Check Point gear guards LANs

Check Point is introducing a LAN appliance that can protect networks against application-layer exploits such as Blaster and Slammer that sneak past perimeter firewalls.

Called InterSpect, the device applies Check Point stateful firewall technology as well as Check Point’s deeper inspection technology called Application Intelligence. The appliance can segment LANs to stop the spread of viruses, and can quarantine individual machines that it detects generating suspicious traffic.

The device sits in line with LAN routers or switches where it can block traffic or just monitor it so network executives can get a picture of normal traffic before they set policies to limit flows. This feature is important to Information Resources Inc., a Chicago-based retail market research firm, says IRI’s vice president of information security, Greg Murray.  IRI wants evidence that security needs to be installed before installing it, so security policies don’t interfere with production, Murray says.

Data from InterSpect can be gathered and compiled into reports. Check Point says users have to gather this data machine by machine. Within six months, though, the company says the devices will automatically report log information to Check Point’s SmartCenter management software. This will enable IRI to generate reports automatically so they are done more quickly, uniformly and without tying up so much personnel, Murray says.

Check Point says management of the new appliances will also be supported by SmartCenter later this year, so users can centrally manage policies rather than configuring the devices one at a time.

In addition, the pattern screening InterSpect performs to find worms and viruses requires less maintenance than competing intrusion protection system gear from NetScreen, says Murray, who tested both.

InterSpect can set up zones within a network and enforce policies about which zones are allowed to talk to each other. If a worm or virus is detected in a particular zone, that zone can be quarantined. Depending on the model of device used, customers can set an unlimited number of zones. The smallest model supports up to eight zones.

The device can be deployed within a LAN to protect a single workgroup, multiple workgroups or a server farm. It can also be deployed on the LAN side of an existing perimeter firewall to add application-layer screening to all traffic as it enters the LAN from the WAN. This is an alternative for customers whose current firewall vendors do not offer application-layer inspection yet.

Check Point generally sells its products as software, but says this appliance makes it possible to get its technology into user networks faster. The PC hardware is made by Dell.

InterSpect comes in four models. InterSpect 210 is for protecting a single workgroup and costs $9,000. InterSpect 410 is for multiple workgroups and costs $18,000. InterSpect 610 is for Gigabit Ethernet networks and costs $36,000. InterSpect 610F supports fiber Gigabit Ethernet interfaces and costs $39,000.