Transcription
CHECK POINT ENTERPRISESECURIT Y FRAMEWORK(CESF)A Process-Driven Approach toBuilding Enterprise Security Architecture
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 2AbstractThis Check Point paper outlines a new process-oriented approachto developing enterprise security architecture. It draws fromboth well-known open frameworks as well as Check Point’s richexperience in architectural design and development.In this paper, we provide you with an overview that includes anarchitectural process, framework, and methodology. This is not,however, a “how-to” guide. By the time you reach the paper’sconclusion, you should have a firm grasp of the variouscomponents of the Check Point Enterprise Security Framework(CESF), and how they form the foundation for your next enterprisearchitecture.AudienceArchitects, engineers, and designers engaged in securityarchitecture will benefit from this paper. As a prerequisite, youshould be well versed in network and security design concepts andgeneric security architectural concepts and frameworks.
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 3TABLE OF CONTENTS1 Introduction. 42 Open Frameworks. 7o TrusTrustt. 93 Zero4 The Enterpise Security Framework. 115 Using the CESF Process . 146 Review and Architecture Phase. 157 The Workshop. 168 The Review Layer. 199 The Architecture Layer. 2310 Design and Build Phase . . 2611 The Design Layer . 2712 The Build Layer . 3213 The Implementation Layer. 3914 Service Management . 4315 The Service Management Layer . 4316 Summary and Conclusion. 44
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 41 IntroductionCheck Point has always believed in extending proper, correct, and impartial security advice to our customers, and thevalue in being trusted as security architectural advisors.Our commitment to security architecture has resulted in Check Point supportingdedicated teams of security architects focused on advancing our clients’ securityposture. We designed this consultancy approach to deliver security based on realbusiness requirements, and not just commercial motives.Check Point has developed this approach into a complete architectural methodologyand process framework. With great pride, we’re excited to introduce this to a wideraudience as the Check Point Enterprise Security Framework - CESF.We know that organizations see value in a structured approach to securityarchitecture, which is why Check Point developed the CESF process. This framework allows any enterprise securityteam to develop a secure architecture using a formulated, accountable, and comprehensive process.WHY IS SECURIT Y ARCHITECTURE NECESSARY?Before we explain how and why Check Point developed an enterprise security framework, let’s discuss briefly, why it’simportant to understand the role of security architecture within an enterprise. Here are several reasons why you needsecurity architecture: Building security without a carefully considered plan is at best complicated, and at worst can lead to a compromisedsecurity posture and increase your costs. CISOs need a way to communicate cyber risk to an organization’s management team:— Does the current security posture align with common security standards?— Do the existing security controls complement the business needs?— Does the existing security infrastructure address all the business risks?— How to reduce TCO and operational efforts while enhancing the level of security?— How to implement new security innovations to support the wider business? Measuring the success of security spend is vital. Good security architecture adds structure to spending decisionsand improves accountability. Check Point believes that security architecture should have a clear and concise methodology.CHECK POINT ENTERPRISE SECURIT Y FRAMEWORK (CESF)Check Point developed CESF as a customer-centric security framework to help our customers explain, develop,mature their security posture and align with security best practices. Through our process, architects are able toaccurately capture and record business requirements and convert these into tangible Check Point solutions andadvanced security solutions.The CESF mission statement is to: Meet our customers’ requirements for a structured and systematic approach to design, architecture, and digitaltransformation that results in a tangible implementable solutions.
