Check Point revolutionized the industry with the
introduction of NG with Application
Intelligence. Unlike reactive, signature-based
"deep inspection" technology, NG with
Application Intelligence defends against new
attacks and variations as they appear. Worms
like Blaster are stopped before they affect
Application Intelligence-protected networks.
|
 |
| |
|
 |
| |
|
|
Application Intelligence
|
"Deep Inspection"
|
![]() |
|
Supported Protocols
|
Application Protocols
Supported
|
13
|
6
|
![]() |
|
SANS Top 20
|
Protection Against SANS
Top 20 Attacks
|
100%
|
45%
|
![]() |
|
Recent Attacks
Blocked
|
October 2003 - MS
Messenger
|
YES
|
DOES NOT SUPPORT
|
|
June 2003 - Blaster (DCE
RPC)
|
YES
|
|
May 2003 SSH attacks
|
YES
|
|
March 2003 sendmail
control characters (7bit
/ 8bit SMTP)
|
YES
|
|
January 2003 Slammer (MS
SQL )
|
YES
|
|
December 2002 - Iraqi
Oil (CIFS)
|
YES
|
|
October 2002 - Bugbear
(multi protocols)
|
YES
|
|
September 2002 - Slapper
(SSL worm)
|
YES
|
![]() |
|
P2P
|
Peer-to-Peer blocking
|
YES
|
DOES NOT SUPPORT
|
|
Instant Messenger
Identification
|
YES
|
|
| |
Defense
Strategies for Application-Level Security
Application
Intelligence provides capabilities to addresses
the following four defense strategies, which are
required for successful application-level
security:
-
Validate Compliance to Standards
-
Validate Expected Usage of Protocols
-
Limit Applications' Ability to Carry
Malicious Data
-
Control Application-Layer Operations
Validate Compliance to
Standards
Firewalls
must be able to determine whether communications
adhere to relevant protocol standards. Violation
of standards may be indicative of malicious
traffic. Any traffic not adhering to strict
protocol or application standards must be
closely scrutinized before it is permitted into
the network, otherwise business-critical
applications may be put at risk.
Validate Expected Usage
of Protocols (Protocol Anomaly Detection)
Testing for
protocol compliance is important, but of equal
importance is the capability to determine
whether data within protocols adheres to
expected usage. In other words, even if a
communication stream complies with a protocol
standard, the way in which the protocol is being
used may be incongruous with what is expected.
Limit Applications Ability to Carry
Malicious Data
Even if
application-layer communications adhere to
protocols, they may still carry data that can
potentially harm the system. Therefore, a
security gateway must provide mechanisms to
limit or control an application's ability to
introduce potentially dangerous data or commands
into the internal network.
Control
Application-Layer Operations
Not only
can application-layer communications introduce
malicious data to a network, the application
itself might perform unauthorized operations. A
network security solution must have the ability
to identify and control such operations by
performing "access control" and "legitimate
usage" checks. This level of security requires
the capability to distinguish, at a granular
level, application operations.
