Rex Global Check Point Integrity Total Access Protection in One Solution

Home > Rex Global Solutions > Check Point Solutions > Check Point Integrity Family

Check Point Integrity

Total Access Protection in One Solution

Stateful, Stealthing Client Firewall
Advanced Application Controls
Central Management & Reporting
Policy Enforcement Prior to Network Access

Overview

Integrity provides trusted endpoint security and policy enforcement for internal & remote PCs. Easily deployed and managed, Integrity's superior endpoint security and policy enforcement mitigate the risk of major financial loss caused by hackers, worms, spyware, and other threats that evade reactive, signature-based products. The complete Integrity product line delivers Total Access Protection for the enterprise, ensuring that all enterprise PCs-employee and guest, internal and remote, wired and wireless-can be protected by the market's leading security solution.

YOUR CHALLENGE

Every PC accessing your enterprise network is a target for rapidly proliferating worms, penetration attacks, Trojan horses, spyware, and other exploits. Reactive, signature-dependent technologies such as anti-virus and intrusion detection can no longer be trusted to stop the newest variations of these threats.

OUR SOLUTION

Integrity™ safeguards your enterprise network from penetration by malicious code or targeted attacks with a combination of proactive protection for every network endpoint along with central policy management and enforcement. It allows you to easily develop, manage, and enforce unparalleled endpoint security for Total Access Protection. Integrity restores the confidentiality, integrity, and availability of enterprise data and critical systems without compromising IT or end user productivity. Your business can continue safely toward growth and profit objectives.

PROACTIVE ENDPOINT SECURITY

Data security breaches at the desktop cost companies billions of dollars every year. Integrity protects you from becoming a victim of such attacks. Proactive protection Integrity’s stateful firewall blocks all unsolicited inbound traffic with stealth technology that makes PCs completely invisible to hackers. For superior protection, Integrity’s policy features can treat all network traffic and applications as untrusted unless stated otherwise by the security policy. With Integrity, administrators can define and deploy a baseline security policy to PCs within minutes. This capability requires little configuration and provides immediate endpoint firewall protection for your organization.

Integrity also provides extensive controls for fine-tuning policies to your unique needs as they change. Integrity allows administrators to control how, when, and with which resources PCs can communicate, based on three network zones. The Blocked Zone stops any and all communication to or from specified network addresses. The Trusted Zone contains traffic destinations that are known and trusted. The Internet Zone covers all traffic sources outside or inside the perimeter firewall that are in neither the Trusted Zone nor the Blocked Zone. Using traditional firewall rules, administrators can also create custom zones within the enterprise network and apply different levels of security to each. This network segmentation contains worm outbreaks and enables very granular application of “least privilege” access to network resources.

Application Privilege Control

Integrity enables enterprises to keep malicious code from compromising the confidentiality of enterprise data. Administrators specify which PC applications are allowed network access, which are not, and how to handle unrecognized programs. Integrity’s Program Observation feature automatically creates an inventory of all PC applications that attempt network access, enabling fast, efficient identification and securing of potential network vulnerabilities.

Application control can be implemented using firewall rules or application privilege rules. As with Integrity’s firewall rules, administrators can apply different application privilege rules in the Trusted and Internet zones. For example, any application may be allowed to accept inbound connections from the Trusted Zone but not the Internet.

Email and Instant Messaging Protection

Because both email and instant messaging (IM) are extremely vulnerable to exploitation by hackers or mailware, Integrity provides automatic protection for both technologies. Integrity’s MailSafe capability monitors personal email messages retrieved from POP or IMAP servers and quarantines more than 45 potentially harmful types of attachments that could bypass enterprise antivirus mechanisms. In fact, it stops email-borne viruses even before anti-virus updates are available, and prevents viruses from hijacking email address books and propagating themselves.

IM is now the fastest growing method of Internet communication. And when employees access IM services, using native or third-party clients, Integrity’s optional IM Security module enables management of message encryption, content filtering, and other controls so that your employees can enjoy the productivity of IM while you mitigate the security risks.

ASSURED ACCESS POLICY ENFORCEMENT

By enforcing a comprehensive security policy on all network PCs as a condition of network access, Integrity delivers highly effective protection against attacks that can compromise security and business continuity. Integrity assures that a PC is running updated antivirus, has critical patches and service packs installed, has the latest versions of applications such as browsers and VPN clients, is not running any prohibited programs, and meets other trust criteria before it gains authorized access to the network.

