According to industry sources familiar with the plans, Check Point will expand upon its Application Intelligence Technology strategy, which first emerged last August when the company unveiled its firewall Feature Pack 3.

The company said this week that it will announce that it will deliver software for protecting against both application and network threats via a single security gateway. The official launch is expected Monday.

AIT in its first incarnation allowed Firewall-1 to examine the structure of XML and SOAP traffic for validity and integrity, essentially checking incoming XML against approved schemas to ensure it is both wanted and healthy.

Check Point is expected to extend the types of checks it can perform against application-level traffic with the new announcements, such that it can better protect against hybrid worm attacks such as Code Red, Nimda and the recent SQL Slammer.

The industry overall has recognized for some time that threats are becoming more complex, and that the security problems occur due to application vulnerabilities that firewalls are not always able to catch in time, if at all.

As a result, the firewall market is converging with the intrusion detection system (IDS) market, which is in turn evolving into inline intrusion detection and prevention (IDP or IPS). Most of the major security players seemed to have acknowledged this.

Internet Security Systems Inc is approaching convergence from the other direction. It recently announced that its RealSecure IDS system will become part of an IDP appliance, Proventia, that will also include a firewall, by the end of the year.

NetScreen Technologies Inc is in the process of integrating technology it acquired with the purchase of OneSecure into its firewall line. The company already sells NetScreen IDP, a standalone IDP appliance.

Where Check Point differs, and where there could be pitfalls down the road, depending on its strategy, is that it sells a software package, relying on OEMs, mainly Nokia Corp, to build appliances.

Rival vendors ComputerWire spoke to this week said that adding deep packet inspection, application-level filtering, to the software could create performance drags. Check Point does, however, also sell technology for accelerating performance.

Nokia is also an OEM of ISS’s RealSecure. When ISS announced Proventia, ISS said adding firewall technology to its IDS offerings would not present a conflict for Nokia, due to their different channel strategies.

Rival firewall vendors already have application-level firewall capabilities arguably comparable to what Check Point is expected to introduce. Secure Computing Corp says it has been selling an application-level firewall for 10 years.

Source: Computerwire