Check Point Stops Attacks at App Level

Protection extended to firewalls and VPNs.

Check Point Software Technologies Ltd. is making a major move into the application security and intrusion prevention markets with a new set of capabilities for its widely deployed FireWall-1 and VPN-1 boxes.

The features contained in the new Next Generation with Application Intelligence software build on the core functionality of the platform and add the ability to detect and prevent application-level attacks and other malicious behavior that network-level firewalls often miss.

Check Point officials said the move to be announced this week is the companys biggest product enhancement in nearly two years and comes in response to similar efforts from competitors such as Cisco Systems Inc. and Network Associates Inc. Industry watchers say the new capabilities should give Check Point, which has a large installed base, a leg up in integrated network defenses.

The new offering is based on a four-part defense strategy designed to validate compliance with standards and with expected use of protocols, block malicious data, and control hazardous application operations. All are aimed at protecting networks against application attacks—the attack of choice for many crackers.

To accomplish this, the system not only looks at what applications and processes are allowed to do but also what they are expected to do. Most systems block binary data in HTTP headers because it violates the protocol. The Check Point system also blocks unusually long headers, which are the main attack vector for exploiting buffer overruns.

The Application Intelligence functionality of the product is an extension of the SmartDefense feature set, which Check Point has been introducing gradually for the past year. The capabilities are integrated into the SmartDashboard console, which provides detailed views of protection options. The system can also block cross-site scripting attacks and inspect Common Internet File System traffic to identify processes searching for open network shares—a common behavior of worms as they try to replicate across networks.

The offerings come amid a flurry of new intrusion prevention technology. Cisco, which bought Okena Inc. several months ago, plans to integrate that companys intrusion prevention capabilities into its security products. NAI has similar plans for Entercept Security Technologies Inc. and IntruVert Networks Inc., the two companies it purchased earlier this year.