Check Point Web Security Software Blade

Check Point's patent-pending Malicious Code Protector offers a revolutionary way of identifying buffer overflow, heap overflows and other malicious executable code attacks that target Web servers and other applications without the need of signatures. Malicious Code Protector can detect malicious executable code within Web communications by identifying not only its existence within a data stream but its potential for malicious behavior. Malicious Code Protector performs four important actions:

• Monitors Web communication for potential executable code
• Confirms the presence of executable code
• Identifies whether the executable code is malicious
• Blocks malicious executable code from reaching a targeft host

Malicious Code Protector identifies both known and unknown attacks, providing preemptive attack protection. Moreover, Malicious Code Protector operates at the kernel level enabling preemptive protection that does not compromise performance.

Advanced Streaming Inspection is a Check Point kernel-based technology that processes the overall context of communication. This technology can make real-time security decisions based on session and application information and protects Web communication even when it spans multiple TCP segments. Process-intensive application inspections are offloaded to the kernel, dramatically improving throughput and connection rates.

Advanced Streaming Inspection uses Active Streaming technology, which has the capability to modify the content of a Web connection on the fly. This important capability offers several unique advantages to Check Point customers. Active Streaming uses HTTP header-spoofing capability, providing a first level of defense by hiding important site-specific properties about the Web environment. These properties often include the names and versions of operating systems, identity Web servers and backend servers. This information is typically useless to end-users, but extremely valuable to attackers who are trying to gather information about their target. The Web Security Software Blade can intercept a Web response that contains a server's identity and gives the administrator the option to either completely hide such disclosure or optionally change the stream to confuse attackers.

Administrators can improve the end-user experience with Active Streaming by predefining custom error pages. To most users, generic error status codes are meaningless. Active Streaming redirects the end-user to a custom-defined error page with meaningful helpdesk hints. This feature dramatically improves the end-user experience and reduces helpdesk costs.

Web security management within Check Point security gateways is fully integrated into the management GUI. The user interface is preconfigured with protections to counter known common attacks—each with attack and defense descriptions. Because each Web application server is different from others in its security requirements, the Web Security Software Blade offers the capability to configure granular Internet security profiles for different Web applications and Web servers. First-time configuration of the Software Blade takes just minutes. Monitor-only mode allows smooth security deployment without the risk of rejecting connections to mission-critical applications due to the incorrect configuration of a security policy.

The Web Security Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

The Web Security Software Blade is tightly integrated with other Check Point Software Blades and does not require installation on additional devices. Security and audit logs are integrated into Check Point reporting, auditing and log architecture, providing administrators a powerful tool to centrally analyze security violations.