Tips and Tricks 2024 #14 - Why You Need a Best Practices Workshop

00:03

okay hello and welcome everybody thank

00:05

you for joining today's tips and tricks

00:07

webinar today's topic as you can see is

00:10

on best practices workshops um

00:13

presenting today is one of our regional

00:15

Architects AJ deosta AJ's in new I'm

00:19

sorry North Carolina almost said new

00:21

something and he uh he works for our

00:23

sled team right AJ so that state local

00:26

government and education so I don't know

00:29

how many of you are on that side of the

00:31

fence but um obviously we have those on

00:34

the commercial side too so um AJ what do

00:37

you have for us today yeah um no thanks

00:40

for the intro um yeah so we're gonna be

00:42

talking a bit about best practices

00:44

workshops uh what they are what they

00:47

entail uh the value of them um and uh

00:51

some of the the use cases that that

00:52

we've seen from doing quite a few of

00:54

these um to give a a brief intro of

00:57

myself I'm AJ Del aosta I'm architect

01:00

for vertical Solutions uh sort of sort

01:03

of the other side of the house from from

01:04

a checkpoint business perspective

01:07

primarily I handle uh State local

01:09

governments

01:10

education um I came from the commercial

01:13

side originally having dabbled with you

01:15

know strategic accounts large commercial

01:18

accounts territory development um so I

01:21

had the privilege to see quite a bit

01:23

from a lot of different customers and a

01:26

lot of those lessons learned throughout

01:28

the years and from from different

01:30

organizations were the driving force to

01:33

building these these workshops and and

01:35

to building these

01:36

reports um I'll dive right into it and

01:40

basically discuss the workshop uh

01:42

offerings overall um so workshops come

01:46

in two different flavors uh we offer a

01:48

security workshop and a best practices

01:51

Workshop primarily we're going to be

01:53

focused on the right side here the best

01:55

practices Workshop the security

01:58

Workshop is meant to be a uh much more

02:02

holistic highlevel view of your security

02:06

posture uh so that it extends Beyond

02:09

just you know the checkpoint offerings

02:11

or even just the the checkpoint

02:13

deployment it's going to cover you know

02:14

a really wide swath of of different

02:17

Technologies where the best practices

02:20

Workshop is is a bit more focused we're

02:22

going to be be really you know zeroing

02:24

in on the checkpoint deployment as a

02:27

whole making sure that each part of the

02:29

checkpoint environment each part of the

02:31

ecosystem is is behaving is it's giving

02:34

us the value that that we expect from it

02:37

you know and is it is accomplishing that

02:39

that security

02:42

goal let's dive right into the best

02:45

practices

02:48

Workshop

02:51

so what we'll cover is what so what is a

02:55

best practices Workshop um again we're

02:57

going to be focusing specifically on the

02:59

checkpoint environment as a whole we

03:01

want to look at how the checkpoint is

03:04

being operated and implemented you know

03:06

what is the workflow of of the

03:08

day-to-day you know Administration you

03:11

know what are the challenges that that

03:12

the security team is is facing you know

03:15

are are all the products and features

03:18

meeting the goals and meeting the needs

03:20

uh of the environment and if there is a

03:22

gap let's find out where that Gap is um

03:25

so as you can see here it's it's really

03:27

meant to prioritize and strategy those

03:30

kind of macro uh security practices from

03:33

from a checkpoint perspective um and to

03:36

kind of put lines on the field of of

03:38

what it is not so it is not meant to

03:40

troubleshoot existing service requests

03:43

if there are outstanding requests that

03:45

need escalation additional context um

03:49

I'm happy to assist it in that way uh as

03:51

well I can be a touch point for for

03:53

escalation But ultimately you know Tac

03:56

uh Tac is is going to be our go-to for

03:59

for break f

04:00

these are not professional service

04:02

engagements both Workshop offerings are

04:05

zero cost to the customer um there is a

04:09

there's not a a you know statement of

04:11

work there's no you know credits that

04:13

that are need uh needed to be turned in

04:16

uh these are free offerings that we can

04:19

you know basically sit down and and

04:21

strategize and look at things um you

04:24

know from a you know very unbiased

04:26

perspective and figure out you know

