As we reported last week, the company has upgraded its Application Intelligence technology, first discussed last August, to combat application-level attacks in the same software as its established network-level protection.
Check Point president Jerry Ungerman told a press conference that Check Point will be unique in the industry in offering a network-level and application-level firewall in a single box. He said this uniqueness will drive sales.
This raises the competitive bar, Ungerman said. We think we will sell a lot more product because of this, to new customers and existing ones… they will need more gateways than they have today, deeper and deeper into the network.
The Check Point Next Generation with Application Intelligence software will tackle four general areas of application protection, according to documentation: standards compliance validation and protocol anomaly detection are two.
The software will also detect and block traffic that conforms to the signatures of known attacks, such as worms or other exploits, the firm said. It will also perform content filtering for potentially malicious strings.
It was not immediately clear yesterday how much of NGAI is new technology and how much is marketing. Check Point marketing manager Mark Kraynak said that some of the features have been available since SmartDefense was introduced last year.
Kraynak added that certain capabilities, such as the ability to control peer-to-peer traffic, to handle Microsoft Networking Services, and to prevent cross-site scripting attacks, will be new to NGAI when it is released on June 3.
The term application-level in Check Point’s case refers to protocols used at layers 5 through 7 of the OSI stack, rather than with the actual application logic itself, as tackled with software from companies such as Sanctum Inc and Teros Inc.
It also differs from the application proxy firewalls offered by some of Check Point’s long-term rivals, the company said. Ungerman, in an interview with ComputerWire, referred to these as dying technologies.
In Check Point’s view of the world there is access control and attack prevention, and there is the network level and the application level. NGAI does all four, Ungerman said. Application based firewalls do some of all four, he said.
Rival companies questioned Check Point’ software’s ability to maintain performance levels with all the new features. The reasoning goes, the higher you go up the OSI stack, and the deeper you look into packets, the more processing is eaten up.
Truly securing against known and unknown web attacks must include deep inspection of all application traffic, parsing of every request, dynamic real-time profiling of every outbound web server response, etc, said a spokesperson for NetContinuum Inc.
Doing that in software at anything close to wire speed would be virtually impossible, she added. NetContinuum, which makes application firewall appliances based on a proprietary ASIC, now finds itself competing with Check Point for some customers.
A Check Point customer ComputerWire spoke to, who has been running the NGAI beta in production for a few weeks, said that with the default settings, with about half the app-level features turned on, NGAI was faster than the previous release.
Source: Computerwire