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 5 Respond to the challenges of transformation by reducing costs through careful design. Be a methodology that delivers digital transformation; from concept to the completion of real-world securitysolutionsThe info-graphic below show the end-to-end process.WHAT CESF MEANS FOR OUR CUSTOMERSSome key benefits include: Accountability: Using CESF ensures security spend is accountable and can be traced back to a business requirement. Strategic: The CESF helps define near, medium, and long-term goals, reducing technology overlap and unnecessaryspend. Having a view of a long-term strategy reduces the need for point solutions and helps build a strong, complete,security ecosystem. Complete: The outcome of using the CESF is a security architecture roadmap and reference architecture, onedesigned to support the client’s business while maturing the overall security posture. Justified: The CESF delivers a bespoke detailed design blueprint that enables clients to build a complete securityecosystem. Solutions and spend can be justified against measurable requirements. Solutions and spend can also bejustified to the board. Independent: Because it is built and based on open standards, clients have full visibility of the decision makingprocess and how the architectural solution was developed. Professional: A collaborative approach to developing security architecture brings Check Point and client architectsinto a closer working relationship.CESF AS A PROCESSWe can explain the CESF process as a logical methodology that consists of a collection of phases. Each phase has aspecific function and output. The combination of these phases allows us to deliver security architecture in a mannerthat is accountable, and fully documented. Expressing the CESF as series of linked phases helps simplify theprocess and means we can use different resources at different points of engagement.
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 6The phases are: Review and Architecture: This phase of the process is for business and architecture reviews as part of a CESFworkshop. This phase is for data-capture, business modelling and risk assessments. Design and Build: This phase is for CESF architects to develop a response to the requirements and to buildcustomized logical design blueprints and recommendations. Implementation: This phase is for professional services, partners, etc. to add low-level design details and deliverstatement-of-works for real-world solutions. Service Management: This phase is for continuous development and improvement of the security posture.CESF FUNDAMENTALSBefore we look into the CESF process, it is important to understand the key components and drivers that haveinfluenced its development; namely SABSA (Sherwood Applied Business Security Architecture) and Zero Trust.SABSA is widely used outside of network or cyber security requirements to develop business-driven solutions and ZeroTrust has become a mainstay of enterprise architecture. Both of these open frameworks are widely used and respectedby the security industry for their approach and relevance. They are by their nature, both broad and, relevant to alldisciplines of security.Check Point's deep understanding these subjects has influenced and shaped the development of the CESF process: The CESF process has re-interpreted and reformatted these two key influences so that the CESF process isfocused on delivering a holistic network and cyber security architecture relevant to our clients. The Check Point CESF process combines the best parts of these existing open frameworks with our world-classunderstanding of security, its design, implementation, development, and support. The CESF process is designed to deliver realistic, real-word security architecture and must result in blueprintsand recommendations that are actionable and achievable. Figure 2: The key influences
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 72 FrameworksOVERVIEWLet us look in more details at the SABSA open framework Check Point has used to develop CESF. SABSA is one of themost widely recognized security architectural methodologies. Its framework allows security architects to developa business requirement into a security design, and then to manage implementation in a controlled manner whilemaintaining a business-driven focus. Every security solution is based on, and linked to, a business requirement. The keytools in delivering security architecture through SABSA are the use of the SABSA framework and SABSA views.The SABSA methodology is to analyze the business requirements at the outset, and create a chain of traceabilitythrough to logical design and implementation. The main features of SABSA are the “views” and “layers” components ofthe SABSA framework. In the next section we will look at how these are used and their importance.VIEWSThe first component of the SABSA process that we will look at is the SABSA “view” concept, which describes howthe framework engages with different stakeholders as we move through the process of security architecture. Theend-to-end process of building security needs to account for allSABSA ViewDescriptionBusiness ViewContextual ArchitectureArchitect's ViewConceptual ArchitectureDesigner's ViewLogical ArchitectureBuilder's ViewPhysical ArchitectureTradeperson's ViewComponent ArchitectureService Manager's ViewPhysical Architecturepoints’ of view. Each layer of the process is relevant to someone’spoint of view.The table to the right shows the various layers of the SABSAdesign methodology and the “views” that are attributed toeach layer.For example, the "Designer’s View" is concerned with logicalarchitecture, and the "Service Manager’s View" is concerned withthe operational architecture.Figure 3. SABSA views1LAYERSThe SABSA framework is a top-down process thatmoves through a number of "layers". Each layer hasa specific purpose and has a specific “view” as seenabove. When combined, they make up the entireSABSA process. Each “layer” has a specific job inthe overall process and is a pre-requisite for thesubsequent layers. Each “layer” represents a specificset of processes designed to elicit the data neededto complete the layer’s objective. Each layer plays afundamental part in the overall design process.In the table to the right, we have listed the variouslayers and their function in the overall process.SABSA ViewSABSA LayerDescriptionBusiness ViewContextualIdentify business risks anddrivers and review architectureArchitect's ViewConceptDefine security objectivesDesigner's ViewLogicalThe security services thatwill be requiredBuilder's ViewPhysicalThe tools, standards andphysical devicesTradeperson's ViewComponentThe specific vendorcomponents and sizingService Manager's ViewManagementThe ongoing managementand supportFigure 4. SABSA framework1 Source: https://sabsa.org/sabsa-executive-summary/
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 8THE SABSA FRAMEWORKThe cornerstone of SABSA is the SABSA framework. The framework gives the SABSA architect a structure by which toformulate the security architecture. It also structures how data is collected and the questions asked.In its simplest form the SABSA framework is a roadmap to deliver business-driven accountable security by collectinganswers and asking questions at each layer.Key Point: The framework starts at the ‘contextual’ layer and moves across and down.Figure 5. SABSA framework2SABSA AND CESFCheck Point has drawn inspiration from the SABSA framework and credits its influence in the creation of the CESFprocess. CESF borrowed, and adapted, the concepts of "views" and "layers" in its approach to develop a processspecifically designed around network and cyber security.Because SABSA has been designed to help in all fields of security architecture, Check Point chose to adopt some of itsguiding principles but to tailor these specially for our own audience and customer-base. The result is a more targetedprocess designed to deliver on the requirements of Check Point customers.Check Point’s adoption of SABSA into the CESF process also means that we are able to borrow common terminologyand act as an open framework.2 Source: The SABA framework - https://sabsa.org/sabsaoverview.pdf
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 93 Zero TrustZero Trust was introduced to the world as a model for security architecture in 2010 by John Kindervag of ForresterResearch,3 and it’s another key influence on the CESF process.In this section, we will explore Zero Trust as a wider concept and architectural methodology, before exploring howCESF uses Zero Trust.A core premise of Zero Trust is that to think about cyber-risk correctly, we should first assume the internal network iscompromised; we just do not know it yet. If we follow this assumption, we can conclude that internal connections mustbe authenticated before they are trusted.Figure 6. Forrester: The seven pillars of Zero Trust architectureZero Trust is now an industry standard design methodology. Its approach is a move towards a label-based architecture,which uses identity and connection-context to make access decisions for users, data, and networks irrespective of location.In a true Zero Trust network, designers would approach the internal and external networks as essentially the same interms of trust, risk, i.e., the internal and external networks are ‘toxic'.3 Webinar: No More Chewy Centers: The Zero-Trust Model of Information Security,” by John Kindervag, Forrester, August 9, 2010
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 10DRIVERS FOR THE ZERO TRUST MODELAs security professionals Zero Trust invites us to accept that a hard perimeter is ineffective against many attack vectors.The following drivers are commonly quoted as reasons for adopting Zero Trust: Email, web access, and all encrypted traffic (VPN, SSL, SMTP-TLS, etc.) cannot be filtered efficiently or effectively atthe corporate perimeter. Once inside the perimeter, those traffic items may carry hostile payloads that can work their way transversely toattack resources they were never intended to contact. A hard perimeter is at odds with modern business models; organizations are often disparate with users workingfrom multiple locations. Cloud transformation is a key strategic goal for many organizations. This often means an organization’s intellectualproperty and core workloads are now located in shared-ownership platforms. Traditional models of security aren’tequipped to secure these business models.PROCESS-CENTRIC SECURIT Y ARCHITECTUREZero Trust proposes that perimeters don’t exist anymore andnetwork is essentially borderless. Security professionals needto find alternatives to securing data, corporate assets and users.Modern thinking is to move away from a focus on networks,borders, and systems and address process and data-centricsecurity requirements.This paradigm shift is by no means complete but it means thatsecurity architecture needs to encompass a view of how data issecured irrespective of its location. How this manifests in realworld security architecture is a topic for the ”build” and“design” CESF process; for now we will only acknowledge amove away from the network-centric to data-centric networkdesign to a more process and data-centric view.Figure 7. Evolution of Information Security Technology 4ZERO TRUST AND CESFWe have established that the principles ofZero Trust are mainstream and that Check Point has adopted these principles as a key design principle for CESF. The tableon the right shows how the Zero Trust methodology is a critical component of the CESF process.We consider Zero Trust a key component of CESF because: Zero Trust is used as a design principle integral to most modern secure networks. All security architectural papers andall Check Point design templates are built around Zero Trust, except in circumstances where this architecture doesn’tapply or is counter-intuitive.4 Source: Dan Hitchcock, The SABSA Institute C.I.C. 2019
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 114 Check Point Enterprise Security FrameworkTHE CESFThis section introduces Check Point ENTERPRISE Security Architecture as a design process and the vehicle forbuilding security architecture.As previously discussed, CESF is the Check Point interpretation of the SABSA process combined with best practiceand Zero Trust architecture. In this section, we will convert SABSA “views” and SABSA “layers” to CESF “views” and“layers”, and incorporate Zero Trust into the CESF process.We built CESF around number of layers, each with a specific goal and conducted sequentially. Each layer plays arole in collating and processing the client’s business and security requirements in such a way as to arrive at therequired output. The combination of these layers is a complete security architecture that is fully accountable tobusiness requirement and fully documented.SABSA TO CESFCheck Point’s interpretation of the SABSA “layers” hasresulted in the same amount of layers, but now described tobe more relevant to our goal of building network and cybersecurity solutions. We will look at each layer in more detailin a later section of this paper. For now, it is important tounderstand the conversion that Check Point has made, asillustrated in the table on the right.CESF VIEWSSABSA LayerCheck Point CESF Figure 9. Translating SABSA to CESF layersCESF uses the principle of views in the same way as SABSA: a view describes the ownership for a layer. In the CESFframework, we can find the owner of the layer in the "owner" column, as shown in the table below. We will refer toCESF views throughout this paper, as they are a key part of the SABSA framework and CESF.Key Point: A difference between SABSA and CESF is that the CESF architect assumes responsibility for multiple views.CESF LayerREVIEWView / OwnerClient's ViewARCHITECTUREDESIGNCheck Point Architect's ViewBUILDIMPLEMENTMANAGECheck Point SME, Professional ServicesCheck Point Account Management, Customer Success TeamFigure 10. The CESF layers, views and owners
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 12CESF L AYERSLike SABSA, CESF is comprised of a number of layers, each with a specific goal and conducted sequentially. Eachlayer plays a role in collating and processing the client’s business and security requirements in such a way as to arriveat the required output.The layers are as follows:CESF LayerDescriptionREVIEWBusiness-centric: Understand the business context for security. Identify business requirements.ARCHITECTURETechnology-centric: Review the existing security architecture and understand business drivers for security.Define security attributes and map to security services.DESIGNLogical design: Define security services that will be required and how they are used in the design.BUILDBuild: Defining the placement of security within