Check Point Competitive Differentiation - Integrated Endpoint Security

This thumbnail value story highlights a key capability Check Point believes significantly differentiates its SSL VPN gateway from other vendors' products.

Available with Connectra, Check Point's industry-leading endpoint security offers greater protection and lower ownership costs than competing SSL VPN gateways from vendors that must rely on additional third- party, endpoint security products to fill gaps in their feature sets.

SSL VPNs and Spyware Changed the Rules

Until recently enterprise and consumer networking coexisted on the Internet largely in separate worlds. Consumers used their own devices mostly at home for personal activities while enterprises armed their road warriors with corporate-owned PCs used to access data and applications on company networks. While personal security software like firewalls and anti-virus was valued in both spaces, enterprises often sought additional protection through strong user authentication and IPSec VPNs.

With the rise of SSL VPNs, the boundaries between these two worlds have rapidly blurred. Increasingly employees and business partners can connect to business networks from more than one company-owned PC, from their own home PCs, business center PCs and even Internet kiosks. These devices allow security vulnerabilities created by consumer Internet activities to potentially spill over to business networks.

Years ago this situation would not have greatly alarmed most IT administrators. But that was before the explosion of spyware. Today, spyware impacts almost every organization. Why? The numbers speak for themselves. According to the Gartner Group, the rise of spyware now occupies 25% of enterprise helpdesk calls. Dell Computers, now one of the dominant providers of consumer PCs, estimates that 20% of their helpdesk calls are spent on the problem. In fact a recent joint study by America Online and the National Cyber Security Alliance (NCSA) found that 80% of PCs surveyed were infected with spyware. The new reality is that consumer Internet activity is responsible for importing spyware onto most devices and this spyware can easily attack business activity conducted on the same device.

The Check Point Solution

With the integration of a clientless version of Check Point Integrity™, the industry's most trusted endpoint security solution, Connectra protects network resources from remote PCs-regardless if they are used and/or owned by employees, contract workers, partners, customers or other network guests. Integrity enforces network security policy for SSL VPN connections, ensures session confidentiality and keeps the organization secure.

Spyware Scans. To ensure that malicious processes, keystroke loggers and Trojan horses are not installed on the endpoint device, Connectra scans for these and other spyware through the remote user's browser. By disabling spyware before it grants SSL VPN access, Connectra stops identity and password theft and prevents data loss. In addition, Check Point SmartDefense™ Services deliver real-time updates for endpoint security checks.

 

Connectra integrated endpoint security checks for malicious processes on a remote endpoint and enforces baseline security before allowing network access. It also offers users a secure browser option that encrypts all session data sent to the endpoint and erases the data when the user logs off.

Secure Browser.To enable secure access even in unmanaged environments like an airport Internet kiosk PC, Connectra provides an integrated, on-demand secure browser that encrypts session files such as emails, attachments, cookies, and passwords on the remote endpoint. This prevents sensitive corporate information from being viewed or stolen even after a session ends and the user leaves the PC. (see also "A Trail of Breadcrumbs>").

Endpoint Security Policy Enforcement.Connectra can enforce an access policy that requires antivirus software and/or a firewall to be installed, up-to-date, and operating before users are granted access to the company network. They are offered links to self-remediation resources, and once back in compliance, are allowed to log in. With integrated endpoint and application security providing deep inspection of PC connections and associated network traffic, a uniquely granular view of access behavior can be used in Connectra to make overall security policy. For example, in addition to the standard group authorization requirements, a user could required to authenticate via a SecurID token, pass a spyware scan, have an up-to-date firewall, and use the Integrity Secure Browser before being allowed to access a sensitive financial resource

Resource-Based Access Control. Administrators can configure Connectra to restrict access to individual resources based on the trust level of the endpoint and user. For example, one set of resources may be defined with a "high" sensitivity level and access allowed only if a remote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running. Similarly, another set of resources can be accessed only when someone is using the integrated secure browser. This resource-based approach helps deliver a coherent risk management strategy for resources shared over the Internet, further helping protect information governed by regulatory security requirements.

For additional information: Check Point Connectra Information and Evaluation Resources:  Links to online information on Connectra and how to order an evaluation copy of Connectra. A Trail of Breadcrumbs:  A Check Point article published on CNET.com that describes some of the confidentiality issues created by SSL VPNs. Third-party security and ROI report:  An independent third-party test report that compares the security and ROI of Check Point Connectra to other leading SSL VPN solutions.

© 2004-2007 Breakaway Security Group - Terms of Service - Privacy Policy - Contact Us - Advertising Information