Check Point's new security blades cut both ways

By , Network World |  Security, check point

If you're in the market for endpoint protection, Check Point's new R80 Unified Endpoint Security Management product shows promise.

10 things we like and don't like about Check Point's R80 endpoint security product

Check Point expands security blade platform, intros best-practices program

The R80 represents the first integration of the Pointsec encryption product line, which Check Point acquired in 2007, and the notion of software blades. The R80 features six separately licensed blades that cover a wide range of endpoint security features, everything from host-based firewall to malware protection to the DLP-type ability to restrict removable media access, to the NAC-like ability to force a desktop to install security updates.

This means that you install a single security software agent on each desktop, and the management software will send whatever protective features to that agent to install and activate for each client. There is also a single management console.

While this sounds good in theory, the number of dials to turn and tweak is astoundingly complex. For an IT manager unfamiliar with Check Point products, the R80 will require a steep learning curve to understand the interaction of the various software blade modules, along with how to create the best policies and also to interpret and correct the inevitable mistakes made along the way.

As an example, the full disk encryption policy section, which is one of the more powerful features, comes with five main menu paths and dozens of options. So yes, you can secure just about anything and everything on your desktop, but at the price of spending time pouring over the manuals, reading the online discussion forums and getting on the phone with Check Point's support team.

We tested the product on a Windows 2003 Server with Windows XP and Windows 7 Ultimate clients connected on a small network. We didn't explicitly test performance but we didn't observe anything odd either.

On the server side, you need Microsoft .NET 3.5 SP1 Runtime Framework. The actual Checkpoint client agent consumes less than 6MB of memory and less than 2% of CPU activity, depending on what it is doing at any given time. Both of which are quite reasonable given the level of security protection it provides.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness