IT security administrators have long focused on securing the network perimeter. While focus on the perimeter is important, organizations have realized the need to secure their internal networks in order to stem the sharp increase of worms and other attacks specifically introduced inside the network via mobile and wireless devices. However, while many of the same principles used to construct and operate perimeter security solutions also apply to internal networks, internal security can be more complex, require higher performance, and have unique requirements. As a result, existing perimeter security solutions such as patches, antivirus software, switch- and router-based solutions, and legacy firewalls are inadequate for securing internal systems.
This white paper details the security requirements for internal networks and discusses why existing perimeter security solutions are unable to fulfill these requirements. The paper also describes how the Check Point InterSpect™ Internal Security Gateway uses proven and new technologies, methodologies, and approaches to address the security challenges unique to internal networks. Check Point InterSpect provides the following capabilities:
- Intelligent intrusion prevention that offers proactive protection against today’s evolving threats, including worms and Day Zero attacks
- Network zone segmentation, which isolates internal network attacks to organizational security zones—each with its own security policy
- Quarantining of suspicious computers to prevent unsecured computers from accessing the network
- Endpoint security integration to enforce security policy compliance for endpoints accessing the network
- LAN protocol protection that provides the deepest and most comprehensive support for Citrix, Microsoft, and other LAN protocols
- Integrated Web application security, which protects Web servers from common exploits like SQL injection, command injection, and buffer overflows
- Integrated SMART management that scales and is easy to use, ensuring security policy is always up-to-date