04:28

where the where the improvements need to

04:29

happen

04:30

happen uh it is not meant to focus on a

04:33

specific product configuration but often

04:36

times having done a best practices

04:37

Workshop we discover you know maybe we

04:40

should sit down and have a deep dive on

04:43

say Maestro or smart event or you know

04:46

one of the other uh you know products

04:48

that that we have so we really have that

04:50

you know technical granular

04:52

understanding of of of how everything

04:54

works and finally it's not meant to be a

04:57

sales pitch um in no way I incentivized

05:00

in having a customer buy millions of

05:02

dollars of of equipment that doesn't

05:05

serve the goal uh that was initially put

05:08

forth we want to make sure that you're

05:11

uh rendering the value of of what you

05:14

paid for from from a checkpoint

05:15

perspective making sure you're getting

05:17

the most out of the gear that was

05:19

purchased and

05:23

implemented so what's covered in a best

05:25

practices Workshop so we cover items

05:29

both non-technical and Technical in

05:32

nature from from that operational

05:35

perspective we'll touch on items you

05:38

know support training environmental

05:39

controls kind of non-technical almost

05:41

business driver type type elements you

05:44

know is the team uh at a certification

05:47

level where you know they they feel

05:48

comfortable implementing changing doing

05:50

upgrades you know and then we'll slowly

05:53

transition into to more technical topics

05:56

policy and Rule base you know what kind

05:58

of business cont anity plans do we have

06:00

in place is there any virtualization

06:02

happening Hardware configurations is is

06:05

always a big one um endpoint and Cloud

06:08

best practices uh are touched on as

06:12

well I will point out uh policy and

06:14

rulebase is often a really big topic for

06:17

for a lot of customers um at least the

06:20

the government customers that I talked

06:22

to policies it's very easy for a policy

06:25

to get pretty out of control you're

06:27

adding rules you're taking on projects

06:29

you have contractors come in maybe

06:31

you're inheriting uh your policy from a

06:33

previous administrator spending a time

06:36

to optimize your rule base optimize

06:39

those you know unused objects goes a

06:41

long way in just you know making

06:44

everything just flow and and operate

06:47

much more

06:48

smoothly we'll also leverage Discovery

06:50

tools so any Discovery tool we use in in

06:53

our you know investigation and research

06:56

you'll get a copy of and those tools can

06:58

be anything from you know Pro support uh

07:00

Mak you know we have visibility to to

07:02

the the gateways from from a proactive

07:05

perspective Gateway sizing you know if

07:08

we have a Gateway that may be undersized

07:10

or maybe you know choking uh at you know

07:13

certain times of the day due to policy

07:14

volume or or just traffic volume let's

07:17

find out why and see if we can uh tune

07:20

some more performance out of it policy

07:23

analysis I mentioned before and then

07:25

just dis just general discussion and

07:27

whiteboard we want to hear from you what

07:30

the the challenges are where the pain

07:32

points are and how we can help resolve

07:38

those it's the value the takeaways from

07:41

it you're hopefully going to get a much

07:43

deeper understanding of of your

07:45

checkpoint environment you can improve

07:47

just that overall efficiency that the

07:49

day-to-day usage of it uh you'll align

07:52

with checkpoint best practices uh so you

07:55

can say you know checkpoint reviewed my

07:57

environment and you know didn't see any

07:59

uh

08:00

you know red flags or or blatant gaps in

08:03

in the wall and and we we're good to go

08:06

you'll have an improved incident

08:08

Readiness uh that has come up a few

08:10

times with customers because it's not

08:12

even a matter of if I'll have an

08:14

incident it's when I'll have an incident

08:16

and after you do a workshop or best

08:19

practices Workshop because you have a

08:21

deeper understanding you're much more

08:23

able to react you're much more able to

08:25

handle those incidents that are you know

08:27

inevitably coming your way

08:30

and I'm going to hopefully connect you

08:32

guys to the proper tools and resources

08:35

so if we have to do a deep dive on you

08:37

know very specific product if we need to

08:40

have you know really in-depth

08:42

conversations with R&D or or a product

08:44

specialist uh we can absolutely make

