Delivering Unified Security Architecture : Bhaskar Bakthavatsalu, Country Sales Manager, Check Point, India and SAARC Region

How important, in your opinion, is network and information security for the public sector? What is the vision and mandate of Check Point security solutions for the government?
The Internet revolution has enabled a transformation in the way public sector organisa­tion functions. Remote locations and mobile personnel are now able to connect to the dis­tributed information resources they need, and provide their services with much higher level of efficiencies. Along with the benefits that this revolution brings threat of cyber attacks, which have a potential to do more damage than it was ever possible. Because a cyber attack on a public sector organisation has the potential to have a much broader impact, secu­rity must become an integral component of network architecture of a public sector organisation.

Public sector organisations are invariably geographically dispersed and require a centrally managed and respon­sive policy-based security solution. We envisage a solution that can balance the needs of headquarters locations and branch or divisional offices, while still providing the best possible security – protecting networks, systems, applications and users across all intranet, extranet and Internet communications.

Check Point NGX: The Most Trusted Unifi ed Security Architecture. Check Point is the only company to deliver comprehensive protection against both application and network attacks integrated into Check Point security gateways. Enabling unifi ed security architecture for perimeter, internal web and endpoint security, NGX (next generation) defends against new attacks and variations as they appear. Worms like blaster are stopped before they affect   NGX-protected networks. Having intelligent security architecture built in, provides greater fl exibility in decision-making and positively impacts the range of possible responses to a government network attack.

Simplifi ed Management of Distributed Agencies: Check Point makes it easy for government organisations to centrally manage security while delegating authority to distributed agency locations. This hierarchical management capability ensures that headquarters security staff is able to rapidly respond to emerging information security conditions and, if necessary, supersede the security policy of the locally managed locations.

Mobility and Flexibility:
Check Point’s universal VPN (Virtual Private Network) solutions offer a wide range of options for government agencies to connect throughout the country or worldwide. With its integrated VPN client and centrally managed personal fi rewall, remote government employees can access data and resources securely. With solutions for all offi ce sizes, from single person to organisational headquarters, Check Point’s VPN technologies enable governments to leverage the Internet with secure communications.

Government Certifi ed and Approved:
Check Point government certifi ed solutions are recognised worldwide for providing the strongest security and market-leading technology.   Our solutions meet and exceed the stringent requirements established by government standards, government approval processes and security industry tests, including Common Criteria and Federal Information Processing Standards (FIPS). Check Point meets the needs of sensitive and classifi ed networks with EAL4 certifi ed solutions for fi rewall, VPN, IDS, IPS, management, secure logging, and endpoint security.

Interoperability:
Check Point’s OPSEC (Open Platform for Security) is the industry’s open, multi-vendor security framework. With over 350 Check Point certifi ed OPSEC partners, government customers are guaranteed the broadest choice of best-of-breed integrated   applications and deployment platforms for complete security solutions.

How would you rate the awareness level regarding
importance of security in IT use   among government and businesses? How big is the security market in India?

There has been a signifi cant increase in awareness and consciousness for need of information  security, however we have a long way to go especially in the public sector which is now  increasing it’s dependence on IT for enabling business. Best practices in good governance,  regulatory compliances, and insistence by internal customers have contributed to the  growth. Reactive measures to specifi c adverse incidents have also been a reason behind the  upward moving growth curve. But in India and other SAARC countries budget for security is  still not a priority. Even though companies have surged ahead in IT enabling yet there is a  dearth of awareness of the risk being undertaken without enough proper security presence.  Big government organisations are slowly opening up to the idea of safe IT environment and Multi-National Companies are slowly but steadily coming to ure security solution companies  like Check Point for their security needs. The Asia- Pacifi c network security market grew by  8.4% in 2006 on a year to year basis. Infrastructure expansion and economic liberalisation in  the rising economies of India and China was one of the key drivers of this growth.

According to a survey by Frost and Sullivan, the Indian Network Security market recorded  $95.5 million in 2006. Last year registered growth across all technology segments with fi  rewall IPSec VPN being the major contributor followed by IDS/IPS solutions and SSL/VPN  solutions. The market is expected to grow at a compounded annual growth rate of 17.6%  during the period 2006-2013. The network security market for government was estimated to  be at around $13 million in 2007.

What are some of the key security solutions that Check
Point offers for the government sector?

Check Point is widely recognised as the leader in securing the Internet, and has become the de-facto standard for both governments and industry. Check Point, with its market leading  Firewall and VPN solutions, provides a broad choice of solutions for securing an organisation’s  presence on the Internet, providing remote and mobile workers secure access to resources and securing internal LAN communications.

Check Point makes it easy for distributed government organisations to centrally manage  security, and even to retain central control while delegating some authority to remote  organisations or departments. This hierarchical management capability ensures that  headquarters security staff is able to rapidly respond to emerging information security  conditions and, if necessary, supersede the security policy of the locally managed locations.  Check Point’s Security Management Architecture (SMART) provides security managers tools  that are key for effi ciently administering VPNs and security in government environments,  including administrator security, management effi ciency and continuity of operations.

