Category: check point

I’ve been at Check Point Experience, Check Point’s annual conference for customers and partners.

Podcast: Play in new window | Download (Duration: 3:59 — 3.8MB)

How to Subscribe to PhoneBoy Speaks: iTunes | RSS feed | SoundCloud

Find PhoneBoy on: Twitter (@phoneboy) | App.Net (@phoneboy) | Facebook (phoneboy) | Google+

If you’re doing information security in a company, you’ve got to have a strong foundation to work from. And what Check Point “marketed” as 3D Security is, quite honestly, a good start no matter whose products you use.

Podcast: Play in new window | Download (Duration: 5:15 — 4.8MB)

How to Subscribe to PhoneBoy Speaks: iTunes | RSS feed | SoundCloud

Find PhoneBoy on: Twitter (@phoneboy) | App.Net (@phoneboy) | Facebook (phoneboy) | Google+

A lot of people are talking about the freefall of Nokia’s stock, lately. A few have even made the comparison that Nokia’s stock is now lower than X, which we never thought would happen. Here’s my own personal version of that:

Why am I making this particular comparison? Three years ago, Nokia sold a part of themselves–the part I spent a decade of my life working for–to Check Point. At the time, the profits our business unit was making was “rounding error” to the larger Nokia, who was still doing reasonably well in 2009 despite the ascension of the iPhone. That said, our business wasn’t core to Nokia, so they tried to sell us to an investment firm in 2008, which ultimately backed out due to the general state of the economy at the time.

Check Point picked up the business unit, which immediately contributed to the bottom line. In the last three years, Check Point stock has more than doubled and revenue continues to increase quarter-over-quarter, year-over-year.

Nokia’s? The stock is down over 85% over the same 3 year period. Profits? None to be seen anytime soon.

I’m very glad I got off shoved off the platform before it started burning.

If you’re a (potential) Check Point customer, you’ve likely heard of our 3D Security Analysis Report. The idea is to take real traffic from your network off a span port, and run it through our Security Gateway to see what is going on in your network. While it is a sales tool, it’s certainly an important one as it will instantly demonstrate the value of Check Point’s solutions based on your own traffic.

Both for fun and to test an upcoming version of our Security Gateway software, I decided to run a 3D Security report against my own network. I took an existing Check Point appliance, loaded up with code, and plugged it into a Mirror Port on my switch. I let it it run for a day or so to collect traffic. In an active business network, you can let it run for as little as an hour or two and see results.

You can see what a full 3D Security report looks like by downloading a sample. I won’t share my report, but I will share bits and pieces of it so you can get a sense for the kinds of things it will show you. Specifically, I used IPS, App Control, and URL Filtering as part of my report, though it is possible to include DLP and (soon) Antibot.

There were a couple of surprises here. I thought I had removed Dropbox and Hamachi from all my computers. Apparently not. This will need to get corrected. LogMeIn is in use in my network, so I’m not worried about that. The eMule thing will have to be investigated since I’m pretty sure I’m not running that in my network (my kids aren’t either).

In case you’re not sure what these apps are, the report provides you with a nice description of all the apps:

Meanwhile, another thing the 3D report tells you is how much bandwidth the various apps are using:

I’ve used quite a bit of bandwidth over the last 24 hours or so! A third of it is SSL traffic, so I can’t see inside it all (though I could if I deployed my gateway inline and added my CA certificate to my family PCs). Note not all of this is Internet-bound traffic, but still 2 GB in 24 hours is quite a lot, especially when you consider Comcast’s 250GB cap!

The report provides a breakdown as well (note this is a partial list):

Finally, while there wasn’t much going on from an IPS point of view, the blade did detect a couple of anomalies, which are provided along with the relevant remediation:

While the customer response to these reports has been generally positive, they are also end up being quite an eye-opener as you see things you never knew were going on. Even I am surprised at what I’m seeing in my own home network! Imagine what you’ll find in your network.

Every once in a while, I will either run into someone who remembers the old FAQ site I used to run here about Check Point FireWall-1 or I will get a fan letter about it. Both have happened this week.

I’m going to tell you a little secret about that old site. I really didn’t know all that much about Check Point, especially when I started doing it. I just wrote down what I learned both from my own experience and others. More importantly: I shared it.

Obviously doing the site helped me to learn the product back in the day. It also helped countless others and I do appreciate all the feedback I get from folks about it. I really do.

Anyway,  a while back, I decided, for various reasons, to put up an old version of my FireWall-1 FAQ up on a hidden page to take a couple of screenshots. By posting a link here, decided to make it available again by posting a note about it here. It is for nostalgia purposes only, given that most of the information is older than many people’s IT careers (circa 2000). Also, links are likely to be broken, etc.

Hopefully you’ll enjoy the walk down memory lane…

By now I’m sure you’ve seen, heard, or read Check Point’s official announcements made at NASDAQ this morning. This is by no means a regurgitation of the official press releases, but it is my own personal take on what was announced. If you want to see the announcement for yourself, check out the recording!

(Just to be clear, I work for Check Point and these are my own thoughts.)

Check Point R75.20

This release (press release, download) brings a number of new features. One of the most anticipated ones is the ability to inspect outgoing SSL traffic. Not just for Application Control, where it is most needed given the proliferation of sites requiring SSL, but in all the various software blades we support. And its included as part of the relevant software blades license (i.e. it’s not a separate charge).

SSL inspection is done by essentially doing a “man in the middle” on the traffic. The gateway dynamically generates a certificate for the destination website, which is presented to the client when they connect. This allows the Security Gateway to see the traffic “in the clear” and make the relevant security decisions. The connection is encrypted as it leaves the gateway with SSL. Since SSL inspection is more intensive than inspecting HTTP traffic, and potentially creates potential regulatory issues by its use, you will have granular controls as to when this feature is invoked.

Another new feature in R75.20 is a completely revamped URL Filtering blade. While Check Point is still selling this as a separate product, it is actually integrated with Application Control. Applications and URL Filtering categories are given equal billing in the now combined Application Control and URL Filtering rulebase. You can do user-level URL filtering (with Identity Awareness) and can take advantage of our UserCheck technology to inform users of the policies. We can also handle HTTPS websites and custom categories. The categories themselves have also been substantially updated.

Unlike with previous versions of URL Filtering, where the entire URL filtering database was stored locally on the Security Gateway, the new engine makes use of the cloud. Commonly accessed URLs and their categories are stored in a local cache on the gateway. Over 99% of your web traffic should be met by the local cache on your gateway. When someone accesses a URL not in the local cache, the URL Filtering database in the cloud is consulted, with the result being stored in the local cache for future use.

The Data Loss Prevention (DLP) blade also gets a substantial update in R75.20. HTTP performance is substantially improved in this release and you also gain the ability to examine HTTPS traffic as well. A large number of additional “out of the box” datatypes are now included. We also integrate with an internal Microsoft Exchange server so DLP can be performed on internal email as well as email leaving the organization.

SecurityPower

A common complaint I’ve heard from Check Point customers over the years is that the performance numbers we quote for our appliances don’t reflect what performance you’ll get in the real world with real world traffic patterns. This is because performance numbers have been historically quoted for a single firewall rule (any any any accept) with the most optimal traffic pattern (1500 byte UDP packets). To be fair, this has been the standard industry practice for some time now. Every vendor of network equipment performs tests like this.

Unfortunately, this isn’t a good indicator of how an appliance will perform under real world conditions. With that in mind, Check Point has developed a new testing methodology for its appliances using a real rulebase (100 rules) with real-world traffic patterns (both based on industry standards and actual patterns seen at Check Point customer installations). This rulebase and traffic pattern exercises all of the various features and functionalities available in our Security Gateway. Based on those tests, Check Point has rated each appliance with a SecurityPower Unit rating (SPU).

One could call the SPU an arbitrary metric. What it gives you is a relatively simple way to compare appliances and the relative security load they can handle. More importantly, an SPU can be generated for a given set of requirements (required blades, throughput, number of connections, and so on). You can then compare that against the available appliances to ensure you choose the right security appliance for the right security task.

Check Point has developed a tool that does exactly this. It will be available shortly. Personally, I think this is a big deal.

New Appliances

Two new appliances are being launched today for the data center: the 21400 (press release, product page) and the 61000 (press release, product page). These appliances are aimed squarely at the data center, where tens or even hundreds of megabits gigabits per second of throughput are needed!

The 21400 is a powerful 2U platform that features massive port density (up to 37 1000-base-T ports, 36 1000-base-F SFP ports, or 12 10GBase-F SFP+ ports), 50 GB of firewall throughput, 21GB of IPS throughput, hot-swappable redundant power supplies and disk drives, and an optional Lights-out Management card. Everything you’d expect from a carrier-grade chassis. The appliance runs both R71 and R75 with SecurePlatform.

The 61000 series, on the other hand, is a monster appliance! It’s a 14U (DC) or 15U (AC) bladed chassis that, when fully loaded, will support 200GB of firewall throughput today and, with future hardware and software enhancements, will support over 1TB of throughput in the future! Aside from all of the various connectivity and redundancy options, the appliance acts as a single platform that, when new hardware blades are added, automatically configures itself to distribute the load between the blades! The platform currently runs a 64bit version of SecurePlatform based on R75.

Both appliances, which are referred to as Data Center Appliances, are available now on the Check Point pricelist.

From ZoneAlarm’s Newest Security Solution: SocialGuard:

SocialGuard, ZoneAlarm’s newest security solution, promises a groundbreaking new method of monitoring and preventing safety breaches on Facebook the most popular social networking site by a mile, with over 500 million users without “friending” your child and intruding on his/her social space. SocialGuard sends real-time alerts to parents via email–or the SocialGuard interface–whenever suspicious activity is detected on your child’s profile; parents can customize security settings and keywords to trigger such messages if the child is exposed to illicit or inappropriate content. SocialGuard monitors children’s Facebook accounts for threats including cyberbullying, age fraud ensures children are not befriended by adults outside of their network; friend requests, hacked accounts, and link safety flags dangerous/offensive links contained in messages.

The product, available now, can be purchased here.

Check Point, my employer, is behind this. I’ve used the betas of this product and they do precisely what they say without being a huge burden on you or your computer. The price: $1.99 a month or $19.99 a year, makes this a no-brainer if you have kids using Facebook!

See what Check Point’s Head of Consumer Business has to say about SocialGuard.