Next-Generation Firewall Buying Guide: Check Point - Page 3

Software blades can add identity-aware application controls to Check Point firewalls.

 By Lisa Phifer
Page 3 of 3   |  Back to Page 1
Print Article

Sultan said that involving users can provide valuable feedback to firewall administrators, helping organizations determine what policies should be. "Many companies find they are blocking legitimate usage. These alerts help users be educated about policy, and helps the IT department learn what users really need to access for business purposes," she said.


Check Point introduced two more blades in R75: Data Loss Prevention and Mobile Access (smartphone SSL VPN). "For DLP, we involve users in defining whether the sensitive data they're trying to share via email or file transfer should really be shared," said Sultan. "Before, if security policy blocked you from accessing a site, you often got an obscure message to contact IT. We're moving away from this by letting customers give very clear explanations [to users] and make exceptions."


Power-1 customers might not start with DLP, Check Point's architecture makes it easy to add optional blades like this over time. "With blades, we provide a model for customers to buy licenses to activate software. If you want to add blades not in the original package, you can do so for as little as $1500 – with no CAPEX, no new management console, and no additional complexity in your data center," said Sultan.


Bottom Line

Check Point's blade architecture gives existing and future firewall customers more flexibility. "This has been very well received because customers don't always know what they'll need in a year and don't want to be locked into a solution. Well over one third of our customer base has already migrated to this architecture," said Sultan.


But the architecture decouples software modules, exposing seams between Firewall, Application Control, Identity Awareness blades (albeit managed through the same console). Check Point's array of platforms, Power-1 models, software releases, and options can also be hard to navigate. On the flip side, features like the AppWiki and UserCheck prompting can ease NGFW policy development and adoption.


To learn more about Check Point Software's Power-1 series of enterprise firewalls, capable of running Application Control and Identity Awareness blades, visit this link.

 Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. With over 25 years in the network industry, Lisa has reviewed, deployed, and tested network security products for nearly a decade.

This article was originally published on Aug 23, 2011
Get the Latest Scoop with Networking Update Newsletter