Check Point introduces new software blades for data loss prevention and unified event management

News by Dan Raywood

Check Point has moved into the data loss prevention (DLP) space with a new blade added to its network infrastructure.

Check Point has moved into the data loss prevention (DLP) space with a new blade added to its network infrastructure.

According to the company, the Check Point DLP will help businesses move data loss from detection to prevention by pre-emptively protecting sensitive information from unintentional loss. It has added granular policy definitions that align to existing corporate data processes, educating users on such processes while enforcing them.

In addition to a multi-data correlation engine that delivers high accuracy in identifying data breaches, its DLP solution enables users to remediate potential violations in real-time.

An addition is the UserCheck technology that will alert employees with a pop-up window or email when data may be at risk. Employees are prompted to quickly remediate incidents before a data breach can occur. Check Point's user remediation function educates users on self-incident handling and corporate data policies, while minimising IT exposure to sensitive data.

Speaking to SC Magazine Gil Shwed, chairman, founder and chief executive officer at Check Point, said: “With the UserCheck technology it moves the power back to the user. The reality of the matter is that a computer can classify data but a computer cannot make a decision instead of a human being, the user, but we make it simple and easy to deploy and I think that both of these factors - the ability to use it easily and install it and have it effective on the network in a matter of hours will change DLP stakes.”

This solution also sees the introduction of the MultiSpect technology, a multi-data classification engine that inspects traffic flow for all data-in-motion and provides accuracy in correlating users, data types and processes.

He said that when using MultiSpect, the solution can scan a document and specify whether or not that should be something that should be sent out. Referring to the press release on the solution, sent under embargo on Monday this week, Shwed said: “If someone sent the release yesterday the sender would have got a message saying 'are you sure you want to send this?' and now you can decide, if it is a mistake just discard it.

“You can specify everything but what we found was companies don't want to do that, we deal with customers who have hundreds of employees and cannot manage all of the documents flow, and one of the problems of today's DLP is the security manager or IT administrator should be in the loop of what is sent and should know about everything that is happening in the company, so the policy will say everything that goes on the corporate template or everything that says ‘confidential' on it should not be sent outside and any file that has names and numbers and looks like customer data always file with suspicion, and ask if they are sure they want to send it.”

Along with the DLP blade, Check Point also introduced a blade for unified event management that filters the mass of daily threat logs and events, highlights critical events as they occur and gives security administrators the ability to stop attacks straight from the management interface.

Shwed said: “This is a new blade and a new technology that allows you to visualise events with a doughnut view, so the size of the doughnut tells you how many events there were and the colour inside it the severity. So you can see a combination of events on a line for network events, a line for DLP and so on, and can see when one area becomes bigger as there is a level of activity that is suspicious or high.”

In addition, the SmartEvent interface allows administrators to add protections on-the-fly to remediate attacks quickly, such as implementing policy changes or blocking traffic from certain sources.

Oded Gonda, vice president of network security at Check Point, said: “Security administrators can only act as quickly and effectively as they can assess relevant data. With SmartEvent, administrators can view security incidents from a high-level business view to forensic details in just three clicks of a mouse for fast-acting threat response.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews