The Web    Google
Check Point Adds Application Protection To Firewall

Check Point Adds Application Protection To Firewall
May 14, 2003

Network security vendor Check Point Software Technologies has added application intelligence into its Next Generation product line, extending its firewall product for network protection into protection for application-level attacks.

"We do not think that sitting behind the firewall trying to catch the application-level attacks is the right approach," says Mark Kraynak, strategic marketing manager with Check Point. "From a customer perspective, we think you have to integrate attack prevention into the firewall. With our solution, you have one place to go, a single point of enforcement."

Features of Next Generation with Application Intelligence are integrated into Check Point's FireWall-1 NG and SmartDefense products. The protection works by: validating compliance to standards, such as by checking whether binary data exists in HTTP headers; validating the expected usage of protocols, such as whether an HTTP header length is excessive or whether a directory traversal is being attempted; blocking malicious data, such as by detecting cross site scripting attempts or by recognizing attack signatures; and controlling hazardous application operations, such as whether an application is attempting to send FTP commands.

Kraynak acknowledged that many alternatives are on the market today for protection against application-level attacks. He argues that Check Point differentiates on its ability to show what attack prevention is being applied by attack type, through the SmartDefense console.

"You can look at the way that you are protecting your applications," he says. Other differentiators include Check Point's preference to block "classes" of attacks by looking for patterns, rather than only searching for specific attack signatures, and the product's specific support for attacks using Microsoft Networking.

Essentially the product combines network-level and application-level access control and attack protection. Network firewalls and application layer gateways, the firm argues, are not as comprehensive.

The new version will ship on June 3. No separate license is required for users of the company's FireWall-1 product. The subscription price for online updates is $1,000 per gateway or $10,000 for up to 100 gateways.

  • 9/1: Bugbear-I a Mass-Mailing Worm
  • The Worm That Won't Go Away
  • Viruses Gearing up For The Smart Set
  • 9/1: Bagle-AN Worm Sends 'Foto' Attachment
  • Too Many Lost Emails Leave us Unconnected
  • Shaving Time From The Virus Race
  • Denial of Service a Big WLAN Issue
  • AOL's AIM Puts Browser Security in Danger
  • 11/22: Swizzor-BQ Trojan Downloads, Runs Files
  • Virus Alert Activity Intensifies
  • 2/25: Randex-CST Worm Targets Passwords
  • Security Camera Price