08:47

that happen and uh you know build those

08:50

build those relationships and touch

08:52

points excuse me and finally it's not

08:55

meant to point fingers uh we the last

08:58

thing we want to do is is have it be a

09:01

an examination exercise where the

09:04

existing security team is is you know

09:06

meant to look back that is not the goal

09:08

here we just want to understand you know

09:11

what areas of the environment what

09:12

aspects just need more attention need

09:15

Improvement you know leverage a best

09:17

practices Workshop to help justify you

09:20

know maybe an additional spend from from

09:23

your you know the powers it be maybe we

09:25

need to think about more uh you know

09:28

education you know let let's find out

09:31

how we can improve things from from a

09:33

holistic perspective as well as a

09:35

technical

09:37

perspective so we'll go into a few

09:40

examples of what we can reveal

09:43

here so Performance Tuning um and this

09:47

is a a screenshot from a pro report by

09:49

the way this looks familiar for for some

09:52

folks out there um Dy Dynamic balancing

09:55

is not turned on uh this is one of those

09:57

features that by default should be

09:59

turned on and it makes a big difference

10:01

as far as performance and just overall

10:04

traffic um you know traffic handling if

10:07

there was a particular reason Dynamic

10:09

balancing was turned off let's find out

10:11

why there it's no certain rules certain

10:14

diagnostic scripts um can sometimes

10:17

break Dynamic balancing maybe it was

10:20

turned off to do some debugging and then

10:22

somebody just forgot to turn it back on

10:25

uh but it's a good thing that we caught

10:26

it in this report and it's you know in

10:28

this case it was a pretty

10:29

straightforward uh fix to just turn it

10:32

back on and oh all of a sudden our

10:34

utilization drops you know 20% for that

10:41

Gateway detecting smoke before the fire

10:45

oftentimes we'll start to see problems

10:49

or potential problems before they become

10:52

larger ones or or or worst case scenar

10:55

even outages uh so in this case we had

10:58

an interface that was you know basically

11:00

just being overrun core core XL being

11:03

being overrun and the que just wasn't

11:05

able to handle this this Deluge of

11:07

traffic and we were dropping packets you

11:09

know 15,000 packet drops depending on

11:12

the size of environment can be a whole

11:14

lot or or very little um and in this

11:18

case the the customer was unaware uh

11:20

that that this this was even happening

11:22

and as we watched over the next few days

11:25

that 15,000 figure slowly started to

11:27

climb and as soon as we increase the Q

11:30

size we we got that packet drop uh issue

11:33

under control and and uh you know no no

11:36

outages or or affected you know tickets

11:38

were were ever opened uh for for that

11:41

particular

11:45

one so when you conduct a workshop um

11:50

whether it be a security one a security

11:52

Workshop or a best practice Workshop

11:54

process flow is is very straightforward

11:57

we do an introduction call not very

11:59

uh dissimilar to conversation we're

12:02

having right here um I'll distribute the

12:06

the documents the the blank documents

12:08

and and basically the the stencil that

12:11

we're going to follow along the way for

12:12

reference we'll examine the areas that

12:15

we want to focus on if there's a

12:16

particular section that we really want

12:18

to you know deep dive on or or you know

12:21

add a little bit more content to we can

12:23

certainly do that um and then we'll go

12:26

into an interview session and that

12:28

interview we'll we'll basically be

12:30

running through the the questions that

12:32

that'll show in a minute building out

12:34

the report and then doing uh some data

12:36

collection and and research and that's

12:39

going to come from the the tools that I

12:41

showed

12:43

earlier after we take the output of our

12:46

tools our interview um interview

12:50

information we'll then take that back

12:53

and digest all of that and then produce

12:56

a uh delivery document and an action

12:58

plan

12:59

and that document will prioritize the

13:02

findings that we found the the gaps that

13:05

we might be concerned about and then we

13:07

can have a a conversation on how we want

13:10

to attack this how how do we want to

13:12

prioritize this is this something that

13:14

we can easily handle ourselves um you

13:17

know that the customer can do themselves

13:18

that you know the checkpoint sales team

13:20

can assist or do we have to have a

13:23

conversation with a trusted partner or

13:25

Professional Services you know maybe

13:27

some larger upgrades and and

13:28

implementation a work uh needs to be

13:30

done um and that that's really what we

13:33

want to structure out and figure and

13:35

figure

13:40

out the reviews themselves can take

13:42

anywhere from a few hours to a full day

13:45

uh depending on the complexity of the

13:47

environment and and how granularly we we

13:50

need to go uh we have done uh best

13:53

practice workshops for customers as

13:56

small as I believe this C was a

13:59

municipality in rural Kentucky he had

14:03

seven users and he was the admin for

14:05

seven users he he wanted to do it and uh

14:08

I I think they got a lot of value from

14:10

it um all the way up to Major Telos um

14:14

and Telos that I'm sure you're using

14:16

right now National

14:20

level uh we need to have an

14:22

understanding of the business

14:23

functionality as well as as as

14:25

operations so I mentioned that earlier

14:27

we're not just looking at you know

14:29

configurations and buttons and switches

14:31

within the gateways we want to

14:33

understand as a whole how where does

14:35

checkpoint sit in the environment what

14:37

are the driving factors that that

14:39

influence how the checkpoint is is

14:42

implemented and again if there's any

14:44

specific areas of Interest we certainly

14:46

want to cover

14:48

those at the end you'll see a completed

14:51

review document I'll show a sample here

14:53

in a few in a few minutes the output of

14:56

any tools that we used so whether that's

14:59

uh you know Gateway sizing or Pro report

15:03

you you'll all get copies of that and

15:06

then after we complete our engagement

15:07

we'll have touch points along the way to

15:09

to you know make sure that we're

15:11

following the path and keeping up with

15:14

with our changes and making sure you

15:16

know that doesn't kind of slip through

15:17

the cracks and and get lost and and uh

15:21

you know keep things moving in the right

15:26

direction all right

15:30

let me switch to a quick sample report

15:32

and then we'll open it up to

15:35

questions so to visualize what it what

15:37

it looks like so B basically you're

15:40

going to get a Best Practices review

15:43

document these are the chapters that

15:44

we're going to cover and each chapter

15:48

has a series of questions that we give a

15:50

rating to

15:52

ratings very basic either doesn't apply

15:55

doesn't exist it exists but is not ideal

15:59

or it's perfect and we wouldn't change a

16:02

thing and then based on you know the

16:05

discussion we have the research we do

16:06

with our tools we can build a ratings a

16:09

rating for for each item there'll also

16:12

be reference information for each item

16:14

so if we're discussing something like an

16:16

RMA for example you know making sure we

16:19

have a good RMA uh hygiene you know

16:21

having documentation ready local having

16:24

locally stored copies of code being

16:26

familiar with you know isomorphic

16:29

utilities and if we ever need to

16:31

understand what the official RMA process

16:33

is the link is is attached right in the

16:35

report same goes for other items like

16:38

such as life cycle certification paths

16:41

uh etc etc so as you move through the

16:43

document it's it's a good snapshot in

16:46

time but also a good reference material

16:48

to go back to and say oh yeah we

16:50

discussed SNMP monitoring where's that

16:53

SK to to configure SNMP right there in

16:56

the dock

16:59

each

17:01

section is then boiled down into a radar

17:05

graph to give us an output just a handy

17:08

visualization on what's going very well

17:11

and What needs a little help so in this

17:14

scenario Hardware was excellent no

17:17

configuration uh modifications needed

17:20

everything was turned on running really

17:22

smoothly consolidation and

17:24

virtualization was also very good but we

17:26

need to spend a little time on the

17:28

policy and Rule BAS it was a few years

17:30

old it had seen a lot of different

17:31

administrators it had a lot of unused

17:33

objects cleanup is fairly

17:35

straightforward but you know we just

17:36

have to make time to to get it done uh

17:39

training was a gap for this customer

17:41

they had again inherited it from a

17:43

previous administrator they weren't you

17:45

know all that familiar with checkpoint

17:48

uh before coming on so let's make sure

17:50

you have a clear path to training you

17:52

have the training resources

17:56

available and basically just spelling

17:58

those out so uh another recommendation

18:01

here was was endpoint management

18:03

resiliency so this customer wasn't able

18:05

to leverage cloud-based

18:07

management um or or it was something

18:10

that they were at least considering uh

18:12

or not sure about so all right if we

18:14

can't do cloud-based endpoint management

18:16

let's at least have some kind of

18:18

redundancy you know whether virtualized

18:20

or or an appliance or or whatever it is

18:23

uh training I mentioned earlier pointing

18:25

you guys in the right direction of

18:27

whether it's you know starting up ccsa

18:29

or there's all types of uh low cost or

18:33

no cost training resources out there and

18:37

policy review and optimization I

18:39

mentioned earlier and and why that's

18:41

important we take those recommendations

18:44

and items and then essentially have a

18:47

discussion on how we want to prioritize

18:49

that and that's is our go forward plan

18:51

so in this case we wanted to bring the

18:53

migration uh to Smart One Cloud at least

18:56

for Gateway management right to the top

18:57

that was something they were very

18:58

interested in review the policy and Rule

19:01

base of yet smart optimize was their

19:04

next step enrollment and training and

19:07

and and

19:08

certifications and then uh making sure

19:10

we keep up with with endpoint client

19:12

version updates uh was was was the final

19:16

item and as I mentioned earlier once we

19:18

have these down on paper we can you know

19:21

really decide okay you know this is

19:22

something we're we're able to handle as

19:24

as a local team this is this is not a

19:26

big deal or if this is just going to be

19:28

way too labor intensive too big to take

19:30

on let's talk to our partner let's talk

19:32

to Professional Services and uh you know

19:36

bring bring our radar grath all the way

19:38

out to uh you know three out of three

19:40

across the

19:42

board so yeah essentially that is how a

19:46

a best practices uh Workshop

19:49

runs uh obviously each review and

19:53

workshop is a little bit different uh

19:55

but yeah opening uh opening uh our time

19:58

up here to any questions that might be

20:00

out there yep we have some questions for

20:02

you AJ uh first off what's the customers

20:08

investment in this as far as time and

20:10

prerequisites for this best practice

20:12

Workshop so time the time

20:15

investment we're we're very flexible in

20:18

that way so the reviews themselves can

20:20

take anywhere from a few hours to I mean

20:24

half a day is is really really that's a

20:27

big one uh for us the Strategic Telco

20:30

customers that we've done this with

20:32

those take multiple days just because

20:34

they're they're so complex but I would

20:36

say on average for you know an

20:39

organization uh you know maybe a couple

20:41

dozen gateways um even multi-domain

20:45

environments half a day to a few hours I

20:48

would say could you break it up there's

20:50

one I just thought of can you break it

20:53

up for different technology say you're

20:54

only dealing with the cloud teams just

20:56

do a cloud best practice absolutely and

20:58

we've done that before so I've I've done

21:02

um workshops in basically three parts so

21:04

session one is the non- bus stuff

21:07

session two is is you know the policy

21:09

and Gateway side and then the the last

21:12

uh section is just the cloud and and

21:14

mobile folks so yeah we can you know

21:17

splice it up however works for for

21:18

everyone's schedule okay and I'm sorry

21:21

if you didn't I didn't hear your answer

21:23

here but uh be I know you said the time

21:25

that the customer but what about

21:27

prerequisites before you get there is

21:29

there anything that customer should do

21:31

before you kick off this best

21:33

practice no I mean not necessarily for

21:36

for a security Workshop yes there are

21:39

some prerequisites involved so for for a

21:41

security Workshop we're going to want to

21:43

we're going to need some some additional

21:45

sensors in place some additional data

21:47

Gathering um as far as is saying I want

21:50

to start a best practices Workshop

21:52

there's no

21:53

prerequisites uh unless you know you can

21:57

tell us you know day one we know this

22:00

Gateway is undersized let's you know

22:02

launch the sizing utility and find out

22:05

how undersized it is um that's not

22:08

something that necessarily has to be

