Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Check Point's new security blades cut both ways

David Strom | May 27, 2011
If you're in the market for endpoint protection, Check Point's new R80 Unified Endpoint Security Management product shows promise.

 An overview dashboard showing summaries of alerts, machines in compliance and policies in use

 Policies for the various protective features

 A special section on software deployment

 Monitoring and reporting section

 And a section to create policies for particular users and groups.

Each section is further broken down into the particular protective features, so there is a malware policy sub-section and a malware monitoring sub-section for example. This makes sense, but as you dive into the product you have to remember where everything goes. The user and group structures can be directly imported from Active Directory, and provided you have the proper domain credentials, this shouldn't be difficult to populate this section and keep it synchronized with changes to your directory store.

As you might imagine, the firewall section of R80 is the most solid, given Check Point's history. Rules are easy to edit and apply to particular endpoint groups and use traditional specifications such as inbound or outbound traffic, deny or allow traffic, and specify ports and protocols.

The full scope of E80 includes the following features:

 Host-based firewall

 Anti-malware/anti-virus

 Web URL content filtering and anti-phishing

 Whole disk encryption

 Removable media encryption for USB drives and DVDs

 Port blocking

 Application white and black-listing (The product comes with more than 500 pre-set application signatures as part of their Program Advisor service.)

 Additional endpoint compliance rules

This last category bears some explanation. You can set up each endpoint to require particular OS service packs, prohibit or require particular applications or files, and install a particular anti-virus engine. For each of these actions, you can set the rule to observe and log the activity, to restrict and remediate, or to just issue a warning message.

One of the nice things with the product is that you can create policies for three different endpoint states: connected, when an endpoint is physically present on a local or remote network that can be seen by the management server; disconnected, when it can't; or restricted, when an endpoint is out of compliance or offline for a pre-set monitoring time period.

Policies can be assigned on a very granular level to particular groups of users and different physical networks. And there are tons of reports that can be delivered at the click of a mouse that provide insight into your network security posture. Many of the early endpoint products were not as flexible or as capable.

Endpoint security technology has been maturing over the years. However, the E80 isn't quite fully baked yet. Despite all these features and flexibility, there are things I disliked about the product. For example, if you have a mixture of 32- and 64-bit machines, you'll need to create a separate installer for each, and you'll also need to enable 64-bit support in your software deployment blade. Macs and Linux machines are currently not supported, which is an issue for many enterprises with mixed desktops.

 

Previous Page  1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.