Check Point says that by year-end it will add intrusion prevention to its VPN client software, making it less likely that remote-access VPN users will infect networks with worms and viruses.
By catching intrusion exploits at the remote computer, businesses can keep the attacks from riding encrypted tunnels into corporate networks, the company says. This means such attacks will be stopped before they are encrypted and breeze through holes in firewalls that are opened up to let VPN traffic through.
Rather than search for signatures of individual viruses and worms, the upcoming software will look for characteristics that an exploit would have to show in order to take advantage of known vulnerabilities, the company says. So if exploiting a perceived vulnerability requires coming through a certain firewall port and contains a payload larger than a certain size, the software can be tuned to look for traffic meeting those criteria. If such traffic is found, it can be dropped.
The intrusion-prevention software could also be used on a LAN to protect network segments from worms that get past the corporate firewall, for example, via laptops that plug into insecure networks then return to the corporate network.
Check Point says it will roll out the new capability at year-end or early next year.
The company will also integrate its VPN-1 client with its endpoint security client, Integrity, so customers can download them to computers as a single entity. This means one fewer application to download and update, and a unified platform for configuring the VPN-1 and Integrity parameters.