Check Point Maestro Playbook EN
Check Point Maestro Playbook EN
Check Point Maestro Playbook EN
MAESTRO
HYPERSCALE
SOLUTION MAESTRO
Maestro Hyperscale solution
Playbook for partners
CONTENTS This sales playbook is written for you to accelerate and help you pitch your customers on the
In this playbook, you will find the important highlights of our Maestro Solution so you can stay
focused on understanding what your customers need most. You will find the customer profile
• Introduction for Check Point Maestro, what to ask them and how.
• Prospecting This playbook was designed by our sales enablement team and we hope you find this most
• Validation
• Prove
Note – This document left pane is interactive, use it to easily navigate through.
Mission Statement
Stage: Check Point Software Technologies is the worldwide leader in securing the
Internet. Making Internet communications and critical data secure, reliable and
INTRODUCTION available everywhere has been and will continue to be our ongoing vision. We are
committed to staying focused on actual customer needs and developing new and
innovative security solutions that redefine the state of cybersecurity.
• Mission Statement & With traffic doubling every 3 years, network traffic increases by 25% year over
Strategy year.
On top of that, today’s threat landscape is evolving at a rapid rate.
• Common Terms
Agile cybersecurity Scalable platforms that can scale very quickly are needed to
support this traffic increase. It is clear that organizations need to be able to utilize
their existing security implementations, no matter how small, and scale their
protection almost infinitely according to their changing business needs.
Common Terms
Stage: Hyperscale
Automatically scale appropriately as demand increases
INTRODUCTION • HyperSyncTM
Patented technologies provide full redundancy within a system
Utilizing all hardware resources and automated sync.
• Cloud-level Resiliency
Distributed, virtualized instances, orchestrated across multiple datacenters.
Considered the most effective Resiliency approach
Next: Prospecting
Major deals were competitive replacement wins in the following Industry verticals:
Next: Qualification
1
Regarding Active-Active High Availability limitations, please refer to the latest release notes
© 2020 Check Point Software Technologies Ltd. Page. 5 Partners Version
b Back to top
Qualification - Configuration management, built-in image cloning for scale-up and upgrades
- Upgrade change control, supporting different SW versions in parallel acting as a staging
and rollback environment during upgrades
Qualification
The power to Utilizes
will be the key when it comes to securing
Maestro High Availability cluster
from cyber threats
orchestrates several security devices
• In charge of network security together, as a single active-active
• Technical and in-detail view of redundant system with a computing
Director of IT / InfoSec organization security load balancer.
• Identify Decision Makers Making deployments more cost-
Main Focus: efficient and allows starting small, and
• Triggers for Buying • How to prevent and treat threats expand on-demand, seamlessly when
needed. All with minimal impact on
• Technical details on how the solution
business operation.
works
On top of that, today’s threat landscape evolves at almost the same rapid rate
Qualification • If your production traffic were to double, what would be the business impact for
you and your team?
• How reducing or eliminating downtime, would during maintenance windows, affect
day to day plans?
• Triggers for Buying • What visibility capabilities for threats do you have with your current environment?
• How easily can you mitigate/protect against them, and can it be managed from a
single console?
• How easy is it for you to do a full refresh or scale-up of your security appliances and
gateways?
• How do you control your mission-critical concerns during scale-up or upgrade?
• What technologies are you using today to have full redundancy within a security
Director of IT / system?
InfoSec • If HA, why not use advanced clustering, like Hyperscale?
• What about utilizing legacy appliances?
• Identify Decision Makers • When is it the correct time to deploy a new full threat prevention
enabled gateway in your environment?
• Triggers for Buying • How many manual steps are involved in deployment and how
long does this process take?
Security • How would reducing the downtime during a maintenance window
Administrator affect your work?
Agile cybersecurity platforms that can scale very quickly are needed to support this traffic
growth. Organizations need to be able to start with their existing security implementations,
no matter how small, and scale their protection almost infinitely according to their changing
• Identify Decision Makers business needs.
• Triggers for Buying Check Point Maestro is the first Hyperscale network security platform that enables
businesses of any size to enjoy the power of flexible resiliency, cloud-level security.
With Check Point Maestro there is no need for wasteful HA cluster by taking 2-3 smaller
devices and orchestrating them together, as a single active-active system.
This makes the deployment more cost-effective and allows organizations to start small, and
expand on-demand, seamlessly when needed.
That means all gateways are active-active, More resources utilized with the same equipment.
Establish Value
Stage: Solution Overview
Check Point Maestro is the industry’s first truly Hyperscale network
• Competitive Landscape Manage your virtualized security group by stacking multiple security gateways together by
security feature set, policy, or the assets they protect. With the Maestro Hyperscale
• Objection Handling Orchestrator, businesses of all sizes can have cloud-level security on-premises. Add
compute power to meet your needs using Maestro Web UI or RESTful APIs – all while
• RFI/RFP minimizing the risk of downtime and maximizing your cost-efficiency.
Save data center space and power consumption using high-performance 17.6 Gbps of GenV
• Licensing
16600 1U Gateway, or other appliances from our current offering back till 2016 (5600 and
up, excluding SMB and Chassis)
Establish Value
Stage:
Security Groups
With Maestro, you can dynamically allocate or deallocate compute resources within and
Validation
between Security Groups to meet your needs. Security Groups are logical groups of
appliances providing active/active functionality segregated from other security groups.
Multiple security groups can be created in a single Maestro deployment, facilitating and
operating several different clusters. Group them by security feature set, policy or the assets
• Solution Overview they protect.
Each Security Group has dedicated internal and external interfaces and may have a different
• Competitive Landscape Configuration set and policy, e.g. Next-Generation Firewall protecting a data center or Next
Generation Threat Prevention providing perimeter protection.
• Objection Handling
Single Management Object (SMO)
• RFI/RFP Externally a Security Group is seen as one security gateway object in the Check Point
security management GUI. A single IP address per Security Group for policy install simplifies
• Licensing Security Group management. All Configurations, e.g. interfaces or IP addresses and routes
are mirrored on gateways in the Security Group. Prior to becoming an online member and
actively handling traffic, each new member of the Security Group synchronizes its image,
configuration and security policy with its SMO.
Establish Value
Stage:
Linear Grow clustering
With Maestro any HA member becomes active-active and its compute power is shared with
other Security Group members. The overall available throughput grows linearly by
Validati
doubling, tripling or up to 31 x gateways in Security group and total 52 gateways per
Maestro
• Solution Overview
• Competitive Landscape
• Objection Handling
Distributed Data Centers and Security Groups
• RFI/RFP Having the SMO as a virtual entity allows expending its use to Distributed Data Centers and
Security Groups:
• Licensing • All connections are synchronized to two nodes inactive DC and one in stand-by DC
• Active and Stand-by DCs guarantee redundancy within and between DCs
Validation
The power to Utilizes
Maestro High Availability cluster orchestrates several security devices together, as a single
active-active redundant system with computing load balance.
Making deployment more cost-efficient, allowing starting small, and seamless expansion
on-demand. All with minimal impact on business operation.
• Solution Overview
The power to Change
• Competitive Landscape Maestro Auto-Scale allows automatic security throughput increases, using a pre-defined
provisioned GW. Maestro management reacts to its single managed object overload
thresholds and automatically allocate the provisioned GW to the loaded Security Group.
• Objection Handling Admin wise: Zero configuration, fully operational within 6 minutes, higher efficiency,
reduced overhead and costs.
• RFI/RFP
The power to Control Risks
With Maestro, your mission-critical business concerns have been addressed by design.
• Licensing Zero downtime, upon scale-up, only new connections handled by the new resource
Configuration management, built-in image cloning for scale-up and upgrades
Upgrade change control, supporting different SW versions in parallel acting as staging
and rollback environment during updates
Competitive Landscape
Stage:
High-End Key Features Comparison
Palo Alto
Key Capability by Vendor Check Point Fortinet Cisco
Networks
Validation Appliances
Threat Prevention
Maestro Hyperscale
Orchestrator 140
4x6800 Gateway
34.5 Gbps
PA-5260/PA-5280 HA
Cluster
33 Gbps
3600E HA Cluster
30 Gbps
Firepower 9300
N/A
Performance (up to 300Gbps)
• Solution Overview 57 Gbps 67 Gbps 30 Gbps
NGFW Performance 40 Gbps
(up to 1Tbps) without IPS (up to 130)
Virtual Systems
• Objection Handling Multi Tenancy
Combine different
appliances models
• RFI/RFP Cloud-Level Capabilities Yes No No No
on your premises
• Licensing Seamless & Real-Time
ScaleUp
Multi Tenancy
(Physical & Virtual)
Per Connection
Redundency
Flexibility by reuse of
existing appliance
Price 1Y/3Y $465K/ $765K $568K / $897K $330K / $542K $1.35M / $2.15M
(HW+NGTP+24x7)
© 2020 Check Point Software Technologies Ltd. Page. 17 Partners Version
b Back to top
Competitive Landscape
Stage:
Chassis Key Features Comparison
Palo Alto
Key Capability by Vendor Check Point Fortinet Cisco
Networks
Validation Appliances
Threat Prevention
Maestro Hyperscale
Orchestrator 170
5x23800 Gateway
79 Gbps
PA-7080 HA Cluster
(2 Blades)
70 Gbps
5144C HA Cluster
(5 Blades)
68.5 Gbps
FG-7060E HA Cluster
80G bps
Solution Overview
Performance (up to 600Gbps) (up to 350Gbps) (up to 189Gbps)
•
130 Gbps 144 Gbps 75 Gbps
NGFW Performance 100 Gbps
(up to 1.5Tbps) (up to 720Gbps) (up to 210Gbps)
Virtual Systems
• Objection Handling Multi Tenancy
Combine different
• RFI/RFP
appliances models
Cloud-Level Capabilities Yes No No No
on your premises
• Licensing Seamless & Real-Time
ScaleUp
Multi Tenancy
(Physical & Virtual)
Per Connection
Redundency
Intra & Inter system
redundancy
Flexibility by reuse of
existing appliance
Price 1Y/3Y $869K/ $1.33M $1.47M / $2.01M $1.4M / $2.48M $1.15M / $2.06M
(HW+NGTP+24x7)
Competitive Landscape
Stage:
How to compete against High End:
Vendor Check Point Competitive Advantage
Validation
• There is no scale up with additional cluster members. Full hardware refresh is required as
performance requirements grow.
• There is no option to reuse already bought appliances to increase security throughput.
• No pay-as-you-grow model to eliminate wasteful over-provisioning.
• Segregation can be done only on the virtual system level without the ability to separate security
• Competitive Landscape • Legacy clustering mechanisms offer limited scalability and create a single point of failure,
whereas Maestro Hyperscale Orchestrator is built from the ground up with full redundancy for
all functions.
Competitive Landscape
Stage:
How to compete against Chassis:
Vendor Check Point Competitive Advantage
Solution Overview
chassis become outdated
• • Segregation can be done only on the virtual level without ability to separate security
environments to different physical security groups
• Competitive Landscape • Chassis solutions use proprietary components and connectors that require full
chassis replacement in case of physical hardware damage, whereas Maestro is built
using Standard Replaceable Components that are simple to replace
• Objection Handling • Legacy clustering mechanisms offer limited scalability and create a single point of
failure, whereas Maestro Hyperscale Orchestrator is built from the ground up with
full redundancy for all functions.
• Licensing • By Default, when queue is full (high load), Palo Alto firewall SKIPS INSPECTION and
FORWARDS traffic inside the network WITHOUT INSPECTING for threats. Watch
Here.
• PAN admin will require 3x more time to create a security rule vs. Check Point
(read the AGONY METER)
Palo Alto Networks More info on the PAN Cheat Sheet
Objection Handling
Stage: Here are the answers
Objection Response
• RFI/RFP Check Point is in most cases less expensive and offers considerably
better performance, security, Hyperscalability, and resiliency.
RFI/RFP Template
Stage: Use our repository
An RFP submitted early in the procurement cycle, presents preliminary requirements for the Maestro
Validation solution, and dictate the structure and format of the supplier's response.
Effective RFPs typically reflect the strategy and short/long-term business objectives, providing detailed
insight upon which suppliers will be able to offer a matching perspective.
• Solution Overview When presented with a situation where the customer/prospect is asking you for such an example the
advantage is great as we can affect the end results by driving questions that emphasize the Maestro
advantages over our competitors.
• Competitive Landscape
You can share these samples with customers seeking examples or recommendations of such a
document to be used in the bidding process for a mobile security solution.
• Objection Handling These documents have proven in the past to be successful in winning deals. And been constructed
based on our best practices built over time with different RFPs from all over the globe
• RFI/RFP
for more detail: contact your Check Point rep.
• Licensing
Licensing
Stage: What’s in it
Overview:
Validation The Orchestrator is a mandatory unit in the system, it can host existing appliances (GWs) and new ones.
• Each appliance requires a license per software blade used exactly as in a regular cluster.
• Each security group considered a single managed object (SMO) on the management server. Licensed as
single GW with no relation to the number of appliances within the Security Group.
• Cost-effective bundles are available to cover all sizing needs.
• Solution Overview
For up-to-date pricing:
• Competitive Landscape
• Objection Handling
• RFI/RFP
• Licensing
Next: Prove
Customer Wins
Stage: Maestro is a differentiator
As stated by customers who bought it and for customers who consider future growth
Prove • USA
Competition
Why Maestro?
Bank, Existing customer (1M$)
Palo Alto & Fortinet
Scale-up possibility
• LATAM Bank, Existing customer (High 7 digit deal)
• Customer Wins Competition Palo Alto & Cisco
Why Maestro? Superior management & Scale-up capabilities
Prove 1)
2)
3)
General system configuration
Security Groups
Performance indicators
• Customer Wins 4)
5)
Redundancy while traversing traffic
HyperSyncTM
6) Management and Provisioning
• Proof-of-Concept (POC) For more details: contact your Check Point rep.
Prove Resources
General
Links
Hyperscale Whitepape
Maestro Infographic
Demo Request
• Resources for Next Steps eLearning Sales Training
Technical Training
Udemy - Jump Start on-line free training
CCME (Check Point Certified Maestro Expert) On-site and remote CCME trainings – done by Checkpoint ATCs
We issue CCME certificates for engineers and specialization for
partners who complete CCME exam
Success Stories Partner Map - Success Stories
Maestro Videos Technical Video of Maestro
Sales Video of Maestro
Maestro at CPX
CP Maestro on CheckMates
Use Case: Security & Scale
Use Case: Security & Operational Supremacy
Use Case: Security & Resiliency
Check Point Maestro – Security of Hyperscale at a glance
© 2020 Check Point Software Technologies Ltd. Page. 27 [Internal Use] for Check Point employees