Check Point IPS defends against worms and attacks

At first, Check Point’s InterSpect IPS seems no different from many of the IDS/IPS products we tested this summer. InterSpect defends against worms and quarantines suspicious computers or networks. Its LAN protocol protection and preemptive attack mitigation are competitive and it can do something most of its competitors can’t: physically segment internal LAN segments into organizational security zones.

Dividing the LAN across organizational boundaries is a great idea in theory. Not all network traffic is created equal. It’s useful to be able to apply different security policies to different segments but this is not necessarily easy to do in practice. We’ll explore this issue further as we test the product in the next few weeks. Another cool feature we’ll be looking at during testing is InterSpect’s facility for working with Check Point Integrity clients. Formerly a Zone Labs product, Integrity combines a management server and client-side agents to enforce security policies on each end point. Integration with InterSpect should extend policy enforcement to the network level.

From a reporting standpoint, InterSpect isn’t as complex as Lancope’s StealthWatch, nor does it seem as informative as StillSecure’s Border Guard. InterSpect’s SmartView Monitor presents some interesting and nicely laid out statistics, but it’s one of four separate applications presenting information. Normally, I’d prefer to have everything available from one console, so we’ll see how this pans out. InterSpect is a promising IPS solution from a leading security vendor. Check Point has certainly earned its stripes in the firewall market; we’re eager to see how it fares in the IPS arena.

InterSpect Version 2.0

Check Point Software Technologies

Cost: InterSpect 210, $9,000; InterSpect 410, $18,000; InterSpect 610, $36,000; InterSpect 610F, $39,000

Available: Now