Check Point InterSpect ™ The Internal Security Gateway ™

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential

Check Point InterSpectCheck Point InterSpect™™

The Internal Security GatewayThe Internal Security Gateway™™

ISSA April 15th, 2004

2©2004 Check Point Software Technologies Ltd. Proprietary & Confidential

Today’s Challenge

Then: IT resources focused on network perimeter…

Now: Dedicated IT resources focused on internal networks

Many attacks are introduced inside the network– Laptops/PDAs travel in and out

of the network daily– Legitimate, authenticated users

can be contagious– Effective patching takes time

Worms spread internally, very fast– Blaster– Slammer

No perfect solution– Point-products address some

concerns, but not the “big picture”


Currently Available TechnologiesDon’t Meet the Need

Secure Switches/ Routers

Perimeter Firewalls

Anti-Virus IDS/IPS

Worm Defenses ---Varies by vendor

Signature and/or

Response Based

(Reactive)

Network Zone Segmentation

Limited --- Basic

Quarantine --- --- Available Limited

LAN Protocol Protection

---Varies by vendor

Only from the host

perspectiveLimited

Pre-emptive Attack Protection

---Varies by vendor

No,Requires virus

definitionsLimited

Seamless Deployment & Management

Security policy difficult to

configure and manage

Granular policy based on explicitly

allowed traffic

Requires setup on every device

Cumbersome configuration, management

burden


Security Considerations:Internal vs. Perimeter

Perimeter Security Internal Security

Application Environment

• Standard, well-defined applications• Client-to-server applications• Stricter adherence to protocols• Typically centrally-coordinated

security

• Homegrown applications• Client-to-client applications• Loose adherence to protocols• No central security coordinator

Default Access

Control Policy

• Block all traffic unless explicitly allowed

• Allow all traffic unless explicitly blocked

Priority1. Security2. Non-disruptive to traffic

1. Non-disruptive to traffic2. Security

LAN Protocols

• LAN protocols can be blocked • LAN protocols must be allowed

Internal security introduces unique challenges and requires a dedicated solution


Check Point InterSpectThe Industry’s First Internal Security Gateway

A complete security solution designed for deployment inside of networks

Key Features Intelligent Worm Defender™ Network Zone Segmentation Quarantine of Suspicious Computers LAN Protocol Protection Pre-emptive Attack Protection Seamless Network Deployment and Management Interface


LAN Deployment Locations

In front of a single key

workgroup

Behind WAN Access routers

In front of server farm uplinks

In front of several workgroups

WAN


Comparing Related Technologies

Secure Switches/ Routers

Perimeter Firewalls

Anti-Virus IDS/IPSCheck Point InterSpect

Worm Defenses --- Varies by vendorSignature and/or Response Based

(Reactive) Network Zone Segmentation

Limited --- Basic Quarantine --- --- Available Limited


--- Varies by vendorOnly from the

host perspectiveLimited


---Varies by vendor

No,Requires virus

definitionsLimited

Seamless Deployment & Management

Security policy difficult to

configure and manage

Granular policy based on

explicitly allowed traffic

Requires setup on every device

Cumbersome configuration, management

burden


Intelligent Worm Defender™

Check PointInterSpectKey Benefits

Blocks the spread of worms/attacks inside the network

Protects against fast moving (flash or blitz) worms

• Applies Application Intelligence and Stateful Inspection technologies to internal network security


Network Zone Segmentation

Key Benefits Prevents unauthorized

access between zones Contains attacks within

sub-segment of network

Bridge Mode

Router

PerimeterFirewall

Backbone switch

Finance

QA

R&D

Floorswitch

Floorswitch

Floorswitch

IP 1

IP 2

Internet

InterSpect


Quarantine of Suspicious Computers

Check Point InterSpect

Key Benefits Isolates attacks and

compromised devices Restricts infected computers

from contaminating other devices

Protects un-patched computers until patched

• When user is quarantined, user and admin is notified via dynamic web page

Unique to InterSpect



Microsoft RPC CIFS MS SQL DCOM Sun RPC DCE RPC HTTP And more!

