Transcript Check Point InterSpect

Check Point InterSpect™
The Internal Security Gateway™
ISSA April 15th, 2004
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Today’s Challenge
 Then: IT resources focused on
network perimeter…
 Now: Dedicated IT resources
focused on internal networks
 Many attacks are introduced
inside the network
– Laptops/PDAs travel in and out
of the network daily
– Legitimate, authenticated users
can be contagious
– Effective patching takes time
 Worms spread internally, very
fast
– Blaster
– Slammer
 No perfect solution
– Point-products address some
concerns, but not the “big
picture”
2
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Currently Available Technologies
Don’t Meet the Need
Secure
Switches/
Routers
Perimeter
Firewalls
Anti-Virus
IDS/IPS

Worm Defenses
---
Varies by
vendor
Signature
and/or
Response
Based
(Reactive)
Network Zone
Segmentation
Limited

---
Basic
Quarantine
---
---
Available
Limited
LAN Protocol
Protection
---
Varies by
vendor
Only from the
host
perspective
Limited
Pre-emptive Attack
Protection
---
Varies by
vendor
No,
Requires virus
definitions
Limited
Seamless
Deployment &
Management
Security policy
difficult to
configure and
manage
Granular policy
based on
explicitly
allowed traffic
Requires setup
on every
device
Cumbersome
configuration,
management
burden
3
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Security Considerations:
Internal vs. Perimeter
Application
Environment
Perimeter Security
Internal Security
• Standard, well-defined applications
• Client-to-server applications
• Stricter adherence to protocols
• Typically centrally-coordinated
security
• Homegrown applications
• Client-to-client applications
• Loose adherence to protocols
• No central security coordinator
• Block all traffic unless explicitly
Default
allowed
Access
Control Policy
• Allow all traffic unless explicitly
blocked
Priority
1. Security
2. Non-disruptive to traffic
1. Non-disruptive to traffic
2. Security
LAN
Protocols
• LAN protocols can be blocked
• LAN protocols must be allowed
Internal security introduces unique
challenges and requires a dedicated solution
4
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point InterSpect
The Industry’s First Internal Security Gateway
 A complete security solution designed for
deployment inside of networks
Key Features






Intelligent Worm Defender™
Network Zone Segmentation
Quarantine of Suspicious Computers
LAN Protocol Protection
Pre-emptive Attack Protection
Seamless Network Deployment and Management Interface
5
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
LAN Deployment Locations
In front of several
workgroups
In front of a
single key
workgroup
Behind WAN
Access routers
In front of server
farm uplinks
WAN
6
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Comparing Related Technologies
Secure
Switches/
Routers
Perimeter
Firewalls
Anti-Virus
IDS/IPS
Worm Defenses
---
Varies by vendor
Signature and/or
Response Based
(Reactive)

Network Zone
Segmentation
Limited

---
Basic
Quarantine
---
---
Available
Limited
LAN Protocol
Protection
---
Varies by vendor
Only from the
host perspective
Limited
Pre-emptive
Attack Protection
---
No,
Requires virus
definitions
Limited
Seamless
Deployment &
Management
Security policy
difficult to
configure and
manage
Requires setup
on every device
Cumbersome
configuration,
management
burden
Varies by vendor
Granular policy
based on
explicitly allowed
traffic
Check Point
InterSpect






