How important, in your opinion, is network and information security for the public sector? What is the vision and mandate of Check Point security solutions for the government?
The Internet revolution has enabled a transformation in the way public sector organisation functions. Remote locations and mobile personnel are now able to connect to the distributed information resources they need, and provide their services with much higher level of efficiencies. Along with the benefits that this revolution brings threat of cyber attacks, which have a potential to do more damage than it was ever possible. Because a cyber attack on a public sector organisation has the potential to have a much broader impact, security must become an integral component of network architecture of a public sector organisation.
Public sector organisations are invariably geographically dispersed and require a centrally managed and responsive policy-based security solution. We envisage a solution that can balance the needs of headquarters locations and branch or divisional offices, while still providing the best possible security – protecting networks, systems, applications and users across all intranet, extranet and Internet communications.
Check Point NGX: The Most Trusted Unifi ed Security Architecture. Check Point is the only company to deliver comprehensive protection against both application and network attacks integrated into Check Point security gateways. Enabling unifi ed security architecture for perimeter, internal web and endpoint security, NGX (next generation) defends against new attacks and variations as they appear. Worms like blaster are stopped before they affect NGX-protected networks. Having intelligent security architecture built in, provides greater fl exibility in decision-making and positively impacts the range of possible responses to a government network attack.
Simplifi ed Management of Distributed Agencies: Check Point makes it easy for government organisations to centrally manage security while delegating authority to distributed agency locations. This hierarchical management capability ensures that headquarters security staff is able to rapidly respond to emerging information security conditions and, if necessary, supersede the security policy of the locally managed locations.
Mobility and Flexibility: Check Point’s universal VPN (Virtual Private Network) solutions offer a wide range of options for government agencies to connect throughout the country or worldwide. With its integrated VPN client and centrally managed personal fi rewall, remote government employees can access data and resources securely. With solutions for all offi ce sizes, from single person to organisational headquarters, Check Point’s VPN technologies enable governments to leverage the Internet with secure communications.
Government Certifi ed and Approved: Check Point government certifi ed solutions are recognised worldwide for providing the strongest security and market-leading technology. Our solutions meet and exceed the stringent requirements established by government standards, government approval processes and security industry tests, including Common Criteria and Federal Information Processing Standards (FIPS). Check Point meets the needs of sensitive and classifi ed networks with EAL4 certifi ed solutions for fi rewall, VPN, IDS, IPS, management, secure logging, and endpoint security.
Interoperability: Check Point’s OPSEC (Open Platform for Security) is the industry’s open, multi-vendor security framework. With over 350 Check Point certifi ed OPSEC partners, government customers are guaranteed the broadest choice of best-of-breed integrated applications and deployment platforms for complete security solutions.
How would you rate the awareness level regarding importance of security in IT use among government and businesses? How big is the security market in India?
There has been a signifi cant increase in awareness and consciousness for need of information security, however we have a long way to go especially in the public sector which is now increasing it’s dependence on IT for enabling business. Best practices in good governance, regulatory compliances, and insistence by internal customers have contributed to the growth. Reactive measures to specifi c adverse incidents have also been a reason behind the upward moving growth curve. But in India and other SAARC countries budget for security is still not a priority. Even though companies have surged ahead in IT enabling yet there is a dearth of awareness of the risk being undertaken without enough proper security presence. Big government organisations are slowly opening up to the idea of safe IT environment and Multi-National Companies are slowly but steadily coming to ure security solution companies like Check Point for their security needs. The Asia- Pacifi c network security market grew by 8.4% in 2006 on a year to year basis. Infrastructure expansion and economic liberalisation in the rising economies of India and China was one of the key drivers of this growth.
According to a survey by Frost and Sullivan, the Indian Network Security market recorded $95.5 million in 2006. Last year registered growth across all technology segments with fi rewall IPSec VPN being the major contributor followed by IDS/IPS solutions and SSL/VPN solutions. The market is expected to grow at a compounded annual growth rate of 17.6% during the period 2006-2013. The network security market for government was estimated to be at around $13 million in 2007.
What are some of the key security solutions that Check Point offers for the government sector?
Check Point is widely recognised as the leader in securing the Internet, and has become the de-facto standard for both governments and industry. Check Point, with its market leading Firewall and VPN solutions, provides a broad choice of solutions for securing an organisation’s presence on the Internet, providing remote and mobile workers secure access to resources and securing internal LAN communications.
Check Point makes it easy for distributed government organisations to centrally manage security, and even to retain central control while delegating some authority to remote organisations or departments. This hierarchical management capability ensures that headquarters security staff is able to rapidly respond to emerging information security conditions and, if necessary, supersede the security policy of the locally managed locations. Check Point’s Security Management Architecture (SMART) provides security managers tools that are key for effi ciently administering VPNs and security in government environments, including administrator security, management effi ciency and continuity of operations.
