Check Point Software Technologies is set to give its firewall customers the ability to detect and block application-layer attacks such as Code Red, Nimda and SQL slammer worms.
Called Next Generation with Application Intelligence (NGAI), this release of Check Point's Firewall-1 SmartDefense software is designed to protect Web servers, email, instant messaging and FTP from a variety of attacks such as HTTP encoding, directory traversal and FTP bounce.
The application intelligence is in the software that is part of the firewall located at the network Internet connection. This software digs deeper into packets than the firewall and can adjust firewall policies to block attacks it detects.
"(NGAI) firewalls are able to delve somewhat deeper into the packet, do some simple signature matching and pattern matching, but also do some advanced protocol analysis looking for anomalies, be it extended ASCI characters in an HTTP stream or HTTP headers that are much bigger than they should be," said Scott Loach, senior information security engineer for financial advisory firm Raymond James Financial Services, which beta-tested NGAI.
He said the new features were part of the default settings of the beta version of NGAI that he tested, and they added another layer to his network defenses.
"The next thing that comes in like SQL slammer or Nimda is going to come in over a common port like Port 80 or 110 or 25," Loach said. "A normal firewall is just going to permit the traffic."
He said NGAI did not displace the firm's other security, which included an intrusion-detection system, antivirus software, mail filtering and URL filtering.
The new capabilities would let Check Point compete against other leading firewall vendors Cisco and NetScreen Technologies, an analyst with Gartner, Richard Stiennon, said.
Other vendors focused on using custom chips to rip packets apart, inspect them and apply multiple policies more thoroughly than NGAI did would ultimately have the edge, he said. These include Fortinet , Netcontinuum, TippingPoint Technologies. and to some extent content switches, such as Blue Coat Systems. and F5 Networks.
NGAI is available on June 3. An update subscription costs $US1000 per gateway or $10,000 for up to 100 gateways.