outlined in the Test Plans and the
Integration Guide Templates.
OPSEC Certification
A product is not considered OPSEC Certified unless the vendor
has received an approval from Check Point and the product
is listed on the Check Point website with the designation of
OPSEC Certified or Secured by Check Point.
The OPSEC Certified logo may be used for products
whose name, version, and platform have been explicitly
mentioned as certified upon completion of the
certification testing.
OPSEC Certification Process
Contact Check Point
To become a member of the OPSEC Alliance contact us at
www.checkpoint.com/TBD. You will be contacted directly
to discuss your integration plans and how they fit into the
OPSEC Alliance.
2
The Secured by Check Point logo may be used by
platform partners on the systems which have obtained
certification from Check Point.
OSPEC Alliance Integration Paths
There are at least three paths for integrating within the Check
Point security infrastructure; standards-based, creating an
application using the OPSEC SDK and creating a platform with
the Check Point product pre-installed.
1. Standards-based Integrations
RADIUS/TACACS+, 802.1x EAP, SNMP, LDAP, CAPI, PKI, PKCS
#7, #11, #10, #12
The list of standards supported by Check Point continues to
grow as new industry standard proposals gain acceptance in the
market or are ratified. In order to keep up with the many industry
standards or standard protocols that exist today to ensure
multi-vendor product interoperability, Check Point Software is a
standards bearer and an active participant in standards bodies.
2. OPSEC Software Development Kit (SDK)
The OPSEC Software Development Kit (SDK) is the ideal
resource for those who wish to integrate their applications and
network security systems with the industry’s leading enterprise
security solutions. It is available to independent software vendors,
value-added resellers of Check Point software, network integrators and end users. A collection of APIs (Application Programming
Interfaces), standard protocol interface definitions, and a set of
C libraries are provided to enable the development of OPSEC
compliant solutions. These clearly defined interfaces enable
integration with Check Point without delving into the complexity
of the underlying architecture which provides a complete
client/server communications infrastructure. With the OPSEC
SDK, a competent developer can bring an integrated solution to
market in a fraction of the time normally required.
Listed below are the APIs, integration points and possible applications.
Security Enforcement APIs
OPSEC API
Integration Point
Integration Capability
Potential Applications
CVP
Content Vectoring Protocol
Gateway
Firewalls vector file content to a
third party content analysis server
Anti-virus scans and cures of email
attachments and file transfers
UFP
URL Filtering Protocol
Gateway
Firewalls send URLs to a third party
server for categorization
URL Filtering products
SAM
Suspicious Activities Monitoring
Gateway
Instruct firewalls to block connections initiated by potential intruders
Intrusion detection systems
Management APIs
OPSEC API
Integration Point
Integration Capability
Potential Applications
CPMI
Check Point Management Interface
Gateway
Provides secure access to
the Check Point management
object repository
Audit and generate reports or alerts about
changes to the object repository
AMON
Application Monitoring
Gateway
Report status to the Check Point
Management server
Centralize status information of security
devices and applications
Gateway
Remote configuration of the
OPSEC infrastructure
Open to all OPSEC SDK Partners to enable an
end user to register a new OPSEC application
into the Check Point Security Management
Server database during configuration of the
OPSEC application
CPRA
Check Point RemoteAdmin Utility
Reporting and Logging APIs
3
OPSEC API
Integration Point
Integration Capability
Potential Applications
LEA
Log Export API
Gateway
Retrieve real-time and historical
events from Check Point devices
Audit and generate reports or alerts about
changes to the object repository
ELA
Event Logging API
Gateway
Securely send information to the
Check Point Security Management
server
Applications that wish to log a security
event in the Check Point event log
Endpoint APIs
OPSEC API
Integration Point
Integration Capability
Potential Applications
SCV
Security Configuration
Verification API
Desktop
Report the overall security
configuration status
Anti-Virus SCV checks to verify the
version of the virus definition file
SAA
Secure Authentication API
Desktop
Invoke a token or smartcard during
the authentication process
Smartcards and Authentication
Token vendors
Endpoint API and
Command Line Options
Desktop
Configuration and monitoring APIs
Any application or customer who wishes
to customize or hard code the remote
access VPN connection
3. Platforms
Customers can deploy Check Point software on open servers,
Check Point appliances, Check Point Integrated Appliance
Solutions, or dedicated appliance platforms from partners.
The “Secured by Check Point” Appliance program is part of
Check Point’s Open Platform for Security (OPSEC) partner alliance
program. When you select “Secured by Check Point” appliances
you do so with the total confidence that they meet Check Point’s
stringent security, usability and interoperability requirements.
“Secured by Check Point” appliance features include securityrelated capabilities mandated by the program, such as secure
remote administration. The appliances must also pass rigorous
tests in Check Point’s in-house certification laboratory.
n Hardened
n
n
n
n
operating system (OS) that secures the appliance
against OS-related attacks
Encrypted local and remote administration that ensures
communication integrity is maintained
Enforced customer change of defaults passwords on initial
configuration to ensure restricted access
Passing host vulnerability tests against denial of service (DoS)
attacks, port scanners and more
Passing functional and load tests to ensure proper operation
under expected operating conditions
Ease-of-Use Criteria
“Secured by Check Point” appliances must provide demonstrated
ease-of-use to ensure efficient deployment and security management.
Appliances are evaluated for ease-of-use in Check Point’s
in-house certification laboratory.
n Pre-installed
Check Point software for turnkey deployment
that requires only site-specific network configuration
to ensure efficient deployment
Clear documentation included with appliance to ensure you
have useful, out-of-box reference materials
n Installation
n
4
n Simple
n
process to back up, restore and reset factory defaults to
handle unexpected conditions
Online upgrade process of Check Point software so you can
easily update to the latest features
All “Secured by Check Point” appliances are pre-installed with
Check Point software. This means that as an appliance customer you
can take advantage of a rich set of Check Point security innovations,
including Check Point’s market-leading security products.
Frequently Asked Questions
How can I request an evaluation copy of the Check
Point product?
You should be an OPSEC Alliance Partner before you can
get an evaluation copy. Follow the procedures to join the
OPSEC Alliance. Once your application to join the program
has been accepted, evaluation software will be sent to you.
How can I renew an evaluation license?
Please contact your OPSEC Alliance Manager.
What does it cost to join the OPSEC Alliance?
There is no fee associated with joining OPSEC. Simply complete
the on-line Contact Us form and you will be contacted to discuss
your integration plans.
Are there any fees associated with the program?
There is a nominal certification fee, and many of the co-marketing
programs have fees associated with them.
What does Check Point gain from OPSEC?
By opening our architecture to third-party integrations, we’re
able to offer our end-users a true “best-of-breed” solution built
on the most comprehensive security architecture available on the
market today. The OPSEC framework is recognized worldwide
as the standard for interoperability. By continuing to expand our
partnerships, we continue to expand the breadth of interoperable
solutions available to our end-users.
How long does certification take?
Product certification takes place after the partner product
has been integrated into the OPSEC framework and the
met all the certification criteria. Once begun, the certification
process can take from 2 to 3 weeks per product. OPSEC
partners can ensure the most efficient certification process
by submitting only the most thoroughly QA’d product for
certification, completing the submission reports in their
entirety, and following all submission guidelines.
Can we submit our product during our Beta cycle for
OPSEC Certification?
OPSEC Certification can only be granted to shipping versions
of any product. This prevents additional QA and certification
cycles on both sides. If the product has not been released before,
but has been fully QA’ed an exception can be made. Please
contact your Alliance Manager.
What will be the next steps after certification?
When your integrated product is successfully OPSEC Certified,
you are encouraged to issue a press release announcing
the certification.
How do I join the program or get more information?
Contact Us.
5
About Check Point OPSEC®
OPSEC (Open Platform for Security) is the industry’s
open, multi-vendor security framework. With over 350
partners since the inception of the program in 1997,
OPSEC guarantees customers the broadest choice of
best-of-breed integrated applications and deployment
platforms that support Check Point’s Secure Virtual
Network Architecture. Products that carry the OPSEC
Certified seal have been tested to guarantee integration
and interoperability. For complete OPSEC Alliance program
information, including partner and product listings, the
freely available OPSEC SDK (software development kit)
and evaluation versions of OPSEC Certified products,
visit: http://www.opsec.com/contact.html.
Contact Check Point now to discuss
Check Point Technology Partnerships: OPSEC Alliance
www.checkpoint.com/contactus
By phone in the US: 1-800-429-4391 option 5 or
1-650-628-2000
contact
contactcheck
checkpoint
point
Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]
U.S. Headquarters
800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2003–2011 Check Point Software Technologies Ltd. All rights reserved. Check Point, Abra, AlertAdvisor, Application Intelligence, Check Point DLP, Check Point Endpoint Security, Check Point Endpoint Security On Demand, the Check Point logo,
Check Point Full Disk Encryption, Check Point Horizon Manager, Check Point Media Encryption, Check Point NAC, Check Point Network Voyager, Check Point OneCheck, Check Point R70, Check Point Security Gateway, Check Point Update
Service, Check Point WebCheck, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, DefenseNet, DLP-1, DynamicID, Endpoint Connect
VPN Client, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless
Security, Integrity SecureClient, InterSpect, IP Appliances, IPS-1, IPS Software Blade, IPSO, Software Blade, IQ Engine, MailSafe, the More, Better, Simpler Security logo, MultiSpect, NG, NGX, Open Security Extension, OPSEC, OSFirewall,
Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, Secure Virtual Workspace, SecureClient,
SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, SiteManager-1, Smart-1, SmartCenter, SmartCenter
Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, SmartEvent, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning, SmartReporter, SmartUpdate,
SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SmartWorkflow, SMP, SMP On-Demand, SofaWare, Software Blade Architecture, the softwareblades logo, SSL Network Extender, Stateful Clustering,
Total Security, the totalsecurity logo, TrueVector, UserCheck, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Edge, VPN-1 MASS, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1
SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VE, VPN-1 VSX, VSX-1, Web Intelligence, ZoneAlarm, ZoneAlarm Antivirus, ZoneAlarm DataLock, ZoneAlarm Extreme Security, ZoneAlarm
ForceField, ZoneAlarm Free Firewall, ZoneAlarm Pro, ZoneAlarm Internet Security Suite, ZoneAlarm Security Toolbar, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point
Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described
in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, 7,165,076, 7,540,013 and 7,725,737 and may be protected by other U.S. Patents, foreign patents, or pending applications.