Check Point Software Unveils Open Security Platform Strategy

Check Point's Open Platform For Secure Enterprise Connectivity (OPSEC) Provides Integrated Network Security Through Open APIs and Support for Industry-Standard Interfaces

Redwood City, CA —

Check Point Software Technologies Ltd., the market leader in network security software, today announced OPSEC, Check Point's Open Platform for Secure Enterprise Connectivity. OPSEC is a revolutionary concept in enterprise-wide security -- a single platform that integrates and manages all aspects of network security through an open, extensible management framework, using a combination of published application programming interfaces (APIs), support for industry-standard protocols and a high-level scripting language.

As a result of this new architecture, customers can easily and seamlessly integrate a full spectrum of security applications from Check Point and other vendors to manage functions such as access control, address translation, authentication, auditing, accounting, encryption and content security. This approach allows customers to choose the system components that best meet their requirements and to rapidly exploit the latest developments in security technology. With OPSEC, all facets of network security are defined and driven by a single, central enterprise-wide security policy, ensuring that corporate security is safer, simpler to maintain and more comprehensive than ever before.

"Recent polls have shown that CIOs and IS chiefs recognize the need for integrated network security, but don't have the time or resources to conduct the rigorous interoperability testing required for the various components of an integrated security policy," said Dr. Deborah Triant, president and CEO of Check Point Software Technologies, Inc. "OPSEC provides companies with an open network security platform that answers customers' security demands today and provides the scaleability and extensibility to make it a good investment for the future."

Open, Client/Server Framework
The cornerstone of OPSEC is its open framework, which enables powerful, selective deployment of current technologies from Check Point and third-party vendors, providing the ability to leverage new developments in security applications as they become available. Designed to offer unparalleled flexibility, OPSEC allows security managers to integrate third-party security technologies through openly-published APIs and the support of public standards. In addition, customers can use the INSPECT programming language to create a customized solution tailored for each organization's security challenges.

Based on a distributed client/server architecture, OPSEC makes it easy for network administrators to define the integrated network security policy from a central management console and enforce that policy enterprise-wide. Once the rule-based security policy is defined through Check Point's graphical interface on the management console, an INSPECT script is generated from the rule base for each firewall module being managed. The INSPECT scripts are then compiled and sent to the various firewall modules throughout the network which may reside on workstations, servers, routers, or a combination of these platforms. Each of these firewall modules contains an INSPECT Virtual Machine (VM), which implements the security policy and invokes the appropriate actions through either internal VM components or external plug-in security applications. The INSPECT language can also be used to customize the security system through supplemental INSPECT scripts that modify the behavior of the INSPECT VMs.

Plug-In Through Open APIs and Open Industry Standards
The OPSEC open framework provides customers with a broad range of internal and external plug-in security services. OPSEC provides built-in applications for access control, authentication, content security and network address translation. Customers also have a choice of add-on functionality for encryption, to create Virtual Private Networks using the Internet, and connection control, to extend their network security functionality to include load balancing and fault tolerance.

In addition to these internal plug-in applications, OPSEC defines open APIs for third-party security applications to be plugged into the INSPECT Engine. Check Point will publish the following APIs (Application Programming Interfaces) for third-party application integration:

Content Vectoring Protocol (CVP) – enables the integration of virus scanning software and other content inspection programs;

Suspicious Activity Monitoring Protocol (SAMP) – enables the integration of suspicious activity monitoring programs and allows them to modify access privileges upon detection of any suspicious network activity, such as several attempts to gain unauthorized access; and

URL Filtering Protocol (UFP) – enables the integration of URL list services to limit access to specific Web pages from behind the firewall.

Support for open standards, where defined, is another facet of providing easy integration of ancillary applications in Check Point's open security platform. Check Point will support the following open industry standard protocols in OPSEC:

RADIUS – allows interoperability with emerging third-party RADIUS authentication servers;

SNMP – already supported by Check Point, enables interoperability with popular network management software, such as H-P OpenView, SunNet Manager, and IBM NetView 6000;

LDAP (Lightweight Directory Application Protocol) – enables OPSEC to extract user information from other LDAP-based directories;

ODBC – enables customers and third-parties to download Check Point log information to any ODBC-compliant database, including Oracle, Sybase, Informix and Microsoft for accounting purposes and security auditing/intrusion detection;

FORTEZZA – a government standard for hardware-based token authentication;

IPSec ISAKMP – the mandatory key management scheme defined for the IETF IPsec standard which allows interoperability between various network encryption products for Virtual Private Networking; and

SKIP – (Simple Key-Management for Internet Protocols), the optional key management scheme defined for the IETF IPsec standard.

Customize and Extend Through INSPECT
The INSPECT language is used by Check Point to extend the functionality of the network security system as well as to add support for new and emerging applications through the firewall, such as Netscape CoolTalk, Microsoft NetShow and NetMeeting, and Xing StreamWorks.

Security managers and third-party software developers can also use Check Point's INSPECT programming language to customize and extend OPSEC functionality. By writing a simple, high-level INSPECT script, customers can customize the OPSEC platform to include secure support for a new, custom, or in-house application, or specify customized threshold alerts for suspicious network activity. Customers and third-parties can also use INSPECT to extend OPSEC functionality beyond the traditional security realm, such as creating an accounting and reporting application that plugs into Check Point's FireWall-1 network security solution.

Actively Manage Network Traffic
In a departure from traditional passive network management methods, which require an event to occur before invoking action, OPSEC enables network managers to ‘actively' manage their enterprise network traffic by pre-defining the desired network behavior in the central security policy. Rather than incurring a lag-time between the occurrence of a flagged network management event, such as a failed backup drive or an unauthorized data entry attempt, the OPSEC framework provides immediate response to these types of network events based on a dynamic view of the state of network resources and network traffic patterns. This enables companies to establish a proactive course of action to optimize network traffic management, saving time and resources, and improving the quality of service in the network.

About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (NASDAQ:CHKPF) is the network security market share leader and inventor of the "Stateful Inspection" architecture. The company commanded a 40% share of the worldwide firewall market in 1995 according to an IDC study issued in February 1996. The company's flagship product, Check Point FireWall-1, protects internal and external network communications for thousands of organizations of all sizes. Its products are sold worldwide through OEM partners, distributors, VARs, systems and network integrators and Internet Service Providers. The company has U.S. headquarters in Redwood City, California and international headquarters in Ramat-Gan, Israel. For product information, please call (650) 482-4900, e-mail info@checkpoint.com or visit Check Point at http://www.checkpoint.com.

###