Check Point Software Delivers Breakthrough Security Advancements with FireWall-1 3.0

Industry's First to Offer Content Security, Connection Control, Advanced Authentication and Encryption Integrated Into An Open Enterprise Security Platform

Redwood City, CA —

Furthering its position as the technology leader and premier developer of network security software solutions, Check Point Software Technologies Ltd. today announced breakthrough advancements in secure enterprise connectivity with Check Point FireWall-1 3.0. The new product, based on the company's patent-pending "Stateful Inspection" architecture, is the first firewall in the industry to offer integrated content security, connection control and multiple encryption schemes delivered in an open security platform.

FireWall-1 3.0 also provides an array of sophisticated new security and management features to enable network managers to define and manage a fully integrated and comprehensive security policy from a central security console, including advanced network management, expanded authentication and encryption capabilities, improved user interface options and additional application support.

"The rapid adoption of the Internet and its integration into complex enterprise information systems are requiring a much broader base of security services, integrated into a comprehensive enterprise security system with powerful content security and centralized management capabilities," said Dr. Deborah Triant, president and CEO of Check Point Software Technologies, Inc. "Check Point is pleased to be at the forefront of this revolution by introducing FireWall-1 3.0, the most advanced and complete solution for secure enterprise connectivity available on the market today."

"Encryption and authentication are already above and beyond what is expected of the traditional firewall," said Ted Julian, industry analyst at International Data Corporation. "Content security and connection control, together with advanced enterprise management tools, are critical advancements that move FireWall-1 into a whole new category as the industry's most advanced platform to enable the construction of secure enterprise networks."

Content Security
The unique content security features in FireWall-1 3.0 enable intelligent inspection of communications content and protect users from various hazards, including computer viruses, malicious Java applets and undesirable Web content. Check Point FireWall-1 3.0's content security features are comprised of the Content Vectoring Protocol (CVP), an open protocol for integrating external and third-party content inspection programs, plus integrated content inspection capabilities for anti-virus protection, URL screening and Java security.

Content Vectoring Protocol and Anti-Virus Protection
The new Content Vectoring Protocol (CVP), integrated into FireWall-1 3.0, provides an open specification to enable the integration of external and third-party content screening software in a "plug-in" manner. The CVP was developed in conjunction with and is supported by leading content security vendors, including Cheyenne Software, Integralis, McAfee Associates, Symantec and Trend Micro Incorporated, to simplify deployment of anti-virus products in tandem with Check Point FireWall-1 (see related release). The CVP also provides a "plug-in" interface for Check Point's FTP, HTTP and SMTP security servers.

Check Point FireWall-1 3.0 also provides integrated anti-virus capabilities via Cheyenne Software's InocuLAN anti-virus software, which is bundled with FireWall-1 3.0, to offer users an integrated solution to screening transmission contents for harmful computer viruses.

URL Screening
FireWall-1's URL screening capabilities preserve valuable company bandwidth and add another level of network control by allowing network managers to restrict access to specific Web pages. This enables network managers to define flexible corporate security policies that ensure employees only download and access appropriate Web page information. In addition, the URL screening can be leveraged to record the types of URLs accessed for internal analysis needs, increasing the management capabilities of the FireWall-1 security platform. Check Point's URL screening is initially compatible with two leading URL list vendors, Netegrity/Microsystems and NetPartners (see related release).

Java Security
FireWall-1's Java security capabilities provide the highest degree of flexibility available today from any firewall vendor by enabling network managers to block Java applets entirely or allow Java applet traffic through the firewall, protecting against the most common and known Java network attacks. Check Point's industry-leading Java security capabilities were developed based on technical input from Sun JavaSoft and Netscape Communications (see related release).

Connection Control
FireWall-1 extends its leading policy enforcement capabilities with the ConnectControl product module, offering additional sophisticated features including application-independent load balancing and high availability/fault tolerance. FireWall-1's load balancing capabilities allow the network manager to transparently increase server capacity for a given application, such as Web access or FTP, by representing a series of replicated servers supporting that application as a single logical IP hostname. FireWall-1 ConnectControl then dynamically balances the load for optimum performance, distributing client requests across the servers and in a manner transparent to the clients. Additionally, servers may be located in a single, geographic location for all applications or, for Web traffic, servers can be distributed in multiple geographic locations to improve service to users in globally dispersed locations.

An industry first, FireWall-1 3.0's high-availability is designed to offer uninterrupted network connectivity by allowing multiple FireWall-1installations on the network to share state tables. As a result, if one network connection fails, a backup firewall can take its place to maintain secure corporate Internet connectivity. In addition, this state table synchronization also provides a solution for firewalling enterprises that have asymmetric routing in their networks. FireWall-1's high availability ensures continuous Internet and Intranet access to and within the corporation.

Enterprise Management
The data collection and analysis capabilities of FireWall-1 3.0 have been expanded to include network usage reporting and accounting capabilities. These features have been provided by extending the range of information captured at the inspection modules, such as the amount of data downloaded or session length, and enabling this data to be exported, allowing more detailed data manipulation and reporting for such uses as internal chargeback or billing.

FireWall-1 3.0 also offers improved user interface capabilities by providing a Motif-based interface across UNIX environments. FireWall-1's enhanced address translation increases network flexibility and security by enabling network administrators to simultaneously translate source and destination IP addresses, to hide the source address and translate the destination address, for example. Graphical user interface support for address translation configuration and management is also integrated in the new version. Additionally, a new view within the user interface dynamically displays all live sessions, enabling network managers to monitor all open connections in real-time.

Encryption & Authentication
Today's enterprise client/server networks pose new and unique challenges to maintaining adequate security due to the wide range of remote interactions that can take place between clients and servers over a geographically distributed network. FireWall-1 3.0 widens its security capabilities with new encryption and authentication capabilities to offer additional technology choices for implementing secure wide area networks.

FireWall-1 currently offers support of leading encryption technologies including Diffie-Hellman for key management, RSA for digital signature schemes, as well as DES, the recognized standard encryption technology and Check Point's proprietary, exportable encryption algorithm, FWZ1. With version 3.0, FireWall-1 is also the industry's first firewall to support three encryption schemes-FWZ, Check Point's proprietary encryption scheme, SKIP (Simple Key-Management for Internet Protocols), an emerging encryption standard, and manual IPSec.

Check Point has expanded the range of authentication methods available to today's network manager by including compatibility with the RADIUS protocol standard to allow interoperability with emerging third-party RADIUS authentication servers. Check Point has also added support for AssureNet's (formerly Digital Pathways) authentication servers.

In addition, FireWall-1 now offers transparent client and user authentication, allowing users to be transparently challenged for user and password information without requiring them to be aware of firewall locations in the network. This simplifies network access while allowing the full power of authentication to enable network access based on user information.

Enhanced Application Support
FireWall-1 3.0 adds support for numerous Internet multimedia applications including Netscape's CoolTalk, Xing Technology's StreamWorks, and Microsoft NetMeeting.

Check Point FireWall-1, which today supports hundreds of applications, services and protocols, is designed to allow administrators to easily customize the firewall to incorporate new and custom applications. Many Internet audio and video technologies are based on connectionless protocols such as UDP and dynamically allocated channels. This makes it difficult or impossible for most firewalls to support these technologies securely. FireWall-1's Stateful Inspection implementation secures UDP-based applications by maintaining a virtual connection on top of UDP communications. FireWall-1's programmable INSPECT engine, at the core of the FireWall-1 technology, enables extensible Stateful Inspection and allows Check Point to provide support for new and custom applications quickly and easily.

Pricing and Availability
Check Point FireWall-1 3.0 and the separately available ConnectControl product module will be available before the end of the fourth quarter of 1996. Pricing will be announced at that time. Version upgrades to Check Point FireWall-1 3.0 will be available free of charge to any customers purchasing Check Point FireWall-1 2.1 on or after October 7, 1996 for a 90 day period.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (NASDAQ: CHKPF) is the leader in global network security software and inventor of a new generation firewall technology called Stateful Inspection, which is quickly emerging as the industry standard. The company commanded a 40% share of the worldwide firewall market in 1995 according to an IDC study issued in February, 1996. Its products are sold worldwide through OEM partners, distributors, VARs, systems and network integrators and Internet Service Providers. The company has U.S. headquarters in Redwood City, California and international headquarters in Ramat-Gan, Israel. For product information, please call (650) 482-4900, e-mail info@checkpoint.com or visit Check Point at http://www.checkpoint.com.

###