©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point InterSpectCheck Point InterSpect™™
The Internal Security GatewayThe Internal Security Gateway™™
ISSA April 15th, 2004
2©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Today’s Challenge
Then: IT resources focused on network perimeter…
Now: Dedicated IT resources focused on internal networks
Many attacks are introduced inside the network– Laptops/PDAs travel in and out
of the network daily– Legitimate, authenticated users
can be contagious– Effective patching takes time
Worms spread internally, very fast– Blaster– Slammer
No perfect solution– Point-products address some
concerns, but not the “big picture”
3©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Currently Available TechnologiesDon’t Meet the Need
Secure Switches/ Routers
Perimeter Firewalls
Anti-Virus IDS/IPS
Worm Defenses ---Varies by vendor
Signature and/or
Response Based
(Reactive)
Network Zone Segmentation
Limited --- Basic
Quarantine --- --- Available Limited
LAN Protocol Protection
---Varies by vendor
Only from the host
perspectiveLimited
Pre-emptive Attack Protection
---Varies by vendor
No,Requires virus
definitionsLimited
Seamless Deployment & Management
Security policy difficult to
configure and manage
Granular policy based on explicitly
allowed traffic
Requires setup on every device
Cumbersome configuration, management
burden
4©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Security Considerations:Internal vs. Perimeter
Perimeter Security Internal Security
Application Environment
• Standard, well-defined applications• Client-to-server applications• Stricter adherence to protocols• Typically centrally-coordinated
security
• Homegrown applications• Client-to-client applications• Loose adherence to protocols• No central security coordinator
Default Access
Control Policy
• Block all traffic unless explicitly allowed
• Allow all traffic unless explicitly blocked
Priority1. Security2. Non-disruptive to traffic
1. Non-disruptive to traffic2. Security
LAN Protocols
• LAN protocols can be blocked • LAN protocols must be allowed
Internal security introduces unique challenges and requires a dedicated solution
5©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point InterSpectThe Industry’s First Internal Security Gateway
A complete security solution designed for deployment inside of networks
Key Features Intelligent Worm Defender™ Network Zone Segmentation Quarantine of Suspicious Computers LAN Protocol Protection Pre-emptive Attack Protection Seamless Network Deployment and Management Interface
6©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
LAN Deployment Locations
In front of a single key
workgroup
Behind WAN Access routers
In front of server farm uplinks
In front of several workgroups
WAN
7©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Comparing Related Technologies
Secure Switches/ Routers
Perimeter Firewalls
Anti-Virus IDS/IPSCheck Point InterSpect
Worm Defenses --- Varies by vendorSignature and/or Response Based
(Reactive) Network Zone Segmentation
Limited --- Basic Quarantine --- --- Available Limited
LAN Protocol Protection
--- Varies by vendorOnly from the
host perspectiveLimited
Pre-emptive Attack Protection
---Varies by vendor
No,Requires virus
definitionsLimited
Seamless Deployment & Management
Security policy difficult to
configure and manage
Granular policy based on
explicitly allowed traffic
Requires setup on every device
Cumbersome configuration, management
burden
8©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Intelligent Worm Defender™
Check PointInterSpectKey Benefits
Blocks the spread of worms/attacks inside the network
Protects against fast moving (flash or blitz) worms
• Applies Application Intelligence and Stateful Inspection technologies to internal network security
9©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Network Zone Segmentation
Key Benefits Prevents unauthorized
access between zones Contains attacks within
sub-segment of network
Bridge Mode
Router
PerimeterFirewall
Backbone switch
Finance
QA
R&D
Floorswitch
Floorswitch
Floorswitch
IP 1
IP 2
Internet
InterSpect
10©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Quarantine of Suspicious Computers
Check Point InterSpect
Key Benefits Isolates attacks and
compromised devices Restricts infected computers
from contaminating other devices
Protects un-patched computers until patched
• When user is quarantined, user and admin is notified via dynamic web page
Unique to InterSpect
11©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
LAN Protocol Protection
Microsoft RPC CIFS MS SQL DCOM Sun RPC DCE RPC HTTP And more!
