Check Point Software Technologies on Monday announced the release of the new version of its Provider-1 Internet security management system for service providers, telecommunication vendors and large companies, as well new features for its OPSEC security framework.
Provider-1 Next Generation adds new management, auditing, policy creation and implementation and updating features to Check Point's large-scale firewall administration tool. The software adds Total Availability Management (TAM), a system by which customer data is constantly synchronized between different Provider-1 servers to create redundant functionality and multiple administration options, said Mike Lee, product marketing manager at Check Point. TAM will allow administrators at one location to take over the duties of administrators at a second location if the second location loses network connectivity or has other troubles, Lee said.
The new software also includes support for Dynamic Global Objects, a method by which administrators are able to build generic rules and policies that apply to all client networks and are customized to work for each network's specific topology after the policy is sent to the firewall serving that network, Lee said. This feature aims to save the time and effort needed to create policies specific to each client network. In the service provider setting targeted by Provider-1, that could be the hundreds of networks, he said. In addition, management servers are now able to store up to 500 policies, up from 200 in the previous version of Provider-1, he said.
Beyond Dynamic Global Objects, Provider-1 Next Generation also offers SecureUpdate, which allows administrators to automatically and remotely deploy software and license updates to firewalls, Lee said. This not only saves time and money, but also allows new features to be enabled on the firewalls even after they've been deployed, he said.
Provider-1 Next Generation includes its own digital certificate authority and provides a raft of new administration and auditing features. The software includes log file redundancy across multiple servers, automated log archiving that can be set to trigger based on certain events or times and detailed tracking of who makes changes to the system, Lee said.
Though the weakness in the U.S. economy has affected the businesses of the companies targeted with Provider-1 -- most notably hosting company Exodus Communications Inc., which filed for bankruptcy protection in late September -- Check Point's business is still strong, Lee said.
"It is tricky," he admitted. "It's not easy business anymore like it was in 2000."
Even so, Lee said he actually expected more "tales of woe" than he has heard thus far, so the news hasn't been as bad as he anticipated.
Provider-1 Next Generation runs on Sun Microsystems Inc.'s Solaris operating system and will ship worldwide Oct. 10. The software starts at US$40,000, Lee said.
Also on Monday, Check Point said it has expanded the features available through its OPSEC (Open Platform for Security) security framework to include enhanced management, security and authentication options.
OPSEC is an open, standardized security platform that allows various security hardware and software vendors to include in their products the ability to extract information from Check Point software to increase security. For instance, an administrator could create a rule that checks a user's antivirus software to make sure it is running and is up to date before that user is granted access to the corporate network over a VPN (virtual private network) connection, according to Upesh Patel, OPSEC group manager.
Vendors are able to include OPSEC features in their products for free, but have to pay a licensing fee to Check Point to be certified as OPSEC-compliant, Patel said.
The new OPSEC standard includes the ability to monitor OPSEC-compatible applications in the same interface as Check Point products, Patel said. The new version extends SecureUpdate to OPSEC-compliant software, allowing it to be updated and managed remotely, he said. Also beefed up is the standard's access to security log data, he said. Smart cards are now supported as VPN authentication methods, Patel added.
The new OPSEC SDK (software developer's kit) can be downloaded from the Check Point Web site today and some vendors already have new products incorporating the standard in Check Point's certification labs, Patel said.