CHECK POINT SOFTWARE BRINGS NEW LEVELS OF SECURITY AND CONFIDENCE TO VIRTUAL PRIVATE NETWORKS

Redwood City, CALIF., – September 2, 1997 – Check Point Software Technologies Ltd. (Nasdaq: CHKPF), a leader in enterprise security software, today announced Check Point^TM FireWall-1 SecuRemote^TM 3.0, an enhancement to its client encryption software that enables secure, private communications by mobile and remote users via dial-up connections through the Internet. The advanced security features in SecuRemote 3.0 include strong authentication and tunneling, giving corporate users new levels of assurance that their virtual private networks (VPNs) will be impervious to intruders.

SecuRemote client encryption software works in conjunction with the Check Point FireWall-1 server encryption software on the Internet gateway. Extending the VPN to the laptop, SecuRemote enables remote users with Windows 95-based systems to transfer electronic mail and sensitive corporate data via their own company's intranet or a cross-enterprise extranet.

With SecuRemote, dial-up connections are as safe and secure as communicating within the corporate Internet firewall. The strong authentication in SecuRemote 3.0 supersedes password-based log-in procedures with two-factor, token-based strong authentication via integration with tools from Security Dynamics and AXENT Technologies, as well as with RADIUS-compliant strong authentication through integration with tools from Secure Computing and VASCO Data Security. All four companies are members of Check Point's Open Platform for Secure Enterprise Connectivity (OPSEC) Alliance.

IS managers receive additional security and convenience benefits from SecuRemote's tunneling features. Destination IP addresses are hidden, concealing internal network information from external parties. SecuRemote also allows sites using unregistered, network-address-translated IP addresses to be accessible to SecuRemote clients.

According to a 1997 study by the Gartner Group, by 2002 an estimated 90 percent of enterprises will use VPN services to provide switched services to remote workers and branch offices. Separately, the Gartner Group also forecasts that by the end of 1999, more than 40 percent of all large organizations will deploy extranets for electronic commerce transactions. In tandem with this growth, corporations continue to be concerned about

network security; a 1997 study conducted by Information Week magazine and Ernst & Young found that more than 80 percent of the 100 IS managers polled cited security as a critical issue in their move to a networked computing environment.

"As corporate use of virtual private networks skyrockets, so do concerns about security," said Asheem Chandna, vice president of business development at Check Point Software Technologies, Inc. "This year, we've already seen significant growth over last year in the sales of our FireWall-1 Encryption Module, which works hand-in-hand with SecuRemote. The new strong authentication and tunneling features of SecuRemote protect the privacy, confidentiality and integrity of data, which is exactly what our customers are asking for."

Strong Authentication and Tunneling Enhance VPN Security

FireWall-1 SecuRemote 3.0 supports strong authentication schemes, including two-factor/token-based, and those based on the Remote Authentication Dial-In User Service (RADIUS) standard. Two-factor authentication guards against unauthorized access to the network by providing dynamic user authentication via a randomly generated one-time code that automatically changes every 60 seconds. At log-in, users simply enter their personal identification number (PIN), followed by the code displayed on their authorization token. Authorized users are able to gain easy access to the VPN. This two-factor authentication provides "crackproof" protection against unauthorized access and substantially greater security than traditional password systems.

RADIUS compliance ensures that challenge/response strong authentication schemes can work across disparate vendors' solutions, increasingly important in cross-enterprise extranet environments.

Tunneling provides an extra measure of security for virtual private networks because it ensures the safety of data and IP destination addresses in transit over the Internet. The tunneling feature further protects corporate information assets by masking the IP address of the client destination; should a packet be intercepted en route, only the gateway IP address would be revealed, sparing the corporate LAN from potential attack.

"AXENT is pleased that Check Point has chosen OmniGuard/Defender to provide strong authentication for FireWall-1 SecuRemote 3.0," said Pete Privateer, Senior Vice President of Operations, AXENT Technologies, Inc. "Defender's software-based solution enables corporations to positively identify remote users using industry standard challenge/response mechanisms."

"By using SecurID authentication in conjunction with SecuRemote, users can be assured that they have the most secure means to protect their enterprise networks from outside attack," said Dave Power, senior vice president, marketing and corporate development, Security Dynamics. "Check Point's market-leading SecuRemote solution already provides cost-effective, high performance VPN connectivity that protects data as

it travels over the Internet. By adding SecurID authentication, SecuRemote ensures that only authorized users are gaining access to that information. SecuRemote provides a truly comprehensive, secure VPN solution."

"Cross-enterprise interoperability is extremely important in today's extranet environment," added Richard Vaden, Vice President of Business Development, VASCO Data Security, Inc. "Through RADIUS compliance, Check Point's SecuRemote will enable critical applications and data to be accessed not only by telecommuting and traveling employees, but by business partners as well."

"Identification and authentication of users is a critical piece for an organization's VPN and we are pleased to see that Check Point has embraced this capability that will enhance the effectiveness of enterprise network systems," said Christine Hughes, vice president of marketing for Secure Computing.

Pricing and Availability

FireWall-1 SecuRemote 3.0 is available now at no charge to customers of FireWall-1 and FireWall-1 Encryption Module software. The Encryption Module is required to operate FireWall-1 SecuRemote 3.0; its pricing starts at $2,995.

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. is the global network security software market share leader and inventor of the patented Stateful Inspection technology. The company's suite of network security products enables Secure Enterprise Connectivity for leading organizations worldwide. Check Point products, including its flagship product, Check Point FireWall-1, are sold worldwide through OEM partners, distributors, VARs, systems and network integrators and Internet Service Providers. The company has U.S. headquarters in Redwood City, California and international headquarters in Ramat-Gan, Israel. For product information, please call (800) 429-4391 or +972-3-6131-833, e-mail info@checkpoint.com or visit http://www.checkpoint.com, or call (800) 429-4391 or +972-3-6131-833.

###

1997 Check Point Software Technologies Ltd. Check Point, the Check Point logo, FireWall-1 SecuRemote, FireWall-First!, OPSEC and INSPECT are trademarks, and Check Point FireWall-1 and FireWall-1 are registered trademarks of Check Point Software Technologies Ltd. All other product names mentioned herein are trademarks of their respective owners.