Key Benefits Protects and supports protocols and applications

used inside the network Ensures stability of internal networks

Internal networks use more, and different, protocols than perimeter networks

Broadest and deepest protocol inspection capability via Application Intelligence:

Unique to InterSpect



Key Benefits Proactively and dynamically protects against known and

unknown attacks via SmartDefense Defends against vulnerabilities before they are exploited


Seamless Network Deployment & Management Interface

Key Benefits Installs in minutes Easy to use and manage Won’t block legitimate traffic

Non-disruptive install into existing network infrastructure

Multiple in-line operating modes for flexible deployment

•Bridge•Switch•Router

Monitor only capability GUI tailored for internal

network deployment


Easily Configurable Attack Protection

Monitor only options

Simple Quarantine set-up


Exception List for Non-Disruptive Deployment

e.g., Bypass exception allows homegrown applications to support non-standard use of protocols


Performance for Internal Security

High performance is expected in the LAN InterSpect enhancements for the LAN

– 100% of inspection is done inside the kernel– InterSpect contains advanced streaming

technologies

– SecureXL is integrated into InterSpect– All inspection is accelerated


Models and Pricing


InterSpect Model Comparison

InterSpect 210 InterSpect 410 InterSpect 610/610F

TargetOne workgroup

protectionMultiple workgroup

protectionGigabit network

protection

Throughput 200Mbps 500Mbps 1000Mbps

List Price $9,000 $18,000 $36,000 / $39,000

Fiber interfaces N/A Add-on available Add-on available / Included

Expansions Slots N/A 1 1

Inspection Ports 2 3-10 3-10

Management Port 1 1 1

Max ports 3 10 10

Interface speed 10/100 10/100/1000 10/100/1000

VLAN Support 8 VLANs 128 VLANs Unlimited

Redundant Power No Optional Included

SmartDefense Subscription

Included for 1st year, then optional renewal



All models include: SmartDashboard for InterSpect, SmartView Monitor for InterSpect, and SmartView Reporter for InterSpect


Check Point Software Technologies Ltd.


About Check Point

The most relied upon and trusted Internet security vendor– Security is all we do – and we do it better than anyone!– Used by 97 of the Fortune 100– Established market leader in both firewall and VPN

• 65% market share in enterprise VPN/firewall (IDC)• 36% market share in appliances running Check Point

(Infonetics)

Customer-driven philosophy– Industry-leading technology partnerships– Strong and diversified channel partnerships– Open business model


Stateful Inspection/

FireWall-1


FireWall-1

1993

OPSECOPSEC

1997

VPN-1VPN-1

1998

Next GenerationNext Generation

2001

SmartDefenseSmartDefense

2002

Application IntelligenceApplication Intelligence

2003

Check Point: Always a step ahead of customer’s real-world challenges Check Point: Always a step ahead of customer’s real-world challenges

A History of Innovation

1994 1995 1996 1999 2000


A Dynamic Internet Threat Environment

• 97,812 Internet security incidents reported in 2002 (source: CERT)

• Average company suffered losses of $475,000 due to Blaster worm (source: TruSecure)

• More than half of the Top 20 Most Critical Internet Vulnerabilities are application-based (source: SANS/FBI)


Today’s Top Security Concerns

Security: A Big Challenge!

New Constituents; Partner Web Access;

WLAN; Remote Employees

New, DynamicSecurity Threats

IT Budgets are Constrained

Security Breach:Network Downtime,

Lost Revenue, Damage to Corporate Reputation

Dedicated Security Resources are Limited


Why is Security Such a Big Challenge?

In a connected world everyone is a target Attacks spread quickly Multitude of distributed systems to protect

and connect

Security Must Be: Reliable Extensible Centrally Manageable Multi-layer INTELLIGENT - to respond to attacks

before they happen!


The World’s Most Intelligent Security SolutionsPerimeter – Internal – Web

SMARTmanagement

Worry-freeprotection

Intelligent Security Solutions

Perimeter

In-depth inspection

Inte

rnal W

eb


Inte

rnal W

eb

Perimeter

Unique Technologies are the Foundation of Intelligent Security

Core Technologies

Intelligent Security Solutions

In-depth inspection

Worry-freeprotection

SMARTmanagement


Check Point INSPECT –Industry Leading Security Technology

Integrated Network & Application Protection

Type-Based Approach (not reliant on signatures)

Most Comprehensive & Adaptable– Programmable– Supports more than

150 applications– Fast!

