One of Italy’s 20 regions, Marche is in central Italy, bordering the Adriatic Sea. Its five provinces and 239 municipalities are governed by the Regione Marche, with the regional capital at Ancona.
Ensuring Security Management Consistency
The Regione Marche manages a wide range of administrative, financial, healthcare, and political services for the area’s provinces. In addition to hosting its own services, the Regione Marche’s IT organization also hosts services for the regional healthcare system and local authorities. They not only ensure service continuity and access, they also secure sensitive healthcare, financial, and other data.
Cyber threats frequently target Regione Marche. Attacks range from phishing and website defacement to malware and advanced persistent threats aimed at data exfiltration. Five firewall clusters—composed of different systems from multiple vendors—were deployed across three locations. With multiple management tools and dashboards, it was difficult to ensure security consistently across the region.
“It was a battle to manage our security infrastructure consistently,” said Domenico Cacciari, Network Administrator for Regione Marche. “We didn’t have a unified view of our infrastructure, and if something went wrong, troubleshooting was crazy. We began looking for a centralized security solution that could be managed from a single pane of glass.”
The Power of Consolidation
The team’s experience with multiple Fortinet, Cisco, WatchGuard and SonicWall firewalls led them to consider other vendors. They needed industry-leading protection with the ability to set policies for individual virtual security systems and single-pane management. After considering several options, they chose Check Point.
“Check Point supported our virtual security approach with the unique Virtual Systems solution,” said Cacciari. “It enabled us to deploy industry-leading protection across multiple locations with a single view into everything.”
Regione Marche deployed three Check Point Quantum Security Gateways—one in each data center. Quantum Security Gateways deliver secure, multi-gigabit threat prevention and zero-day protection throughput. They also include over 60 security services backed by the Check Point Infinity Architecture and ThreatCloud AI technologies which prevent threats with a low false positive rate.
“We’re using all of the Quantum Security Gateway protections,” said Cacciari. “In particular, Identity Awareness, URL Filtering, and Content Filtering are invaluable for supporting multiple navigation profiles for the healthcare services we secure.”
Check Point Virtual Systems enabled Regione Marche to consolidate its infrastructure by creating multiple virtualized security gateways on each Quantum Security Gateway. The Virtual System Extension (VSX) feature provides comprehensive protection for VLANs across the Regione Marche’s locations, securely connecting them to shared resources and each other. It also allows the IT team to easily manage custom security policies based on each organization’s requirements. Check Point’s Virtual System Load Sharing (VSLS) capability reliably enhances scalability by distributing traffic loads across the cluster machines.
Unified Control and Visibility
Check Point’s cyber security platform, R80, delivers Security Management that unifies security policy control and the visibility of threats across the entire Regione Marche infrastructure. The team now has a single pane of glass visibility into physical and virtual elements across three data centers. They can tailor policies for each constituent’s virtual system and change policy on the fly if needed.
“With R80, we immediately gained management consistency with a single view across our environment,” said Cacciari. “We can manage everything using the same process. It’s also proving to be highly scalable and reliable, which makes our job so much easier.”
Agility On Time, Anytime
Regione Marche had begun implementing the Check Point solutions when COVID hit. Within a day, most employees began working from home, which increased the need for strong security, VPN access, and high bandwidth.
“Our Check Point solution is powerful,” said Cacciari. “The VPN capability was already implemented, and the Quantum Security Gateways automatically scaled on demand. We were able to tackle the emergency without compromising services.”
When software licenses expired on an existing firewall, the team had to quickly migrate it to Check Point. In less than a week, they migrated more than 300 rules.
“The process went much faster and easier than we had expected,” said Cacciari. “The Check Point gateways maintained firewall security and provided the VPN connection for the migration. Everything went perfectly.”
Time Savings Add to the Bottom Line
In the past, the team could spend two or three days simply troubleshooting an issue. Now with SmartEvent, they have a single view into logs. SmartEvent correlates events, identifies critical events, and delivers forensics—allowing the team to respond in less than an hour.
Policy management is also streamlined. With unified visibility, Cacciari can check, manage, and know exactly what’s happening with each virtual environment. Identity Awareness eliminated the need to manage source IP addresses. The team simply moves policies at the user level through Active Directory.
“I’ve already recommended Check Point to colleagues in other administrations,” said Cacciari. “We experience the quality of Check Point every day. There’s only one thing to say—it’s a great solution.”