Software is king – Check Point

Gunning for SSL VPN vendors

Check Point, the firewall vendor, is planning a marketing assault on the clientless remote access market.

SSL VPN appliance start-ups such as Aventail, Netilla Networks and Neoteris dominate this sector, but Check Point yesterday voiced its ambition to leapforg to the head of the pack.

SSL VPNs are emerging as a simpler alternative to IPSec-based VPNs for remote access, and therefore a possible threat to Check Point's revenues from its VPN-1 product.

In recognition, Check Point moved into the budget SSL-based extranet/VPN market last July, with a clientless version of its SecureVPN gateway. Now it plans to redouble its sales efforts.

"We want to become the leader in clientless remote access," said Marius Nacht, Check Point's co-founder and CTO.

Nacht made his comments at a press conference in London yesterday where he championed Check Point's software-based approach against hardware-centric rivals such as Cisco and NetScreen.

ASIC architectures compromise flexibility, Nacht argued, repeating Check Point's view that improvements in standard server architectures will allow software firewalls to keep up to speed.

Last month, Check Point announced plans to build greater "application intelligence" into its flagship VPN-1/FireWall-1 Next Generation products.

Nacht singled out this ability to "dive deeper" into traffic flows and to provide better analysis tools as key planks in the company's development efforts. As an example of improved analysis tolls, Nacht refer to SmartView reporter, a firewall component which allows administrators to determine which firewall rules are most used or not used at all over a particular period.

Mobile threats

The telecoms bust has constrained Check Point's growth in the service provider marketplace, which nonetheless remains a key focus in the Israeli vendor's development efforts.

David Aminzade, Check Point's wireless and broadband manager, said the company is re-engineering its core technology to fit the needs of carriers running GPRS and 3G networks.

Check Point already provide products for border gateway security but wants to develop its technology to allow telcos more control, for example, barring pre-paid users for a particular country e.g. Chechnya (Aminzade's example).

Conventional IP firewalls don't understand such rules (in Aminzade's words "you can't communicate with a Russian in Swahili") so Check Point has had to get to grips with GPRS tunnelling protocol.

Work on Check Point's tunnel inspection technology is continuing with integration with telco fraud checking and billing systems due be completed early next year. Aminzade said Check Point has built flexibility into its architecture because of the uncertainty of the future security risks that may arise in mobile networks.

Like us, he does not foresee the likelihood of smartphone viruses anytime soon. Denial of service and various forms of billing attack would appear to present the more immediate risks. These are problems Check Point has designed its technology to protect against. ®

Related Stories

Check Point bolsters apps security defences
Check Point claims victory in Firewall/VPN tests
Aventail touts SSL-VPN appliance
When firewalls and intrusion detection just aren't enough
Firewall/VPN vendors saw growth in 2002
Check Point upgrades SmartCenter
Check Point brings out budget VPN
NetScreen puts heat on software firewall vendors
Mobile security needs to change with GPRS
McAfee highlights mobile network threat risk

Sponsored: Fast IT with Cisco UCS Integrated Infrastructure