Check Point Web Security Software Blade
Comprehensive protection when using the Web for business and communication

Features:

Malicious Code Protector

Check Point's patent-pending Malicious Code Protector offers a revolutionary way of identifying buffer overflow, heap overflows and other malicious executable code attacks that target Web servers and other applications without the need of signatures. Malicious Code Protector can detect malicious executable code within Web communications by identifying not only its existence within a data stream but its potential for malicious behavior. Malicious Code Protector performs four important actions:

• Monitors Web communication for potential executable code
• Confirms the presence of executable code
• Identifies whether the executable code is malicious
• Blocks malicious executable code from reaching a targeft host

Malicious Code Protector identifies both known and unknown attacks, providing preemptive attack protection. Moreover, Malicious Code Protector operates at the kernel level enabling preemptive protection that does not compromise performance.

Advanced Streaming Inspection

Advanced Streaming Inspection is a Check Point kernel-based technology that processes the overall context of communication. This technology can make real-time security decisions based on session and application information and protects Web communication even when it spans multiple TCP segments. Process-intensive application inspections are offloaded to the kernel, dramatically improving throughput and connection rates.

Advanced Streaming Inspection uses Active Streaming technology, which has the capability to modify the content of a Web connection on the fly. This important capability offers several unique advantages to Check Point customers. Active Streaming uses HTTP header-spoofing capability, providing a first level of defense by hiding important site-specific properties about the Web environment. These properties often include the names and versions of operating systems, identity Web servers and backend servers. This information is typically useless to end-users, but extremely valuable to attackers who are trying to gather information about their target. The Web Security Software Blade can intercept a Web response that contains a server's identity and gives the administrator the option to either completely hide such disclosure or optionally change the stream to confuse attackers.

Administrators can improve the end-user experience with Active Streaming by predefining custom error pages. To most users, generic error status codes are meaningless. Active Streaming redirects the end-user to a custom-defined error page with meaningful helpdesk hints. This feature dramatically improves the end-user experience and reduces helpdesk costs.

Simple Deployment and Management

Web security management within Check Point security gateways is fully integrated into the management GUI. The user interface is preconfigured with protections to counter known common attacks—each with attack and defense descriptions. Because each Web application server is different from others in its security requirements, the Web Security Software Blade offers the capability to configure granular Internet security profiles for different Web applications and Web servers. First-time configuration of the Software Blade takes just minutes. Monitor-only mode allows smooth security deployment without the risk of rejecting connections to mission-critical applications due to the incorrect configuration of a security policy.

Integrated into Check Point Software Blade Architecture

The Web Security Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

The Web Security Software Blade is tightly integrated with other Check Point Software Blades and does not require installation on additional devices. Security and audit logs are integrated into Check Point reporting, auditing and log architecture, providing administrators a powerful tool to centrally analyze security violations.

Specifications:

Feature	Detail
Malicious Code Protections	Malicious Code Protector (MCP), general HTTP worm catcher
Application Layer Protections	Cross site scripting, LDAP injection, SQL injection, command injection, directory traversal
Information Disclosure Protections	Header spoofing enforcement, directory listing prevention, error concealment
HTTP Protocol Inspections	HTTP format size enforcement, ASCII-only request enforcement, ASCII-only response header enforcement, header rejection definitions, HTTP method definitions
Enforcement Options	Active, monitor-only, disabled
Configuration Granularity	Individual servers protected by Web intelligence attack protections enabled for each server; for each attack protection, apply to individual servers or inspect all HTTP traffic; customizable profiles associated with specific Check Point gateways
Updates	Real-time safeguard and defense updates through Check Point update service