Check Point rounds out security plan

Check Point says it has carried out its vision of uniting security management across the four areas of the corporate networks that must be protected: perimeter, Web, internal and endpoint.

Now all devices made by Check Point that protect these areas come under control of the company’s Smart Center management platform, giving customers a comprehensive view of network security.

Since articulating this strategy two years ago, the company has added the management of Check Point products piece by piece to its Smart Center platform. The company plans to announce this week the final product, its Integrity endpoint protection software, has been brought under Smart Center with a new software release called NGX R61.

Smart Defense Services Console, the unified management software, enables administrators to log on once and update and manage all Check Point gear on the network. These products can include its perimeter-defense VPN-1/Firewall-1, Web-defense Connectra SSL VPN software, internal security gateway Interspect and the endpoint security software Integrity. A fifth product, Eventia, gathers data from the others to create reports on security incidents.

“Being able to open just one management console and see everything and get reports about everything on Eventia rather than log into several different management consoles – some of them are weak on reporting – is a huge improvement,” says Mike Taylor, systems director for ChoiceData of Knoxville, Tenn., which sells Equifax credit report data. The firm uses Check Point firewall and VPN gear as well as Eventia to protect its networks in Knoxville and Chattanooga, he says.

Adding support for Integrity to the management platform may prompt ChoiceData to adopt it as well. Integrity includes anti-virus software, so ChoiceData may drop its current anti-virus vendor, Trend Micro, when its contract expires. “I’d even pay a little more for Integrity to get all the reports,” he says. “It’s more helpful if I get a report with charts and graphs so I can see where my problems are.”

The Smart Defense console is part of a service that sends customers security updates that can be pushed out to these products to battle new threats. It also sends best practices advice to network security executives. These updates can be installed to the Check Point platforms without taking them offline, for example, to install major new versions of operating systems.

Integrity is key to Check Point’s Total Access Protection (TAP) architecture for controlling which machines and users can gain access to networks. TAP represents multiple pieces of gear that enforce security policies on devices that are admitted based on Integrity scans and authentication checks.

TAP is Check Point’s answer to the growing interest in network access control as exemplified by Cisco’s architecture called Network Admission Control (NAC) and Microsoft’s Network Access Protection. While TAP can be overlaid on existing networks, Check Point also is working to integrate it with other vendors’ gear. The company is part of Cisco’s NAC Program, currently developing interoperability between Check Point’s Integrity client and Cisco switches.

Other switch vendors also are coming to Check Point to ensure their gear interoperates with Integrity to enforce access controls. Enterasys Networks, Foundry Networks and Nortel are all part of the TAP program. Members of the TAP wireless program are Aruba, Bluesocket, Cisco and Meru.