7
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Intelligent Worm Defender™
Key Benefits
 Blocks the spread of
worms/attacks inside
the network
 Protects against fast
moving (flash or blitz)
worms
Check Point
InterSpect
• Applies Application Intelligence
and Stateful Inspection
technologies to internal network
security
8
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Network Zone Segmentation
Bridge Mode
Key Benefits
 Prevents unauthorized
access between zones
 Contains attacks within
sub-segment of network
Floor
switch
Internet
IP 1
Finance
Router
Floor
switch
IP 2
Perimeter
Firewall
R&D
Floor
switch
QA
Backbone
switch
InterSpect
9
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Quarantine of Suspicious Computers
Key Benefits
 Isolates attacks and
compromised devices
 Restricts infected computers
from contaminating other
devices
 Protects un-patched
computers until patched
Check Point
InterSpect
Unique to InterSpect
• When user is quarantined, user
and admin is notified via dynamic
web page
10
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
LAN Protocol Protection
Unique to InterSpect
Internal networks use
more, and different,
protocols than
perimeter networks
Broadest and deepest
protocol inspection capability
via Application Intelligence:
 Microsoft RPC
 CIFS
 MS SQL
 DCOM
 Sun RPC
 DCE RPC
 HTTP
 And more!
Key Benefits
 Protects and supports protocols and applications
used inside the network
 Ensures stability of internal networks
11
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Pre-emptive Attack Protection
Key Benefits
 Proactively and dynamically protects against known and
unknown attacks via SmartDefense
 Defends against vulnerabilities before they are exploited
12
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Seamless Network Deployment &
Management Interface
 Non-disruptive install
into existing network
infrastructure
 Multiple in-line operating
modes for flexible
deployment
• Bridge
• Switch
• Router
 Monitor only capability
 GUI tailored for internal
network deployment
Key Benefits
 Installs in minutes
 Easy to use and manage
 Won’t block legitimate traffic
13
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Easily Configurable Attack Protection
Monitor only options
Simple Quarantine set-up
14
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Exception List for
Non-Disruptive Deployment
e.g., Bypass exception allows
homegrown applications to
support non-standard use of
protocols
15
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Performance for Internal Security
 High performance is expected in the LAN
 InterSpect enhancements for the LAN
– 100% of inspection is done inside the kernel
– InterSpect contains advanced streaming
technologies
– SecureXL is integrated into InterSpect
– All inspection is accelerated
16
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Models and Pricing
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
InterSpect Model Comparison
InterSpect 210
InterSpect 410
InterSpect 610/610F
One workgroup
protection
Multiple workgroup
protection
Gigabit network protection
200Mbps
500Mbps
1000Mbps
$9,000
$18,000
$36,000 / $39,000
Fiber interfaces
N/A
Add-on available
Add-on available / Included
Expansions Slots
N/A
1
1
Inspection Ports
2
3-10
3-10
Management Port
1
1
1
Max ports
3
10
10
Interface speed
10/100
10/100/1000
10/100/1000
VLAN Support
8 VLANs
128 VLANs
Unlimited
No
Optional
Included
Included for 1st year, then
optional renewal
Included for 1st year,
then optional renewal
Included for 1st year, then
optional renewal
Target
Throughput
List Price
Redundant Power
SmartDefense
Subscription
All models include: SmartDashboard for InterSpect, SmartView Monitor for
InterSpect, and SmartView Reporter for InterSpect
18
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point Software
Technologies Ltd.
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
About Check Point
 The most relied upon and trusted Internet
security vendor
– Security is all we do – and we do it better than anyone!
– Used by 97 of the Fortune 100
– Established market leader in both firewall and VPN
• 65% market share in enterprise VPN/firewall (IDC)
• 36% market share in appliances running Check Point
(Infonetics)
 Customer-driven philosophy
– Industry-leading technology partnerships
– Strong and diversified channel partnerships
– Open business model
20
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
A History of Innovation
Stateful Inspection/
VPN-1
FireWall-1
OPSEC
1993
1994
1995
1996
1997 1998
SmartDefense
Next Generation
1999
2000
Application Intelligence
2001 2002 2003
Check Point: Always a step ahead
of customer’s real-world challenges
21
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
A Dynamic Internet
Threat Environment
• 97,812 Internet security incidents reported in 2002 (source: CERT)
• Average company suffered losses of $475,000 due
to Blaster worm (source: TruSecure)
• More than half of the Top 20 Most Critical Internet
Vulnerabilities are application-based (source: SANS/FBI)
22
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Today’s Top Security Concerns
New Constituents;
Partner Web Access;
WLAN; Remote
Employees
New, Dynamic
Security Threats
IT Budgets are Constrained
Security Breach:
Network Downtime,
Lost Revenue, Damage
to Corporate
Reputation
Dedicated Security
Resources are Limited
Security: A Big Challenge!
23
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Why is Security Such a Big Challenge?
 In a connected world everyone is a target
 Attacks spread quickly
 Multitude of distributed systems to protect
and connect
Security Must Be:





Reliable
Extensible
Centrally Manageable
Multi-layer
INTELLIGENT - to respond to attacks
before they happen!
24
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
The World’s Most Intelligent Security Solutions
Perimeter – Internal – Web
In-depth
inspection
Intelligent
Security
Solutions
SMART
Worry-free
management
protection
Perimeter
25
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Unique Technologies are the
Foundation of Intelligent Security
Core Technologies
In-depth
inspection
Intelligent
Security
Solutions
SMART
Worry-free
management
protection
Perimeter
26
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point INSPECT –
Industry Leading Security Technology
Introduced in 2003!
Application (Layer 7)
Presentation (Layer 6)
Application
Intelligence
Session (Layer 5)
Transport (Layer 4)
Stateful
Data Link
(Layer 2)
Inspection
Network (Layer 3)
Physical (Layer 1)
In-depth
INSPECTion
 Integrated Network &
Application Protection
 Type-Based Approach
(not reliant on
signatures)
 Most Comprehensive &
Adaptable
– Programmable
– Supports more than
150 applications
– Fast!
27
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Security Management Life Cycle
Define Policy
• Easy-to-use Graphical interface
• Graphical policy visualization
SMART
Management
Enforce Security
• Stateful Inspection
• Application Intelligence
Lowest Total Cost of Ownership
Security
Management tasks
- Automated administrative
Life Cycle
save time and money
- Centralized information database
Monitor & Report
• Real-time monitoring
minimizes capital expenditures
• Instant status of all
Analyze & Change
• Detailed logging
security elements
• Automatic reports
28
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
OPSEC - Best of Breed Applications
 Industry-standard framework for integrating best-of-breed
security technologies
 Certified to ensure seamless interoperability
OPSEC Applications
Security
Enforcement
 Authentication
 Authorization
 Application
Service Support
 Content Security
Management
Performance
& Availability
• Enterprise
Management
• High Availability
& Load Balancing
• Reporting
& Monitoring
• Acceleration
• Security
Assessment
 Intrusion Detection
& Prevention
 Wireless
29
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Strong, Broad Partnerships
Over 1,900
channel partners
in 86 countries
 Value Added Solution Providers
 Certified Support Partners
 Authorized Training Centers
 Global Solution Providers
 Managed Service Providers
 Check Point Service & Support
30
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point Intelligent Security Solutions
Perimeter Security Internal Security
• Attack protection
• Secure office
connectivity
• Remote employee
access
• Controllable Internet
access
• Compartmentalizing
the network
• Contain threats
• Desktop protection
• Server protection
• Data center security
Web Security
• Easy access
• Unified front end
• Integrated
Authentication
• Content Verification
31
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Complete Market Coverage
Market Segments
InterSpect
Safe@Office
VPN-1 Pro
VPN-1 Edge
SMP
Security Management Portal
VPN-1 GX
Check Point Express
VPN-1 VSX
VPN-1 Pro
SecureClient
Small
Business
Medium
Business
Enterprise
High-End
Service
Provider
Data
Center
Cellular/
Mobile
Infrastructure
32
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
A Future of Innovation
Stateful Inspection/
FireWall-1
VPN-1
OPSEC
SmartDefense
Next Generation
Application
Intelligence
Deeper
Broader
Smarter
1993
1994
1995
1996
1997 1998
1999
2000
2001 2002 2003
Dedicated to staying one step ahead of
customers real-world security challenges
Deeper
content analysis
Broader
deployments
Smarter
security management
33
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential