Check Point Software recently launched a new suite of services that leverages its ThreatCloud security intelligence infrastructure to protect enterprise networks and provide expert advice on demand. Customers can choose a managed security service for day-to-day security operations and an incident response service that provides support in the event of an attack.
Check Point's ThreatCloud Managed Security Service monitors and analyzes data from Check Point's Intrusion Prevention System (IPS) gateway, which is deployed on the customer's premises. The gateway also includes anti-bot and antivirus capabilities. Events generated by the IPS are sent up to the ThreatCloud for analysis, and customers are notified of malicious activity.
Check Point offers three service levels: Standard, Premium and Elite. The Standard and Premium levels require customers to manage the IPS gateways themselves; Check Point will manage gateways for Elite customers. Event analysis is automated in the Standard package; a Check Point analyst will review all alerts for Premium and Elite customers.
ThreatCloud Incident Response, meanwhile, provides real-time assistance from Check Point's security experts to help customers either deal with an attack in progress or to respond to a successful attack.
Check Point's ThreatCloud is updated in part by its customers, who share threat data: When new bots or malware threats are identified by an organization, identifiers such as the IP address or URL are sent to the ThreatCloud and an update is distributed to peers and customers around the world. Palo Alto's WildFire service operates in a similar manner.
Eric Ahlm, research director at Gartner, says there is a great deal of potential for "reputation services" such as ThreatCloud to better detect threats and improve the overall efficacy of security products. Reputation services are already being deployed in conjunction with email and Web gateways. "What I'm starting to see is that concept move its way to firewalls and IPS," he says.
Managed security services are a familiar part of the security landscape, and customers have a variety of choices, including service providers such as Verizon and traditional IT vendors such as IBM and Dell. By adding a services play to its portfolio, Check Point hopes to add value to its own product line while also opening a potential new revenue stream.
As noted by the InformationWeek report Security at Today's Network Speeds, threat prevention and monitoring systems are challenged to keep up with faster networks. "Monitoring and security vendors can't build higher-speed products until the technology is both mature enough to incorporate in their hardware and customer adoption gains critical mass to generate sales," writes author Kurt Marko. "Monitoring and security products have a tougher assignment than switches and adapter cards; there's just more packet processing involved. It's much more difficult to capture, analyze and/or filter packets than it is to merely transfer and switch them."
Ahlm says Check Point's new Security Service positions the company to better use its trained analysts to do more than just monitor devices, but also have the capability to detect new threats and better protect customer environments. He says recent Gartner research found that among 380 security service buyers in North America and Europe, the most important criteria when looking at outsourced managed security services was an improved security posture.
Pricing for the Check Point ThreatCloud Security Services varies depending on the size and scope of the deployment, the company said, and is available through its partners.