The Check Point Web Security Software Blade provides a set of advanced capabilities that detect and prevent attacks launched against the Web infrastructure. The Web Security Software Blade delivers comprehensive protection when using the Web for business and communication.


Comprehensive web security for maximum protection
  • Provides preemptive attack protection with patent-pending Malicious Code Protector
  • Delivers the strongest protection against buffer-overflow attacks
  • Enables granular security configurations for different Web applications and servers
Maximizes operational efficiency, enables quick deployment
  • Deploys in minutes to protect mission-critical applications
  • Ensures protection is up-to-date with real-time safeguard and defense updates
  • Improves end-user experience by inserting helpdesk webpages
Integrated into Check Point Software Blade Architecture
  • Simple activation of Web security on any Check Point security gateway
  • Centralized logging and reporting via a single console


Check Point’s patent-pending Malicious Code Protector offers a revolutionary way of identifying buffer overflow, heap overflows and other malicious executable code attacks that target Web servers and other applications without the need of signatures. Malicious Code Protector can detect malicious executable code within Web communications by identifying not only its existence within a data stream but its potential for malicious behavior. Malicious Code Protector performs four important actions:

  • Monitors Web communication for potential executable code
  • Confirms the presence of executable code
  • Identifies whether the executable code is malicious
  • Blocks malicious executable code from reaching a target host

Malicious Code Protector identifies both known and unknown attacks, providing preemptive attack protection. Moreover, Malicious Code Protector operates at the kernel level enabling preemptive protection that does not compromise performance.

Advanced Streaming Inspection is a Check Point kernel-based technology that processes the overall context of communication. This technology can make real-time security decisions based on session and application information and protects Web communication even when it spans multiple TCP segments. Process-intensive application inspections are offloaded to the kernel, dramatically improving throughput and connection rates.

Advanced Streaming Inspection uses Active Streaming technology, which has the capability to modify the content of a Web connection on the fly. This important capability offers several unique advantages to Check Point customers. Active Streaming uses HTTP header-spoofing capability, providing a first level of defense by hiding important site-specific properties about the Web environment. These properties often include the names and versions of operating systems, identity Web servers and backend servers. This information is typically useless to end-users, but extremely valuable to attackers who are trying to gather information about their target. The Web Security Software Blade can intercept a Web response that contains a server’s identity and gives the administrator the option to either completely hide such disclosure or optionally change the stream to confuse attackers.

Administrators can improve the end-user experience with Active Streaming by predefining custom error pages. To most users, generic error status codes are meaningless. Active Streaming redirects the end-user to a custom-defined error page with meaningful helpdesk hints. This feature dramatically improves the end-user experience and reduces helpdesk costs.

Web security management within Check Point security gateways is fully integrated into the management GUI. The user interface is pre-configured with protections to counter known common attacks—each with attack and defense descriptions. Because each Web application server is different from others in its security requirements, the Web Security Software Blade offers the capability to configure granular Internet security profiles for different Web applications and Web servers. First-time configuration of the Software Blade takes just minutes. Monitor-only mode allows smooth security deployment without the risk of rejecting connections to mission-critical applications due to the incorrect configuration of a security policy.

The Web Security Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

The Web Security Software Blade is tightly integrated with other Check Point Software Blades and does not require installation on additional devices. Security and audit logs are integrated into Check Point reporting, auditing and log architecture, providing administrators a powerful tool to centrally analyze security violations.


Malicious Code ProtectionsMalicious Code Protector (MCP), general HTTP worm catcher
Application Layer ProtectionsCross site scripting, LDAP injection, SQL injection, command injection, directory traversal
Information Disclosure ProtectionsHeader spoofing enforcement, directory listing prevention, error concealment
HTTP Protocol InspectionsHTTP format size enforcement, ASCII-only request enforcement, ASCII-only response header enforcement, header rejection definitions, HTTP method definitions
Enforcement OptionsActive, monitor-only, disabled
Configuration GranularityIndividual servers protected by Web intelligence attack protections enabled for each server; for each attack protection, apply to individual servers or inspect all HTTP traffic; customizable profiles associated with specific Check Point gateways
Updates Real-time safeguard and defense updates through Check Point update service