22:09

done ahead of time but you know that's

22:11

something we we'll want to look at uh

22:13

you know going going into the workshop

22:15

gotcha uh this one maybe it'll make more

22:17

sense to you but uh does this also apply

22:20

to Partners who have multiple

22:23

customers absolutely yeah so this can be

22:26

done um for for any number of you know

22:30

checkpoint customers or or you know use

22:32

cases um I mean we we have customers

22:35

that are doing these on a recurring

22:38

basis so we have a a number of of uh

22:42

municipalities actually state

22:44

governments that have run one of these

22:47

got a lot of value from it really you

22:49

know got a real clear Direction on on

22:52

where and how they want to move things

22:54

forward they said great come back to us

22:56

in six months come back to us in a year

22:57

run it again

22:59

um and you know we hopefully we'll see

23:01

an improvement over time yep absolutely

23:05

I think that covers it for questions so

23:08

thank you AJ great information um but

23:11

like you said here you know these are

23:13

very valuable you know no cost to you

23:15

except for some time investment but you

23:17

know no matter the size of your

23:19

environment this can make your envir

23:21

checkpoint environment more stable you

23:23

know Direction you know what tools are

23:25

out there to help you be more stable so

23:27

you know no matter what size you are I

23:30

highly encourage you talking to your

23:31

account team and get one of these

23:33

scheduled and like AJ said you know year

23:35

over-year doing another check in down

23:37

the road and make sure you're still on

23:38

the right path um oh somebody just asked

23:41

if we had one before can we do it again

23:43

absolutely of course it's encouraged

23:46

yeah yeah encouraged to do it again yes

23:49

B yeah abuse your team to get another

23:50

one scheduled just to check in and see

23:52

where you are and make sure you're

23:53

moving in the right direction and

23:55

obviously as your environment Go grows

23:57

or you get new equipment or new products

24:00

there's other things that we can include

24:01

in this too so absolutely you know

24:03

whatever works for you I'm glad you

24:05

mentioned that Rob actually the the use

24:08

cases we've seen time and time again um

24:11

ahead of a renewal uh maybe ahead of an

24:14

Infinity contract or even just a level

24:17

set you know litness test of you know

24:19

how secure is my environment um Ju Just

24:23

any of those use cases you you see a lot

24:25

of value

24:26

there absolutely oh got some more

24:29

questions here for you one is can I have

24:31

access to that document do you mean your

24:34

doc I was just going to clarify do you

24:35

mean your document after the workshop or

24:37

do you mean the sample one that AJ is

24:40

showing if you can just throw that

24:42

answer in the in both scenarios the

24:44

answer is yes okay you can have the

24:46

sample Doc and then at the end of the uh

24:48

engagement you get a copy of the

24:51

completed report yeah okay great uh

24:54

another one here how many gateways and

24:56

managers will be handled with this best

24:58

practice Workshop as as many as we need

25:02

to so for the large Telco we were

25:05

dealing with thousands of gateways um

25:09

and then for the small municipality it

25:10

was just it was just the

25:12

one yeah I mean any size customer no

25:15

matter what I mean obviously it would be

25:16

great to capture the entire checkpoint

25:18

footprint so we get a good handle on

25:20

everything but like we said we can break

25:22

it up in sections too if that's what you

25:24

prefer for big customers um that have

25:27

you know hundreds of 100 if if we don't

25:29

want to look at every single one um a

25:32

lot of times we'll take a sample size

25:34

you know so if it's a multi-domain we'll

25:35

take one of those domains um and and

25:38

kind of focus on that to to make sure we

25:40

don't get too much

25:43

sprawl I think that covers it please you

25:45

have any questions type them in quickly

25:47

I'll go through our end here um thank

25:50

you again AJ great

25:52

information we'll send that follow-up

25:54

email with any reference content and

25:56

recording link of this session

25:58

our next webinar will be in two weeks

26:00

you'll see the invitation for that soon

26:03

with that we'll let you go thanks again

26:05

for joining us we'll see you here next

26:06

time thank you AJ and everyone else

26:09

enjoy your day talk to you later bye all

26:13

thank you