Check Point unveils Web services security upgrade

Redwood City, Calif.-based Check Point Software Technologies Ltd. on Tuesday said it will enable customers to secure XML and Simple Object Access Protocol (SOAP), Web services’ commonly-used protocols.

The firm’s latest software upgrade will allow enterprises to securely share information between business applications without compromising the integrity of their networks, according April Fontana, product marketing manager for Check Point in Redwood City.

Check Point customers who already use the company’s Internet security software FireWall-1/VPN-1 will receive the feature pack 3 to secure their Web services traffic beginning in September, Fontana said.

Neil Gehani, senior product manager with Check Point also based in Redwood City, said financial and technology enterprises will be the first to employ the new Web services security software, while government and the health care industry will follow.

Matthew Kovar, Boston-based director of security solutions and services for the Yankee Group said the release of this software upgrade by Check Point is in anticipation of XML and SOAP becoming the dominant communication methods used between applications and among corporations. This product will try to stop possible malicious acts from occurring, including hackers trying to gain access to or manipulate information, Kovar said. He added that it could also address non-malicious acts like a buffer overflow.

“An established and dominant player in the security industry has come to the market well ahead of most other networking and security vendors in terms of creating a platform and a vision and extending off what they already do,” he said.

Check Point’s decision to include this as an upgrade to its existing security software rather than rolling out a whole new product will make it easy for current customers to integrate it into their systems, Kovar said.

“The beauty of it is it (the software) does integrate directly into the Check Point management system. So if you are a security or administrator you intuitively know how to set this thing up immediately,” Kovar said. “So you don’t have to re-learn a whole new way of thinking about security and from that standpoint it’s extremely powerful.”

The upgrade was driven by Check Point customers who asked that underlying protocols are verified, XML is well formed and secure and application servers are protected. The SOAP traffic is inspected before it enters the network, Fontana said. This action will prevent an inundation of malformed traffic on the Web server that would be equivalent to denial of service attacks, she added.

Currently any XML or SOAP traffic will run over the firewall, Gehani said. Both SOAP and XML are very structured, unlike HTML, making it easier to check for security, he added.

“What we’re doing is not only looking at the IP layer, and the TCP layer, we’re now looking at the HTTP layer and inside the HTTP layer for SOAP and XML transactions in particular,” Gehani explained.

The software will also provide limitations to the information certain employees can access, as well as the types of operations they can perform, as requested by Check Point software customers, Fontana said.

But Kovar does have some worries about Check Point’s Web services security software. Since Web services is a new service in the networks it is really too early to say what vulnerabilities and threats it could present. Kovar is unsure if Check Point’s software can meet all the security concerns.

“Does their solution provide the parameter protection down to the granularity of the actual data itself and the activities within that? Their story says, ‘Yes it does.’ It looks at a lot of things like the formatting, whether it acceptable calls are being made…but all those things could be true yet we still could have something going wrong within the application,” Kovar explained.

For more information on Check Point’s Web services security software visit