• United States
Executive Editor

Check Point probes deeper to protect enterprise nets

May 15, 20032 mins
Check PointNetworkingSecurity

* Check Point readies Generation with Application Intelligence

Check Point next month is scheduled to ship a version of its software that enables its firewalls to peer deeper into packets and make application-level decisions about whether to block traffic.

Called Generation with Application Intelligence (NGAI), the software and the accompanying graphical interface SmartDefense, let users quickly set up filters that look for classes of attacks such as HTTP encoding, directory traversal and FTP bounce, as well as specific attacks such as Code Red, Nimda and SQL slammer worms.

NGIA finds these things in several ways. It can check that protocols comply with standards, so it would flag an HTTP packet whose header violates standards by carrying binary data, for example. It can also look for suspicious anomalies such as extremely long HTTP headers. Users can set policies so the software triggers alarms, sends notifications or alters firewall settings to block perceived attacks.

Policies can also flag traffic if an application is performing unauthorized operations, such as file sharing. Users can choose to divert data to supplemental security applications, so it might send e-mails containing executable files to an antivirus platform for screening.

NGIA represents Check Point’s plan to move further into policy-based filtering that goes beyond its traditional network firewalling and into an area where packets are peered into more deeply. Other vendors with similar functionalities include Array, Fortinet, Ingrian, Netcontinuum, Tipping Point and to some extent content switch suppliers such as Blue Coat Systems and F5 Networks. NetScreen is headed in this direction via its purchase of OneSecure.

As one analyst says, this could be a new turn for firewalls. In the early days, firewalls were standalone software but have become commonly paired with VPNs. Now, it seems that they may become paired with other, higher-layer security. Users looking for all-in-one security platforms should continue to monitor these vendors to see whether they deem them ready for use in their networks. They could represent a new wave of simpler-to-administer security.