Security gets smart

Recognizing that security is edging up on the list of network priorities, Check Point Software Technologies Ltd. has opted for a more active approach in discerning and deciphering malicious network attacks with a new addition to its security software offerings.

Before an audience of customers, partners and resellers at last month’s Check Point Experience conference in Anaheim, Calif., the Ramat-Gan, Israel-based company announced Check Point SmartDefense software that works with the firm’s existing product line to detect and block known and unknown network threats.

According to Gil Shwed, Check Point’s chairman and CEO, SmartDefense augments the capabilities of the firewall by not only blocking attacks, but also by identifying them and providing real-time attack information and online security updates.

“SmartDefense works by looking at certain types of reasonable traffic and untypical traffic and identifies it by type of traffic,” Shwed told Network World Canada. “If you see a very large packet that nobody is using over the Internet, it may be an error but it also may be an attack. We can just block it because there is no reason to pass it on. There are a lot of attacks like malformed packets, packets that have the wrong format sequences…and most of them are used as ways to attack and exploit vulnerabilities in a system. We look at the entire type and say this is the type of thing I’ll allow and this is the type that won’t be allowed. This is how we block unknown attacks.”

According to Raphael Reich, Check Point marketing manager in Redwood City, Calif., SmartDefense has a user interface that includes a control console that lists all network attacks. Administrators are then able to select an attack in the display window and configure a response based on the real-time information and online updates.

One Check Point user said that, at first glance, having additional security capabilities at the firewall is a definite necessity. Max Kostromine, senior network administrator with Canaccord Capital Corp., a Vancouver-based independent brokerage firm, said the company’s main security concerns deal with viruses and intrusions as well as hacker attacks. He said that the firm is in the process of developing its layered approach to security incorporating solutions including firewalls, intrusion detection systems, anti-virus and authentication products.

“It is (about) money,” Kostromine said. “We are like a bank…we have to be protected. The first level is just the firewall protection. Basically the firewall protection only provides you with a ticketing system where you apply a set of rules to allow or deny traffic. That is not enough.”

He said that although Canaccord is looking to improve its security system, he could not say whether SmartDefense would likely be a part of it.

“It is extremely new, but we are looking for something like that,” Kostromine said. “We are looking at these kinds of systems now, and Check Point has a very good reputation in the industry. But it is very hard to tell [when] you hear all those marketing terms like Active Defense, SmartDefense, et cetera.”

However, David Kieper of the University of Wisconsin Green Bay said that with over 6,000 students and more than 3,000 workstations, between five per cent and eight per cent of e-mail traffic alone is infected with some form of virus. The university relies on its firewall to detect denial of service (DoS) attacks and virus vulnerabilities at the desktop level, but he added that the university doesn’t have time to search for information on every single attack.

“[SmartDefense] would save me time,” said Kieper, associate director of information services for the university. “I don’t just buy firewalls. I fix networks (and) fix PCs. [SmartDefense] is raising the bar in security. Having an active product that is essentially doing the research for me is what I need. It is a no-brainer in our case. We are very interested.”

Taking security seriously is what the majority of organizations are now in the process of doing according to Deloitte & Touche. Adel Melek, Toronto-based partner and national leader for e-business technology and security said that over the next 18 months, network security will continue to be a main focus of IT departments, primarily concentrating on defences against innovative viruses, and unauthorized traffic. He said that up until recently, many businesses were unaware of how much money they were losing due to network attacks and these same companies are no longer pussyfooting around with implementing security solutions and processes.

“[Users] need to be connected to appropriate and innovative sources, and given relevant and timely updates,” Melek offered. “We also need to have flexible and adaptable technologies. This is one of the advantages that Check Point offers [with SmartDefense]. It is a software solution that is easy to update. Something that is hardware-based, you would have to change major components.”

SmartDefense will be available in Q3 this year and will incorporated into all Check Point security products including its Firewall-1 and VPN-1 products at no additional cost. Real-time information and online update services will cost US$1,000 per gateway per year or US$10,000 per year for 100 gateways. For more information, visit the company on the Web at