Check Point CEO elaborates on upcoming products

Check Point this week announced it will introduce two products by mid-2004 that will address Web security and internal network security for businesses. Called Web Security and Internal Security, these two product families can be deployed independently or integrated with current Check Point products such as VPN-1/Firewall-1. In an interview with Network World Senior Editor Tim Greene, Check Point's Chairman and CEO Gil Shwed gave some flavor of what the new products would include.

What is Check Point up to?

We’re in the process of launching a new strategy that’s based on three technological areas: perimeter security, internal security and Web security.

On the perimeter security side, I think we are known for many years. I think what we see more and more interesting is companies that need to protect internally their network. We’ve seen all the recent worms that attacked once and got to one computer, but somebody downloading something spread it around the company so we see a lot of need to provide multiple levels of security inside the company, internal gateways all the way down to the desktop to provide that kind of internal security. I think the solution that we have is some good technology - which can be a good basis but it does require some new innovation.

On the Web security front we see an increasing need for using the Web and an increasing need to provide a more consistent, more uniform and more global type of access to Web resources. Today there’s a lot of discussion of SSL VPNs, which are in some cases good point products, but they need to be something much bigger than that in the way you can manage access to Web resources.

You say SSL remote access is a point product. What ought it evolve into so it’s not a point product?

Getting all the kinds of access and all the kinds of security for Web access and remote access combined. For example, SSL VPNs can provide a reasonable solution so you can access information. If you access information and it’s not very classified - let’s say a past article or things that you share with other people - good. But if you try to access very confidential data - now you want to download the presentation or download the document - if you don’t have control over the endpoint you might find that you are leaving files behind and creating a very big security hole.

So today there would be two different solutions, as opposed to say some kind of access you can do from anywhere, and some kind of access where you need a secured endpoint device. There are some places where SSL and Web is adequate for access, and some places where you should do IPSec remote access.

One of the things we are seeing especially in this area of Web access is that you need a unified approach to get the right level of eligibility and security.

A lot of the SSL point product vendors are quite concerned about securing the endpoint and are devoting a lot of time and products to that. Doesn’t that answer the problem you just raised?

They’re addressing some of the issues, but the leading solutions today don’t address the endpoint. For example we have the Secure Remote secure client solution. They are deployed by millions of users and they can be a good starting point. We don’t want the company now to have three solutions for the endpoint - one for the SSL VPN which may be clientless or ‘client-ful’ or whatever, and another one for the IPSec that creates a little bit of a mess. And by the way this mess is not just expensive and hard to manage, it’s also not so good for security because it forces people in companies to make compromises on security.