Key Benefits Protects and supports protocols and applications
used inside the network Ensures stability of internal networks
Internal networks use more, and different, protocols than perimeter networks
Broadest and deepest protocol inspection capability via Application Intelligence:
Unique to InterSpect
12©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Pre-emptive Attack Protection
Key Benefits Proactively and dynamically protects against known and
unknown attacks via SmartDefense Defends against vulnerabilities before they are exploited
13©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Seamless Network Deployment & Management Interface
Key Benefits Installs in minutes Easy to use and manage Won’t block legitimate traffic
Non-disruptive install into existing network infrastructure
Multiple in-line operating modes for flexible deployment
•Bridge•Switch•Router
Monitor only capability GUI tailored for internal
network deployment
14©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Easily Configurable Attack Protection
Monitor only options
Simple Quarantine set-up
15©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Exception List for Non-Disruptive Deployment
e.g., Bypass exception allows homegrown applications to support non-standard use of protocols
16©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Performance for Internal Security
High performance is expected in the LAN InterSpect enhancements for the LAN
– 100% of inspection is done inside the kernel– InterSpect contains advanced streaming
technologies
– SecureXL is integrated into InterSpect– All inspection is accelerated
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Models and Pricing
18©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
InterSpect Model Comparison
InterSpect 210 InterSpect 410 InterSpect 610/610F
TargetOne workgroup
protectionMultiple workgroup
protectionGigabit network
protection
Throughput 200Mbps 500Mbps 1000Mbps
List Price $9,000 $18,000 $36,000 / $39,000
Fiber interfaces N/A Add-on available Add-on available / Included
Expansions Slots N/A 1 1
Inspection Ports 2 3-10 3-10
Management Port 1 1 1
Max ports 3 10 10
Interface speed 10/100 10/100/1000 10/100/1000
VLAN Support 8 VLANs 128 VLANs Unlimited
Redundant Power No Optional Included
SmartDefense Subscription
Included for 1st year, then optional renewal
Included for 1st year, then optional renewal
Included for 1st year, then optional renewal
All models include: SmartDashboard for InterSpect, SmartView Monitor for InterSpect, and SmartView Reporter for InterSpect
©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point Software Technologies Ltd.
20©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
About Check Point
The most relied upon and trusted Internet security vendor– Security is all we do – and we do it better than anyone!– Used by 97 of the Fortune 100– Established market leader in both firewall and VPN
• 65% market share in enterprise VPN/firewall (IDC)• 36% market share in appliances running Check Point
(Infonetics)
Customer-driven philosophy– Industry-leading technology partnerships– Strong and diversified channel partnerships– Open business model
21©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Stateful Inspection/
FireWall-1
Stateful Inspection/
FireWall-1
1993
OPSECOPSEC
1997
VPN-1VPN-1
1998
Next GenerationNext Generation
2001
SmartDefenseSmartDefense
2002
Application IntelligenceApplication Intelligence
2003
Check Point: Always a step ahead of customer’s real-world challenges Check Point: Always a step ahead of customer’s real-world challenges
A History of Innovation
1994 1995 1996 1999 2000
22©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
A Dynamic Internet Threat Environment
• 97,812 Internet security incidents reported in 2002 (source: CERT)
• Average company suffered losses of $475,000 due to Blaster worm (source: TruSecure)
• More than half of the Top 20 Most Critical Internet Vulnerabilities are application-based (source: SANS/FBI)
23©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Today’s Top Security Concerns
Security: A Big Challenge!
New Constituents; Partner Web Access;
WLAN; Remote Employees
New, DynamicSecurity Threats
IT Budgets are Constrained
Security Breach:Network Downtime,
Lost Revenue, Damage to Corporate Reputation
Dedicated Security Resources are Limited
24©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Why is Security Such a Big Challenge?
In a connected world everyone is a target Attacks spread quickly Multitude of distributed systems to protect
and connect
Security Must Be: Reliable Extensible Centrally Manageable Multi-layer INTELLIGENT - to respond to attacks
before they happen!
25©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
The World’s Most Intelligent Security SolutionsPerimeter – Internal – Web
SMARTmanagement
Worry-freeprotection
Intelligent Security Solutions
Perimeter
In-depth inspection
Inte
rnal W
eb
26©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Inte
rnal W
eb
Perimeter
Unique Technologies are the Foundation of Intelligent Security
Core Technologies
Intelligent Security Solutions
In-depth inspection
Worry-freeprotection
SMARTmanagement
27©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point INSPECT –Industry Leading Security Technology
Integrated Network & Application Protection
Type-Based Approach (not reliant on signatures)
Most Comprehensive & Adaptable– Programmable– Supports more than
150 applications– Fast!
Physical (Layer 1)
Data Link (Layer 2)
Network (Layer 3)
Transport (Layer 4)
Session (Layer 5)
Presentation (Layer 6)
Application (Layer 7)
StatefulInspection
ApplicationIntelligence
In-depthINSPECTion
Introduced in 2003!
28©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Security Management Life Cycle
Security Management
Life Cycle
Define Policy• Easy-to-use Graphical interface• Graphical policy visualization
Monitor & Report• Real-time monitoring• Instant status of all security elements• Automatic reports
Analyze & Change• Detailed logging
Enforce Security• Stateful Inspection• Application Intelligence
SMART Management
Lowest Total Cost of OwnershipLowest Total Cost of Ownership - Automated administrative tasks - Automated administrative tasks save time and money save time and money
- Centralized information database - Centralized information database minimizes capital expenditures minimizes capital expenditures
29©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
OPSEC - Best of Breed Applications
Authentication
Authorization
Application Service Support
Content Security
Intrusion Detection& Prevention
Wireless
• Enterprise Management
• Reporting & Monitoring
• Security Assessment
• High Availability & Load Balancing
• Acceleration
OPSEC ApplicationsSecurity
Enforcement Management Performance& Availability
Industry-standard framework for integrating best-of-breed security technologies Certified to ensure seamless interoperability
Certified forSeamlessInteroperability!
30©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
Strong, Broad Partnerships
Value Added Solution Providers
Certified Support Partners
Authorized Training Centers
Global Solution Providers
Managed Service Providers
Check Point Service & Support
Over 1,900 channel partners
in 86 countries
Over 1,900 channel partners
in 86 countries
31©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
• Compartmentalizing the network
• Contain threats• Desktop protection• Server protection• Data center security
Check Point Intelligent Security Solutions
Web SecurityWeb SecurityPerimeterPerimeter SecuritySecurity
• Attack protection• Secure office
connectivity• Remote employee
access• Controllable Internet
access
• Easy access• Unified front end• Integrated
Authentication• Content Verification
Internal SecurityInternal Security
Coming Soon!
32©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
SmallSmallBusinessBusiness
Cellular/Cellular/MobileMobile
InfrastructureInfrastructure
Data Data CenterCenter
Complete Market Coverage
ServiceServiceProviderProviderHigh-EndHigh-EndEnterpriseEnterpriseMediumMedium
BusinessBusiness
Market Segments
Check Point ExpressCheck Point ExpressCheck Point ExpressCheck Point Express
VPN-1 Pro VPN-1 Pro VPN-1 Pro VPN-1 Pro
VPN-1 GXVPN-1 GXVPN-1 GXVPN-1 GX
VPN-1 VSXVPN-1 VSXVPN-1 VSXVPN-1 VSX
Safe@OfficeSafe@OfficeSafe@OfficeSafe@Office
VPN-1 ProVPN-1 ProSecureClient SecureClient
VPN-1 ProVPN-1 ProSecureClient SecureClient
VPN-1 Edge VPN-1 Edge VPN-1 Edge VPN-1 Edge
SMPSMPSecurity Management PortalSecurity Management Portal
SMPSMPSecurity Management PortalSecurity Management Portal
InterSpectInterSpectInterSpectInterSpect
33©2004 Check Point Software Technologies Ltd. Proprietary & Confidential
A Future of Innovation
Dedicated to staying one step ahead of customers real-world security challengesDedicated to staying one step ahead of customers real-world security challenges
deploymentsdeploymentsBroader
content analysiscontent analysisDeeper
Smarter security managementsecurity management
Broader
Deeper
Smarter
Application
Intelligence
Application
Intelligence
Stateful Inspection/
FireWall-1
Stateful Inspection/
FireWall-1
1993
OPSECOPSEC
1997
VPN-1VPN-1
1998
Next GenerationNext Generation
2001
SmartDefenseSmartDefense
2002 20031994 1995 1996 1999 2000