The company has announced the imminent release of a version of the Integrity endpoint security policy software that includes intrusion prevention features found in Check Point’s gateway offerings.
Integrity will draw on SmartDefense, the signature-based intrusion prevention component of Check Point’s core software, and the related signature update subscription service, vice president of marketing Fred Felman said.
Integrity’s current style of endpoint security is based around enforcing policies, such as checking patch levels and antivirus freshness. Adding IPS to the mix is designed to prevent targeted attacks and worms compromising PCs.
SmartDefense can prevent vulnerabilities being exploited by examining traffic for patterns that appear to be attacks. It uses signatures, but signatures that define the vulnerability, rather than the exploit.
Other host IPS products on the market work by blocking malicious-looking behavior. This has the advantage of being able to block attacks aimed at even unknown vulnerabilities. But Felman said they can be complex to manage.
He said Check Point has an advantage in terms of manageability over rival Cisco Systems Inc and its Cisco Security Agent host-based intrusion prevention software, which he said requires rules to be written about what applications can and cannot do.
CSA is only really being used to protect servers, it is not being used to protect clients, because it’s too difficult to manage, Felman said. Integrity, on the other hand, is designed for clients but not servers, he said.
The firm is calling its endpoint security initiative Total Access Protection. Integrity has been given the Check Point name, leaving Zone Labs now a purely consumer brand.
