- ✓Application level filtering
- ✓network segmentation
- ✓quarantine of suspect computers
- ✓SmartCenter integration
- ✓support for Zone Labs Integrity
- ✕no antivirus support
Even with the best firewall protection, viruses, worms and other nasties can still get onto your network -- often innocently brought in on notebooks used by guests and mobile workers. Moreover, once inside the firewall, malware can spread like wildfire, which is why Check Point introduced the InterSpect appliance in January last year, to reinforce the perimeter protection provided by its firewalls. This protection is further enhanced in the latest InterSpect 2.0 release, which also features new centralised management facilities.
Based on the same stateful inspection technology as Check Point’s popular Firewall One products, the InterSpect appliance is tuned to work with, rather than simply block, LAN protocols and filter traffic at the application level looking for worms and other common threats.
More than that, InterSpect can logically and physically segment the network into distinct security zones. Suspect computers can then be quarantined and potential infections contained within a particular zone. Cross-zone access can also be closely managed with, in the 2.0 release, new support for the Zone Labs Integrity solution to deny access to devices failing to meet corporate security policies.
The software behind the InterSpect appliance is based on the security-hardened Check Point SecurePlatform OS. This comes pre-installed on Dell server hardware with four models available, starting with the $9,000 (~£4,800) InterSpect 210, designed to protect a single workgroup, with a maximum throughput of 200Mbps. This rises to 1000Mbps on the top-of-the-range InterSpect 610 that we tested which can protect multiple workgroups on large enterprise networks. The InterSpect 610 costs a princely $36,000 (~£19,250), which puts it firmly in the enterprise market.
There are several modes of deployment, including a passive monitor-only mode to gather information prior to installation. The appliance can also be configured as a transparent bridge between one or more LAN segments and the network backbone, or as a router to take full advantage of the zoning capabilities.
Whatever the setup, installation is kicked off by plugging the appliance into the network, and assigning a suitable IP address to the independent management interface. Everything else is then done remotely using a set of Windows utilities with, in the 2.0 release, support for centralised management using Check Point’s SmartCenter software.
Either way the principal management tool is the SmartDashboard utility. This features a graphical display summarising activity, with the ability to drill down to both obtain more detail and separate tabs to fine-tune the configuration. Network zones are set up and managed from here, along with the SmartDefence updates. A separate SmartView Monitor is also available to graph activity and there’s a tool called SmartView Reporter to generate reports.
On the downside, there’s no antivirus scanner and it does take a while to get to grips with the management interface. However, the menu-based approach helps, and the setup process is really no harder than for most firewalls. Moreover, because its based on the same SMART technology, staff who are used to other Check Point products will have little trouble mastering the InterSpect GUI. Another bonus of the 2.0 release is the ability to scan POP3/IMAP traffic to protect mail servers against internal threats, with additional peer-to-peer filtering facilities also added in this release.
Unfortunately, testing security devices is notoriously difficult, as is measuring performance outside of a full-scale deployment. That said, we had few problems blocking simple port scans or quarantining suspect systems, and the specification of the host server makes it more than capable of living up to the throughput claims. The InterSpect 610 is not cheap, but then few security appliances are, and with Check Point's credentials behind it this appliance is definitely worth further investigation.