| The
Need for Network Security
Although
the increase in of connectivity and information exchange
provides tremendous benefits, it also exposes an organization's
sensitive information and applications to unauthorized
access, both through connections to the public Internet
and from within the enterprise. In addition, the transmission
of data over the Internet also exposes sensitive data
to unauthorized interception. These risks create a critical
need for enterprises to protect their information and
information systems from unauthorized access and use.
Earlier
methods for securing information resources are no longer
adequate to meet the security requirements of today's
global networks. In the centralized mainframe environments
that dominated the information systems landscape in
previous years, organizations were able to secure a
limited number of access points through physical barriers
and controlled access to data through log-on procedures
and password protection. However, in today's distributed
network environments with multiple points of access
and multiple network resources, it is impractical to
individually secure every application and resource on
the network. Therefore, an additional layer of security
at the network level is needed to act as a "virtual"
barrier to control access to the network and to regulate
and protect the flow of data between network segments.
Traditional
Approaches to Network Security
The
increasing demands placed on enterprise security systems
by the expansion of Internet services and global enterprise
networking are quickly outpacing the capabilities of
many traditional Internet firewall architectures. These
demands include the need to define and transparently
enforce an integrated, enterprise-wide security policy
that can be managed centrally and implemented on a distributed
basis. An effective network security solution also must
be open and extendible to enable it to address the rapidly
changing requirements of the Internet and intranets,
including the addition of new security applications,
such as authentication, encryption, URL filtering, anti-virus
protection, and Java and ActiveX security services and
functions.
The Check Point Solution
Using
Check Point's Secure Virtual Network (SVN) architecture,
an organization can connect and secure all elements
of the enterprise network: networks, applications, systems
and users. Check Point's Stateful Inspection technology,
the foundation of all Check Point solutions, enables
system administrators to define and transparently enforce
an integrated, centrally managed, enterprise-wide network
traffic policy that provides for secure and reliable
communications. In addition, the Company's Open Platform
for Security (OPSEC) framework provides a single platform
that enables integration with multiple third-party security
applications, computer hardware, internetworking hardware,
appliances and enterprise applications from within Check
Point's open, extensible management framework. The following
are the key factors that differentiate Check Point's
solution from earlier network security approaches:
Stateful
Inspection technology. Check
Point's VPN-1 and FireWall-1 product offerings are based
upon Stateful Inspection technology that enables the
screening of all communications attempting to pass through
a gateway in a secure but efficient way. By being able
to extract and maintain extensive "state information"
from all relevant communications layers, the system
can verify the data for full compliance with the security
and traffic policy and make intelligent security and
traffic prioritization decisions. By extracting and
analyzing data in place without copying, VPN-1 and FireWall-1
cause virtually no performance degradation, enabling
it to scale effectively as network bandwidth increases.
In addition, Check Point's proprietary implementation
of Stateful Inspection in a "virtual machine" design
provides in-place upgradability and is designed to enable
the Company's products to be easily ported to a wide
range of platforms. In addition, because Check Point's
products reside at network access points, which is the
critical convergence point for network security and
traffic management, the Company has the advantage of
being able to apply this same architectural foundation
to manage traffic flow and network performance, inspecting
traffic only once for both critical network decisions.
State information is extracted data maintained to provide
context for future screening decisions.
Open
Platform for Security. Check
Point's Open Platform for Security, or OPSEC, allows
users to integrate, manage, and deploy all aspects of
network security through an open, extensible management
framework. Today, more than 300 vendors have joined
the OPSEC Alliance. OPSEC partners develop specialized
solutions that span the range of enterprise network
security technologies - from high-performance internetworking,
server and appliance platforms with embedded Check Point
SVN software, to authentication, public key infrastructure,
content security, intrusion detection, and other solutions.
Additionally, through the OPSEC Check Point Certified
Managed Service Provider (CCMSP) program, customers
have the option to select a complete managed service
offering from among a group of the world's leading MSPs
participating in this program. The OPSEC framework is
designed to allow end-users to choose system components
that best meet their requirements, whether from the
Company or various third-party vendors, and to rapidly
exploit new developments in security technology. |
