Check Point Introduces New Firewall Appliances

Check Point Software Technologies introduced two new blade-form-factor firewall appliances Tuesday, along with an upgrade to its software to manage increasingly complex security environments. Check Point says the new 61000 and 21400 model firewall blades deliver not only firewall protection, but also deliver intrusion prevention, data loss protection and application control.

Check Point said the 61000 model, with a list price starting at $195,000, is scalable up to 1 Tbps of throughput, and is intended for enterprise data centers, telecommunications carriers and cloud service providers. The 21400, starting at $115,000, scales up to 100 Gbps. The performance measures are Check Point’s own numbers and not independently verified.

The software that runs on the blades, version R75.20, adds new features not in its predecessor, version R75.0, says Oded Gonda, VP of network security products at Check Point.

For one thing, it includes a new metric, created by Check Point, that measures the performance needed for the security IT infrastructure given the tasks it is assigned, says Gonda. Firewall performance is usually measured by throughput--how many gigabits of data pass through it per second. But for other tasks, such as data loss prevention (DLP), application control or intrusion prevention, throughput isn’t the appropriate measure.

Check Point has created the Security Power Unit (SPU), a tool that an IT administrator can use to enter the security tasks he or she wants provided. The administrator is then presented with an SPU of what the performance requirements would need to be. Each security solution would have its own SPU rating, and the administrator could throttle up the system to provide that performance, plus a little headroom for good measure.

"In a way, it allows you to play with different scenarios on what you need today and what you might need in the future, and then plan how much you want to invest in your hardware relative to the headroom you might want to have," Gonda explains.Version R75.20 also adds URL filtering for both websites and web-delivered business applications. An IT administrator can allow some websites to be accessed while others are blocked, Gonda says. Websites with inappropriate content would be blocked, but web-based communication tools like Skype could be allowed if it was used, say, by salespeople. The tool compares a URL someone is requesting to a database of 100 million websites and 200,000 web apps, but because as many as 200 new websites are created each day, the URL filtering tool goes up to the cloud to get updates on new sites that may be malicious. The filtering helps prevent security threats in which seemingly innocent sites actually download malicious code onto a computer.

The software upgrade also adds a User Check feature that allows a worker to request an exception to a site block. Company policy may be to block access to YouTube, for example, but an employee can request an exception by clicking on a check box , which opens a dialogue box that opens a dialog box in which the employee can enter the reason he or she wants an exception (for example, if the YouTube video were used for training). The request and the related link are saved and are "auditable," Gonda says, to keep employees honest.

Version R75.20 also improves upon a Secure Sockets Layer (SSL) encryption scanner in R75.0 that sees into encrypted packets with tools for intrusion prevention, anti-virus, DLP and other security concerns. Version R75.20 also adds a plug-in for Microsoft Exchange. "That allows us to actually approve the messages, the correspondence that goes within the Exchange server and apply a policy on that," says Gonda.

Also, the DLP tool prevents data loss on connections between people and departments within the firewall, as well as beyond it. This feature of R75.20 prevents sensitive data, such as personnel records, from being seen by people outside of human resources, he says.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Malware War (subscription required).