New features add application layer protection.

George V. Hulme, Contributor

March 4, 2003

3 Min Read

In recent years, following the deployment of firewalls to secure the network perimeter, hackers have redirected their focus on networks to the more insecure application layer. Applications are often shipped with security holes directly from the software vendor, and companies often leave apps misconfigured and ripe for attack. It's this state of affairs that makes application traffic over port 80 consistently one of the top attacked ports (for more, see www.dshield.org/topports.php).

Firewall vendor Check Point Software Technologies Ltd. said Monday that it's adding Application Intelligence to its Firewall-1 app. The company will add protection to applications that sit behind the firewall, including Web servers, domain name system servers, and E-mail servers.

Check Point says the new features will better stop attacks hidden in many protocols, including HTTP, File Transfer Protocol, and Simple Mail Transfer Protocol. Customers can vet actual traffic using those protocols to ensure that the traffic is adhering to protocol standards. For instance, Check Point's new features can block long file headers, which can be a sign that a hacker is trying to cause an application to suffer a buffer overflow. Application Intelligence can also block unwanted traffic over peer-to-peer file-swapping and instant-messaging networks.

Dubbed Check Point Next Generation with Application Intelligence, the security enhancements will be widely available June 3. Application Intelligence will be included as part of the company's SmartDefense application, which is included with Firewall-1. Check Point says it won't charge extra for the new functionality.

Check Point says the application-security enhancements, combined with existing access control and network firewall, give customers an option to simply security management.

While these enhancements are new to Check Point, it's not the first to offer security solutions for applications. Smaller app-security vendors such as Kavado, Sanctum, and Teros have been protecting Web-based apps for some time, while multipurpose appliance vendors such as Fortinet and NetContinuum have been protecting application layer traffic.

"It makes sense for Check Point to add and slowly compete with niche products and add these new features to their firewall. And it will force the niche products to continue to add new features," says Pete Lindstrom, research director at Spire Security.

But some would have liked Check Point to more closely examine application traffic. "It's a good first step for protecting public Internet protocols," says Eric Ogren, a senior analyst at the Yankee Group. "But I would have liked to see them do more along the lines of analyzing the business logic of the application, along the lines of a Teros or Kavado."

Scott Loach, senior information security engineer at Raymond James Financial, has been working with the beta version for about eight weeks. "I see it in its early phases," he says. "But I don't need a new agent on my server. And it starts to dig a little deeper into traffic than the firewall. I can start looking for bad application behavior before it reaches my network. Check Point's new stuff keeps getting better, and I think they're heading down the right path."

About the Author(s)

George V. Hulme

Contributor

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights