With thousands of systems, hundreds
of protocols and applications, and a much higher volume
of traffic, the internal network is far more challenging
to secure than the network perimeter. The unique requirements
of internal security cannot be met by simply applying
the traditional security technologies used at the perimeter.
Internal security demands a dedicated solution.
The application environment
at the perimeter of the network is far simpler than
inside the network. At the perimeter, the set
of applications and protocols is limited and well-defined,
and thus creating security rules and policies is a straightforward
process. In most organizations perimeter security is
centrally coordinated, facilitating the creation of
a cohesive security process.
Inside the network,
there are many more applications and protocols, and
these are often homegrown. Frequently, security
in internal applications is weak or non-existent because
developers assumed that security would be handled at
the perimeter. Security and system administrators often
are not aware of all the applications running inside
the network. If they do know what applications are running,
they may not know how the applications communicate with
each other. The varied application and protocol environment
inside the network makes defining security rules and
policies very difficult.
In most organizations,
users are keenly sensitive to downtime in internal applications,
so non-disruption of applications is the primary internal
network priority. At the perimeter, the priority is
security. Because of these differences, perimeter and
internal security solutions require opposite default
policies. Perimeter security solutions must be configured
to block everything unless specifically allowed. Internal
security solutions need to allow everything unless specifically
denied.
These differences
make deploying traditional perimeter security products
inside the network very difficult, and usually
counter-productive. Vendors who attempt to reposition
their perimeter security products as internal security
offerings, without addressing the unique requirements
of internal security, are doing a disservice to their
customers because these products often disrupt legitimate
internal traffic.
Check Point's Internal Security
Strategy
Check Point, the leader in perimeter
security, recommends a two-pronged approach that addresses
the unique requirements of internal security. In January
of 2004 Check Point released the industry's first internal
security gateway, InterSpect™, which provides network
zone segmentation to contain threats that happen to
bypass perimeter or endpoint security controls. InterSpect
was integrated with the leading endpoint security solution,
Check Point Endpoint Security™, to ensure that only secure endpoints
are allowed to access the network.
The
first security gateway for inside the network
InterSpect specifically addresses internal network security
based on detailed input from our partners and customers.
Check Point InterSpect is an internal security gateway
that blocks the spread of worms and malicious traffic
inside the network. InterSpect also allows organizations
to compartmentalize their internal networks into security
zones, which is critical for not only containing threats,
but also an easy and effective way of preventing unauthorized
access to zones.
Check Point takes security implementations a stage further by defending against unknown attacks. The most complete solution is a system that is able to offer pre-emptive attack protection. Check Point's defense system understands the nature of permitted communications, rather than trying to identify potential attack patterns. If a communication does not adhere to the correct expected behavior for a legitimate communication, it is assumed that it is an attack trying to break the protocol or use an exploit. With this intelligent approach to IT security, Check Point has created a system that reacts to attacks and vulnerabilities that have not yet been identified. Check Point is able to offer protection to the newest type of attack immediately without the need for a signature update.
Defense
against worms
One of the unique features of InterSpect is its
Intelligent Worm Defender. InterSpect Intelligent Worm
Defender blocks the spread of worms and attacks through
the use of
Check Point INSPECT, the industry's most intelligent and adaptive inspection technology. The patented Check Point INSPECT engine uses Stateful Inspection and Application Intelligence to enforce the security policy on the InterSpect gateway. It examines all application layers, and brings cumulative data from the network configuration, security rules, and communication and application states to evaluate connection attempts. By incorporating an understanding of how LAN and Windows-based applications are used on the network, InterSpect ensures that network traffic conforms to protocol standards and expected usage.
Connectivity
and security
InterSpect also ensures secure use of Microsoft
applications without forcing a trade-off between connectivity
and security. For example, the Blaster Worm exploited
the MS-RPC protocol. InterSpect can block malicious
RPC connections while allowing non-dangerous RPC connections
to proceed. Because the InterSpect gateway watches traffic
as it flows through the network, it can also catch fast-moving
worms that other technologies are unable to detect or
contain.
Security zones
Gartner Group identifies "zone segmentation"
as one of the network security technologies you need
to know. Internal networks can contain thousands of
individual systems. InterSpect can be deployed at various
points in the infrastructure to segment the network
into multiple security zones, and to control access
and communications between these zones. InterSpect allows
all necessary traffic to flow throughout the network,
yet prevents unauthorized use between segments. It allows
configuration of physical or virtual zone segments,
and allows organizations to enforce zone-based security
policy, thus enabling true organizational or departmental
security zones. One illustration of this concept is
separating critical financial systems to a secure zone.
For security and regulatory purposes IT may want to
ensure Finance does not have access to the Audit network
segment. InterSpect can easily and intuitively enforce
this policy.
Quarantine
of infected systems
Another important feature of InterSpect is its ability
to quarantine infected systems to contain attacks. The
quarantine capabilities can be configured to automatically
isolate compromised computers, preventing the spread
of infection to other systems. Network administrators
can also use the quarantine capability to isolate servers
and mitigate risks before and during remediation efforts.
The
first practical solution for endpoint security
Every computer that connects to the network must be
in a secure state, as defined by IT security policy.
This policy could require that every endpoint be running
a host-based firewall and antivirus protection with
up-to-date signatures before it is granted a connection
to the LAN. It might also require that a critical Windows
patch and an updated VPN client be installed prior to
network access. Check Point Endpoint Security provides such a solution and
allows local control of the policy on the individual
clients.
Total
Access Protection
Check Point Endpoint Security secures networked PCs with the most trusted
protection available today. By ensuring policy compliance
on all PCs that access the network-whether employee
or guest, and regardless of access point-Check Point Endpoint Security provides
Total Access Protection for the enterprise.
Cooperative
Enforcement™
This technology enables Check Point Endpoint Security to integrate with
hundreds of network gateway products-from VPNs to switches
to wireless access points-including tight integration
with the InterSpect internal security gateway. This
ensures that non-compliant PCs are quarantined and brought
back into compliance before they are allowed access
to network resources. Check Point Endpoint Security ensures policy compliance
in any IP-based network environment, regardless of the
vendors and products used in the network infrastructure.
Total
Client Lock Down
This feature prevents any user or attacker from disabling
endpoint security or enforcement of network access policy.
The ability to deliver comprehensive, assured endpoint
security and policy compliance enterprise-wide enables
Check Point Endpoint Security to defeat the threats that evade other security
and network access products.
Read more on Check Point's InterSpect.