the architecture. The tools, standards and physical devicesthat are used to meet the business requirements.IMPLEMENTMANAGELow-level design: The specific vendor components and sizing.Continuous improvement: The ongoing management and support.Figure 11. The CESF layers and their descriptionsCHECK POINT ENTERPRISE FRAMEWORKAs the name suggests the CESF is a framework, one that defines the structure by which we should conduct securityarchitecture. The CESF provides a set of rules and principles that apply to the process of developing enterprise securitysolutions.The framework below shows the complete CESF table and all its components; in the following sections, we will exploreeach layer and their respective inputs and outputs.CESF LayerREVIEWAssets & MotivationIdentify the business context tosecurity. Understand the securitycontext to the corporate strategy andtransformation goals.ProcessF2F interviews, identify business requirements(BR’s) and drivers for security. Business processesmodeling. Attribute mapping. Complianceresponsibility. Organizational structure.Review entire security architecture,Security design and security controls review.Cyber-risk assessment. Zero Trust review. RiskARCHITECTURE controls and attack-surface. Reviewsecurity concepts in use, and planned. appetite assessment. Threat analysis.OwnerCISO/CIO, BusinessStakeholders &Global SecurityArchitectDESIGNBUILDDefine the physical assets that deliverthe required security.Define tangible security assets and functionsincluding their placement in the architecture.Apply Check Point Infinity principles.Define build components. Deployreal-world configured, integrated,operational solutions.Low-level design templates including specificSolutions Architect,vendor components. Sizing. Document configuration. Professional Services,Apply Check Point Infinity components.Incident ResponseOngoing management andsupport.Account services, life-cycle-management andongoing support.MANAGEFigure 12. The complete CESF showing the core and extended sectionsWorkshopTechnical Stakeholders & GlobalSecurity ArchitectDefine the logical security architecture Create logical security architecture aligned withand the services required to meetZero Trust methodology. Align security servicesbusiness and architectural requirements. to attributes,IMPLEMENTWhenCheck Point GlobalSecurity ArchitectAccount Management, IRT, TACPostWorkshop
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 13NAVIGATIONBefore we discuss the various components of CESF it is important to understand how we navigate the table. We have dividedthe framework into a number of layers, with specific tools and deliverables at each phase. Each layer is addressed sequentiallyand from left to right, as shown below:CESF LayerAssets & Motivation1 Identify the business context toREVIEW2security. Understand the securitycontext to the corporate strategy andtransformation goals.ProcessF2F interviews, identify business requirements(BR’s) and drivers for security. Business processesmodeling. Attribute mapping. Complianceresponsibility. Organizational structure.Review entire security architecture,Security design and security controls review.Cyber-risk assessment. Zero Trust review. Risksecurity concepts in use, and planned. appetite assessment. Threat analysis.ARCHITECTURE controls and attack-surface. ReviewOwnerCISO/CIO, BusinessStakeholders &Global SecurityArchitectWhenWorkshopTechnical Stakeholders & GlobalSecurity ArchitectDESIGNDefine the logical security architecture Create logical security architecture aligned withand the services required to meetZero Trust methodology. Align security servicesbusiness and architectural requirements. to attributes,BUILDDefine the physical assets that deliverthe required security.Define tangible security assets and functionsincluding their placement in the architecture.Apply Check Point Infinity principles.IMPLEMENTDefine build components. Deployreal-world configured, integrated,operational solutions.Low-level design templates including specificSolutions Architect,vendor components. Sizing. Document configuration. Professional Services,Apply Check Point Infinity components.Incident ResponseMANAGEOngoing management and support.Account services, life-cycle-management andongoing support.Check Point GlobalSecurity ArchitectPostWorkshopAccount Management, IRT, TACFigure 13. The complete CESF showing how to navigate the layers and rowsPROCESS AND TIMELINEThe final piece of information that we can gain from the framework is the order that we progress through the process. In theCESF we complete each layer at a specific time within the overall engagement.This information is provided in the “when” column. The key data-gathering phase of the process is the workshop, whichencapsulates the “review” and “architecture” layer. The post-workshop “design” and “build” layers follow the workshop. TheCESF process then moves to the “implementation” and ongoing support layers.
