Check Point Details NGX Platform
NGX has all the makings of a simplified platform that can be sold into networks smaller and less sophisticated than Check Point's typical enterprise customer base, solution providers at the event said. And Check Point executives there said repeatedly that the midmarket is becoming more of a target for the security vendor.
Unveiled in May, NGX is designed to unify Check Point's 20-plus security products under one dynamic management interface. The platform also aims to provide universal update capability to keep Check Point security deployments alerted to the latest security threats in real time as well as offer improved integration with third-party products, said Gil Shwed, chairman and CEO of Check Point, Redwood City, Calif.
"NGX is our first major release since 2001 and the only unified security architecture for perimeter, internal and Web defenses," Shwed said. Once all of Check Point's internal, Web, endpoint, perimeter and branch-office products are fully integrated onto NGX, the technology also will secure many application defenses and provide a more flexible VPN and VoIP solution, he added. Shwed gave no timetable for the integration efforts.
Check Point's VPN-1 Edge, Integrity, InterSpect and Connectra products, though supported by NGX, still need to be fully integrated with the platform, said Tony Sabaj, Check Point security engineer. But once that happens, NGX will bring improvements such as better monitoring of VPN tunnels through realtime session audits that identify participants, session status and performance, and the VPN tunnel's routing, he said.
Other key features of the NGX platform include the following:
• The SmartView Monitor system, which will consolidate multiple product consoles into one monitoring interface, Sabaj said.
• Dynamic routing capability for Check Point's VPN, which will be able to be built between locations that have changing IP addresses. "Having only domain-based routing has slowed Check Point in the VPN market, but now NGX will have a route-based VPN solution," Sabaj said.
• An integrated Web application firewall plus remote client security tools that will cleanse sensitive data such as passwords from remote, unmanaged clients like Web kiosks.
• More secure multicasting capabilities, which will allow streams such as stock tickers and high-bandwidth sessions such as video conferences to enter a network more securely. "Before, when you had a video conferencing session, you just kind of opened up the whole network, but not with NGX," Sabaj said.
• A Web-based Smart Portal that provides a read-only view of a network's security policy.
Solution providers said waiting for Check Point to complete the NGX integration hasn't been an issue. Joe Luciano, CEO of Access IT Group, Mountain Lakes, N.J., said his Check Point customers have always been willing to wait for whatever improvements Check Point has said are in its pipeline. Part of the reason for that patience is that Access IT has mastered the deployment of Check Point products to the point where no help desk is required, he said, adding that his team has never had to build workarounds to accommodate older Check Point products.
Having to manage Check Point products through multiple consoles--something that NGX will remedy--was never much of a pain point anyway, said Dave Gilden, a partner at Acuity Solutions, a Tampa, Fla.-based VAR. "The [Check Point product portfolio] is so good that once customers drink the Check Point Kool Aid, they are Check Point customers for life," he said.
In a partner breakaway session at the conference, Kevin Maloney, Check Point's vice president of sales, said the vendor aims to help channel partners penetrate more midmarket accounts. "We will continue with our enterprise focus while expanding our medium-size business offerings," he said.
What NGX will do in terms of reducing the number of product consoles will definitely appeal to midmarket customers, which typically have small IT staffs, said Brad Reed, vice president of Internet security at Compuquip Technologies, a Miami-based solution provider. "In the past, having to attend to a dozen different consoles was something only an enterprise network could afford to do, not an SMB," he said.
To help fuel its midmarket strategy, Check Point this week launched an integrated hardware and software bundle called the Check Point Express Security Gateway. Targeted at midsize businesses, the appliance-based solution is expected to immediately help Check Point better compete against the likes of Juniper Networks, Cisco Systems, Fortinet and WatchGuard, according to Check Point.
"They are little late to the [midmarket] game, but they have superior technology," said Acuity's Gilden.
What seemed to excite partners the most at the conference was Maloney's pledge that Check Point will remain an all-channel, indirect sales company. "Look around the world. [Customers] are looking to buy local," he said. "They are looking to buy through you."