Check Point Unveils Internal Attack Blocker

Check Point Software Technologies has unveiled its new InterSpect integrated security appliance. According to the company, InterSpect works to protect enterprise networks from attacks that originate internally.

Gene Manyak, product marketing manager at Check Point, told the E-Commerce Times that the new appliance protects businesses from application-level threats, which infect many networks through laptops and other mobile devices that bypass traditional firewall solutions and connect to the network directly.

“The threat environment has evolved. Worms like Blaster hit companies really hard and, as a result, created a pressing need for a dedicated security solution,” Manyak said. “InterSpect is the only solution on the market today that is dedicated to stopping these threats [and can be] deployed internally.”

InterSpect comes in three models that range from US$9,000 to $39,000. Manyak said throughput capacity varies from 200 Mbps on the base model to Gigabit throughput for the top-end version. Also, the number of ports varies between models.

Five-Pronged Attack

According to Check Point, InterSpect provides a five-pronged internal network strategy. These approaches include an “Intelligent Worm Defender,” which prevents worms and other attacks from spreading inside a network, and “Network Zone Segmentation,” which divides the internal network into security zones to contain potential intrusions and restrict wholesale employee access.

In addition, InterSpect can quarantine suspicious computers, preventing them from further contaminating the network, and it offers proactive protection against security flaws before they can be exploited. It also comes with “LAN Protocol Protection,” which supports Microsoft and other local area networking protocols to maintain network stability.

The New Rules

Manyak said that, historically, firewalls have provided only access-level protection, controlling vulnerabilities and attacks against the core network infrastructure or the firewall itself. Although these features have become solid over time, hackers also have become more sophisticated, striking at networks through application-level attacks against application data and protocols.

To fight these attacks, Check Point built InterSpect according to a different set of rules than those underlying traditional firewalls, Manyak said. Whereas a traditional firewall acts as a sort of perimeter hard shell, InterSpect must be highly flexible if it is to work in a heterogeneous environment, handling loose protocols and different communications traffic in a nondisruptive manner.

“Inside the network, a lot more applications are homegrown, with a lot of proprietary protocols and [their] own methods of communications [that] do not have security at their forefront,” Manyak said. “That’s why we made ease-of-use a big design criteria, along with great security.”

Where the Value Is

However, Richard Stiennon, vice president of research for Internet security at Gartner, told the E-Commerce Times that other network intrusion prevention devices are already available and that Check Point’s entry is late to market.

On the other hand, Stiennon said, Check Point is the market-leading firewall vendor, so the company has an opportunity to catch up with its competitors fairly rapidly. Present Check Point customers that have not already installed an IPS likely will stick with Check Point in this area, he noted.

Stiennon also said that both InterSpect’s Intelligent Worm Defender and its ability to quarantine suspicious computers work as an antidote to Blaster-like attacks and were built in response to the vulnerability the worm revealed in Port 135 of every Microsoft machine. Port 135 is open to allow both Active Directory usage and general file sharing and cannot simply be shut off. Check Point’s inline capabilities are the real value the product brings to the market, he said.

“It’s the right product at the right time because intrusion protection measures are becoming the hot thing,” Stiennon noted. Still, he said, he is reserving judgment on the appliance until he hears his clients’ feedback.