Endpoints, or devices accessing a network – whether this is by remote workers in another offi ce, partners in another company, or even desktop PCs inside the network – need to be protected from malware, hackers, and security threats. Legitimate government personnel are more mobile than ever traveling in and out of the network with their laptops and PDA’s. Check Point Integrity is the only endpoint security solution from a major security vendor to achieve Common Criteria EAL 4 certifi cation, validating it as the most trustworthy and certifi ed protection against threats to mission critical government networks. Check Point Integrity secures and protects communications within government agencies, and is appropriate for large agencies and critical infrastructure protection monitored by agency/sector-specifi c Information Sharing and Analysis Centers (ISACs). Also, Integrity can be administered using the same NGX management platform used with other Check Point security solutions, letting administrators develop, confi gure and deploy coordinated security policies from a single console.
What are your company’s competitive advantages in network and security solutions, in view of other such players in the market?
Check Point is synonymous with technical innovation. It started with Stateful Inspection, which was invented and patented by Check Point and is now the foundation for much of today’s network security technology. And we have continued to innovate in key technology areas, such as malicious code protection, security acceleration, and cooperative enforcement. We currently hold fi ve United States patents with more than 25 US patents pending, and additional patent applications pending worldwide. Over one third of Check Point employees worldwide are in research and development (R&D). In 2006 alone we spend $62 million in R&D. Strong focus on R&D has resulted in Check Point leading the market through its pure dedication to product innovation and seamless product integration.
Through its NGX platform, Check Point delivers a unifi ed security architecture for a broad range of security solutions to protect business communications and resources for corporate networks and applications, remote employees, branch offi ces and partner extranets. The company also offers market leading data security solutions through the Pointsec product line, protecting and encrypting sensitive corporate information stored on PCs and other mobile computing devices. Check Point’s award-winning ZoneAlarm Internet Security Suite and additional consumer security solutions protects millions of consumer PCs from hackers, spyware and data theft.
What are your suggestions to the government offi cials planning and implementing the e-Government projects and programmes in terms of security risk management?
The security requirement is a dynamic phenomena and not a static one. The security management is no longer technology oriented but management oriented for effective implementation as well as, ascertaining information and systems as an asset of the organisation. The information assurance involves people, processes and technology.
The information assurance is of risk management. It has to be customised for every sector based on various requirements which are static and dynamic and depending upon the risk and challenges faced in conducting, managing and transacting businesses within the country and across the globe.
A unifi ed security approach is essential to ensure that various security challenges and exposure to various threats are minimised by increasing security posture, operation effi ciency of security functions, minimised impact of business and reducing total cost of ownership for providing more comprehensive security solutions for the business needs.
Today’s hackers can circumvent access control policies and are now directly targeting applications. What are Checkpoint’s solutions to address this shift in attack methodology?
Most fi rewalls provide effective access control, yet many are not designed to detect and thwart attacks at the application level. Today’s hackers can circumvent access control policies and are now directly targeting applications. In order to address this shift in attack methodology, fi rewalls must also provide comprehensive security on multiple-levels, protecting against both network and application attacks, while providing robust access control to IT resources.
Check Point’s Application Intelligence offers a set of advanced capabilities providing valuable attack forensics through its rich log data and distributed logging infrastructure. Check Point Application Intelligence enables government customers to confi gure, enforce and update network and application attack defenses. Application Intelligence provides capabilities to addresses the following four defense strategies,
Validate Compliance to Standards: Firewalls must be able to determine whether communications adhere to relevant protocol standards. Violation of standards may be indicative of malicious traffi c. Any traffi c not adhering to strict protocol or application standards must be closely scrutinised before it is permitted into the network, otherwise business-critical applications may be put at risk.
Validate Expected Usage of Protocols (Protocol Anomaly Detection): Testing for protocol compliance is important, but of equal importance is the capability to determine whether data within protocols adheres to expected usage. In other words, even if a communication stream complies with a protocol standard, the way in which the protocol is being used may be incongruous with what is expected.
Limit Applications’ Ability to Carry Malicious Data: Even if application-layer communications adhere to protocols, they may still carry data that can potentially harm the system. Therefore, a security gateway must provide mechanisms to limit or control an application’s ability to introduce potentially dangerous data or commands into the internal network.
Control Application-Layer Operations: Not only can application-layer communications introduce malicious data to a network, the application itself might perform unauthorised operations. A network security solution must have the ability to identify and control such operations by performing ‘access control’ and ‘legitimate usage’ checks. This level of security requires the capability to distinguish, at a granular level, application operations.
What future plans does Check Point has for increasing its government IT security market share in SAARC and other countries in the globe?
Check Point always had a strong focus on government sector across the globe and is one of the most widely accepted network and data security solution in the market. In India almost all major government and defense establishment are already using our solutions.
In 2008 we will work closely with the government to ensure that IT infrastructure of the government remain secure. We would also be looking at conducting seminars targeting the government and public sectors to sensitise them on the latest security threats and their solution.