Physical (Layer 1)

Data Link (Layer 2)

Network (Layer 3)

Transport (Layer 4)

Session (Layer 5)

Presentation (Layer 6)

Application (Layer 7)

StatefulInspection

ApplicationIntelligence

In-depthINSPECTion

Introduced in 2003!


Security Management Life Cycle

Security Management

Life Cycle

Define Policy• Easy-to-use Graphical interface• Graphical policy visualization

Monitor & Report• Real-time monitoring• Instant status of all security elements• Automatic reports

Analyze & Change• Detailed logging

Enforce Security• Stateful Inspection• Application Intelligence

SMART Management

Lowest Total Cost of OwnershipLowest Total Cost of Ownership - Automated administrative tasks - Automated administrative tasks save time and money save time and money

- Centralized information database - Centralized information database minimizes capital expenditures minimizes capital expenditures


OPSEC - Best of Breed Applications

Authentication

Authorization

Application Service Support

Content Security

Intrusion Detection& Prevention

Wireless

• Enterprise Management

• Reporting & Monitoring

• Security Assessment

• High Availability & Load Balancing

• Acceleration

OPSEC ApplicationsSecurity

Enforcement Management Performance& Availability

Industry-standard framework for integrating best-of-breed security technologies Certified to ensure seamless interoperability

Certified forSeamlessInteroperability!


Strong, Broad Partnerships

Value Added Solution Providers

Certified Support Partners

Authorized Training Centers

Global Solution Providers

Managed Service Providers

Check Point Service & Support

Over 1,900 channel partners

in 86 countries

Over 1,900 channel partners

in 86 countries


• Compartmentalizing the network

• Contain threats• Desktop protection• Server protection• Data center security

Check Point Intelligent Security Solutions

Web SecurityWeb SecurityPerimeterPerimeter SecuritySecurity

• Attack protection• Secure office

connectivity• Remote employee

access• Controllable Internet

access

• Easy access• Unified front end• Integrated

Authentication• Content Verification

Internal SecurityInternal Security

Coming Soon!


SmallSmallBusinessBusiness

Cellular/Cellular/MobileMobile

InfrastructureInfrastructure

Data Data CenterCenter

Complete Market Coverage

ServiceServiceProviderProviderHigh-EndHigh-EndEnterpriseEnterpriseMediumMedium

BusinessBusiness

Market Segments

Check Point ExpressCheck Point ExpressCheck Point ExpressCheck Point Express

VPN-1 Pro VPN-1 Pro VPN-1 Pro VPN-1 Pro

VPN-1 GXVPN-1 GXVPN-1 GXVPN-1 GX

VPN-1 VSXVPN-1 VSXVPN-1 VSXVPN-1 VSX

Safe@OfficeSafe@OfficeSafe@OfficeSafe@Office

VPN-1 ProVPN-1 ProSecureClient SecureClient

VPN-1 ProVPN-1 ProSecureClient SecureClient

VPN-1 Edge VPN-1 Edge VPN-1 Edge VPN-1 Edge

SMPSMPSecurity Management PortalSecurity Management Portal

SMPSMPSecurity Management PortalSecurity Management Portal

InterSpectInterSpectInterSpectInterSpect


A Future of Innovation

Dedicated to staying one step ahead of customers real-world security challengesDedicated to staying one step ahead of customers real-world security challenges

deploymentsdeploymentsBroader

content analysiscontent analysisDeeper

Smarter security managementsecurity management

Broader

Deeper

Smarter

Application

Intelligence

Application

Intelligence


FireWall-1


FireWall-1

1993

OPSECOPSEC

1997

VPN-1VPN-1

1998

Next GenerationNext Generation

2001

SmartDefenseSmartDefense

2002 20031994 1995 1996 1999 2000

Documents

Check Point InterSpect ™ The Internal Security Gateway ™