Check Point Rounds Out Strategy and Enters SSL VPN Space.
Check Point Software Technologies Inc yesterday balanced out its 2004 product strategy by fleshing out the details of the third of three legs it first discussed in November. The company will roll out its "web security" products over the next three months.
The company is finally entering the SSL VPN space on a mission, two years after first dipping its toe in the water. Check Point will release an SSL VPN appliance with a built-in HTTP firewall that will also be made available separately.
The appliances, branded Connectra, will start to ship in June, the firm said. This month, a software component called Web Intelligence will ship. Web Intelligence will be built into Connectra boxes, and can also be added to Firewall-1/VPN-1.
Previously, Check Point's VPN-1 did have an SSL option, but it was regarded as pretty basic compared to some of the other offerings on the market. The firm may be late to the SSL VPN party, but reckons its take on the category is unique.
Marketing manager Mark Kraynak said: "There's a lot of vendors out there, and been out there some time, that have focused on making the connectivity work. We're able to offer a solution that doesn't open up holes in the network."
Connectra looks like the web version of a network-layer firewall/VPN - the devices will comprise web attack prevention and SSL VPN, taking on the likes of Sanctum with the former function and the likes of Juniper and Nortel with the latter.
On the connectivity side, the feature flourish that brings Check Point more up to speed with rivals such as Juniper (via its indirect acquisition of Neoteris), Symantec and Aventail, is called SSL Network Extender and will ship in July.
This component is an ActiveX applet that can be downloaded on the fly when users sign on to the VPN. The applet can route all IP traffic over the SSL tunnel, allowing full network access to resources that don't have web front ends.
Check Point will also make Integrity Clientless Security, an ActiveX client security policy enforcement tool, available for an extra fee. This software is a newish offering from Zone Labs, which Check Point bought recently.
Kraynak said that the decision was made to offer an appliance for the same reason its InterSpect internal network security boxes, launched January, are appliances - the firm can bring them to market faster than going via its usual OEM channel.
However, the fact that Check Point has taken so long to bring a full-feature SSL VPN to market has been cited as one of the reasons Nokia Corp, Check Point's biggest Firewall-1 OEM, built its own SSL VPN rather than partnering with Check Point.
The key differentiator with Check Point's offering appears to be the inclusion of the Web Intelligence module, which can prevent types of attacks such as SQL injection, cross-site scripting and buffer overruns.
Kraynak said that Web Intelligence is designed to protect web applications, whereas the attack prevention functions offered with its Application Intelligence brand or SmartDefense features protect the web server the apps run on.
Customers of Check Point firewalls will get the same application protection features they used to, but will have to shell out extra for the new features, such as Malicious Code Protector, a sandbox which scans all incoming Intel-executable code for malware.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||secure sockets layer virtual private network|
|Date:||May 4, 2004|
|Previous Article:||Windows XP Tops 210 Million Sales, Says Microsoft.|
|Next Article:||NetScaler Aims to Fend Off Competitors with Features.|