Endpoints, or devices accessing a network – whether this is by remote workers in another offi  ce, partners in another company, or even desktop PCs inside the network – need to be  protected from malware, hackers, and security threats. Legitimate government personnel are  more mobile than ever traveling in and out of the network with their laptops and PDA’s.  Check Point Integrity is the only endpoint security solution from a major security vendor to  achieve Common Criteria EAL 4 certifi cation, validating it as the most trustworthy and  certifi ed protection against threats to mission critical government networks. Check Point  Integrity secures and protects communications within government agencies, and is  appropriate for large agencies and critical infrastructure protection monitored by  agency/sector-specifi c Information Sharing and Analysis Centers (ISACs). Also, Integrity can be administered using the same NGX management platform used with other Check Point security solutions, letting administrators develop, confi gure and deploy coordinated  security policies from a single console.

What are your company’s competitive advantages in
network and security solutions, in view of other such players in the market?

Check Point is synonymous with technical innovation. It started with Stateful Inspection,  which was invented and patented by Check Point and is now the foundation for much of  today’s network security technology. And we have continued to innovate in key technology  areas, such as malicious code protection, security acceleration, and cooperative enforcement.  We currently hold fi ve United States patents with more than 25 US patents pending, and additional patent applications pending worldwide. Over one third of Check Point employees  worldwide are in research and development (R&D). In 2006 alone we spend $62 million in  R&D. Strong focus on R&D has resulted in Check Point leading the market through its pure  dedication to product innovation and seamless product integration.

Through its NGX platform, Check Point delivers a unifi ed security architecture for a broad range of security solutions to protect business communications and resources for corporate networks and applications, remote employees, branch offi ces and partner extranets. The  company also offers market leading data security solutions through the Pointsec product line, protecting and encrypting sensitive corporate information stored on PCs and other mobile  computing devices. Check Point’s award-winning ZoneAlarm Internet Security Suite and  additional consumer security solutions protects millions of consumer PCs from hackers, spyware and data theft.

What are your suggestions to the government offi cials
planning and implementing the e-Government projects and programmes in terms of security risk management?

The security requirement is a dynamic phenomena and not a static one. The security management is no longer technology oriented but management oriented for effective implementation as well as, ascertaining information and systems as an asset of the organisation. The information assurance involves people, processes and technology.

The information assurance is of risk management. It has to be customised for every sector  based on various requirements which are static and dynamic and depending upon the risk and  challenges faced in conducting, managing and transacting businesses within the country  and across the globe.

A unifi ed security approach is essential to ensure that various security challenges and exposure to various threats are minimised by increasing security posture, operation effi ciency of security functions, minimised impact of business and reducing total cost of ownership for providing more comprehensive security solutions for the business needs.

Today’s hackers can circumvent access control policies
and are now directly targeting applications. What are Checkpoint’s solutions to address this shift in attack methodology?

Most fi rewalls provide effective access control, yet many are not designed to detect and thwart attacks at the application level. Today’s hackers can circumvent access control policies and are now directly targeting applications. In order to address this shift in attack methodology, fi rewalls must also provide comprehensive security on multiple-levels, protecting against both network and application attacks, while providing robust access control to IT resources.

Check Point’s Application Intelligence offers a set of advanced capabilities providing valuable  attack forensics through its rich log data and distributed logging infrastructure. Check Point  Application Intelligence enables government customers to confi gure, enforce and update  network and application attack defenses. Application Intelligence provides capabilities to  addresses the following four defense strategies,

Validate Compliance to Standards: Firewalls must be able to determine whether communications adhere to relevant protocol standards. Violation of standards may be indicative of malicious traffi c. Any traffi c not adhering to strict protocol or application standards must be closely scrutinised before it is permitted into the network, otherwise business-critical applications may be put at risk.

Validate Expected Usage of Protocols (Protocol Anomaly Detection): Testing for protocol compliance is important, but of equal importance is the capability to determine   whether data within protocols adheres to expected usage. In other words, even if a communication stream complies with a protocol standard, the way in which the protocol is being used may be incongruous with what is expected.

Limit Applications’ Ability to Carry Malicious Data: Even if application-layer communications adhere to protocols, they may still carry data that can potentially harm the system. Therefore, a security gateway must provide mechanisms to limit or control an application’s ability to introduce potentially dangerous data or commands into the internal network.

Control Application-Layer Operations:
Not only can application-layer communications   introduce malicious data to a network, the application itself might perform unauthorised operations. A network security solution must have the ability to identify and control such operations by performing ‘access control’ and ‘legitimate usage’ checks. This level of security requires the capability to distinguish, at a granular level, application operations.

What future plans does Check Point has for increasing
its government IT security market share in SAARC and other countries in the globe?

Check Point always had a strong focus on government sector across the globe and is one of the  most widely accepted network and data security solution in the market. In India almost all  major government and defense establishment are already using our solutions.

In 2008 we will work closely with the government to ensure that IT infrastructure of the  government remain secure. We would also be looking at conducting seminars targeting the  government and public sectors to sensitise them on the latest security threats and their solution.

"Exciting news! Elets eGov is now on WhatsApp Channels 🚀 Subscribe today by clicking the link and stay updated with the latest insights!" Click here!
Be a part of Elets Collaborative Initiatives. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook , connect with us on LinkedIn and follow us on Twitter , Instagram.