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 14CESF LayerREVIEWAssets & MotivationIdentify the business context tosecurity. Understand the securitycontext to the corporate strategy andtransformation goals.ProcessF2F interviews, identify business requirements(BR’s) and drivers for security. Business processesmodeling. Attribute mapping. Complianceresponsibility. Organizational structure.Review entire security architecture,Security design and security controls review.Cyber-risk assessment. Zero Trust review. Risksecurity concepts in use, and planned. appetite assessment. Threat analysis.ARCHITECTURE controls and attack-surface. ReviewOwnerCISO/CIO, BusinessStakeholders &Global SecurityArchitectDefine the logical security architecture Create logical security architecture aligned withand the services required to meetZero Trust methodology. Align security servicesbusiness and architectural requirements. to attributes,BUILDDefine the physical assets that deliverthe required security.Define tangible security assets and functionsincluding their placement in the architecture.Apply Check Point Infinity principles.Define build components. Deployreal-world configured, integrated,operational solutions.Low-level design templates including specificSolutions Architect,vendor components. Sizing. Document configuration. Professional Services,Apply Check Point Infinity components.Incident ResponseMANAGEOngoing management andsupport.Account services, life-cycle-management andongoing support.WorkshopTechnical Stakeholders & GlobalSecurity ArchitectDESIGNIMPLEMENTWhenCheck Point GlobalSecurity ArchitectPostWorkshopAccount Management, IRT, TACFigure 14. The CESF showing when the various layers are completed5 Using the CESF ProcessINTRODUCTIONNow that we have introduced the framework, its conception and use we, can look at each layer of the framework inmore detail. In this section, we’ll explore the purpose of this layer, and how it contributes to the overall outcome ofthe CESF process. Each layer has a specific form and function that must be completed in order to progress. Asdiscussed in the intro section, we have grouped some layers together in phases. Let’s quickly go over the CESFphases, which are: Review and Architecture: Check Point teams capture requirements from the client though a tailored CESF workshop,during which we capture statements and data relating to business context, strategy, organizational aspirations andsecurity posture. This phase centers on capturing requirements, problem statements as well as performing taskssuch as risk and gap analysis. Design and Build: CESF architects develop recommended responses to the requirements that align with securitybest practices, open standards, such as Zero Trust and CESF design principles. Implementation: Professional services, partners and engineers are able to add low-level design details to therecommendations delivering on the business-driven solutions built through the CESF process. Engagement ofspecialist teams such as incident response and strategic alliance, and.vendor specific design patterns, such as theCheck Point Infinity architecture, can be applied. Service Management: Continuous development and improvement of the security posture by Check Point. Accountmanagement and technical post-implementation support.
CHECK POINT ENTERPRISE SECURITY FRAMEWORK (CESF) 156 Review and Architecture PhaseOVERVIEWThis is the first stage of the CESF process and sets up the entire engagement. It contains two critical layers that areboth of which are delivered as part of the CESF workshop. This phase consists of the following: The Workshop is the core, and only, vehicle for data-capture and discussion with the client. There is no way tocomplete the CESF process without a CESF workshop. Review Layer is used to capture the business requirements, risks, goals and strategy. The “review” layer isbusiness-centric. Architecture Layer is used to capture security objectives and perform the required technology-centricanalysis.In terms of the CESF table, we are looking at the following layers:CESF LayerREVIEWAssets & MotivationIdentify the business context tosecurity. Understand the securitycontext to the corporate strategy andtransformation goals.ProcessF2F interviews, identify business requirements(BR’s) and drivers for security. Business processesmodeling. Attribute mapping. Complianceresponsibility. Organizational structure.Review entire security architecture,Security design and security controls review.Cyber-risk assessment. Zero Trust review. Risksecurity concepts in use, and planned. appetite assessment. Threat analys
Having a view of a long-term strategy reduces the need for point solutions and helps build a strong, complete, . Trust has become a mainstay of enterprise architecture. Both of these open frameworks are widely used and respected by the security industry for their approach and relevance. They are by their nature, both broad and, relevant to all