To control network access, Integrity’s Cooperative Enforcement technology integrates Integrity with the broadest range of VPNs, switches, and wireless access points. For extra flexibility, Integrity supports the industry standard 802.1x Extensible Authentication Protocol to enable uniform policy enforcement enterprise-wide with whatever networking equipment a customer chooses.

Policy Enforcement Without Client Software

Until recently, enterprises had limited ability to alleviate the risks posed by guest PC access to their networks. Integrity Clientless Security addresses this exposure by enforcing baseline security requirements, ensuring session confidentiality and disabling spyware on both guest and employee endpoints that seek access to an enterprise’s Web based gateways and applications.

The same network access rules enforced by Integrity client-based solutions can now be enforced without the need for IT to install client software. Together, Integrity’s client-based and clientless options deliver the Total Access Protection that ensures all enterprise network endpoints comply with all network access requirements.

EASY AND FLEXIBLE MANAGEMENT

Integrity minimizes the time and effort necessary to manage deployments and security policies so that business can continue smoothly, safely, and efficiently. Rapid configuration and deployment With little or no end-user involvement, Integrity allows an administrator to create downloadable, pre-configured software packages to quickly and easily install new and upgraded Integrity client software. Upon installation, Integrity clients connect to the management server and receive a baseline policy. Administrators can quickly and easily configure this initial security policy using predefined best-practice policy templates. The Integrity Flex client option provides additional flexibility, ensuring that users adhere to corporate policy when on the corporate network, while allowing them to control their security settings when disconnected from it.

All Integrity clients offer Total Client Lockdown, which ensures that PC security and policy enforcement cannot be altered or disabled even by end users with local administrative privileges.

Simplified Policy Management

Integrity allows administrators to create a reusable policy element once and assign it to multiple policies. When the policy element is changed, Integrity automatically updates all associated policies and pushes them to all affected clients within seconds.

Administrators can also choose to define distinct policies that are automatically applied to endpoints as they move between networks, locations, and users. Integrity can dynamically assign a policy based upon a user’s IP connection address, user group or role, type of gateway (such as a VPN, switch, or wireless access point), or even a combination of these criteria. To guarantee protection for every endpoint, Integrity assigns a basic default policy for unrecognized users. Integrity offers several administration tiers, including a read-only role for troubleshooting endpoint issues without making unauthorized policy decisions. With server failover support, Integrity also assures high availability for business continuity.

Actionable Monitoring and Reporting

Integrity’s reporting capabilities provide both broad and detailed analytic insight into endpoint events. Administrators can view an extensive suite of filterable activity reports that provide graphs and granular detail on application usage, users with the most security alerts, policy compliance violations, and more.

Centralized and Decentralized Management Options

Integrity clients offer a comprehensive and flexible range of endpoint security management options for the enterprise. They are compatible with each other and can coexist within the same enterprise to meet different user needs.

Integrity Agent — Affords maximum, centralized IT control over endpoint security policies that are completely transparent to end users. Ideal for organizations that want to apply consistent security policy across nontechnical user populations, Integrity Agent is centrally managed through the Integrity Server management console. Administrators can choose to enforce their Integrity Agent policies only when the PC is connected to enterprise network, or at all times.

Integrity Flex — Provides all of the functionality of Integrity Agent plus the ability for end users to manage their own security policy when they’re not connected to the enterprise network. It enforces administrator-defined policy transparently when the user is connected to the enterprise, just like Integrity Agent. When mobile employees are disconnected from the enterprise and need to access other networks, such as customer LANs or home networks, Integrity Flex provides an intuitive GUI that allows them to easily make any adjustments needed to use other networks’ resources while maintaining the security of their PCs.

Integrity Desktop — Is a centralized, standalone solution that lets end users control their PC security environment. This solution is particularly appropriate for technically competent end users who have the ability to determine their security policies. It is also a smart answer when IT departments do not have the resources or charter to centrally manage the endpoint. Integrity Desktop and its security policy can be locked down so that consistent baseline security cannot be altered by end users.

CheckPoint Integrity - Predefined policy templates allow immediate endpoint protection across the enterprise with just a few clicks.

Predefined policy templates allow immediate endpoint protection

across the enterprise with just a few clicks.

LOW TOTAL COST OF OWNERSHIP

The ability of Integrity to integrate with the broadest range of network hardware and software increases the rate of return of prior technology investments. In addition to extensive gateway integration, Integrity automatically synchronizes with and supports group structures imported from directories and various authentication systems to minimize the time that staff spends maintaining Integrity groups. It also integrates with the most common database management systems.

Integrity synchronizes with leading anti-virus products to ensure that policy enforcement rules are always up-to-date. From a reference PC, Integrity can automatically gather updates and immediately deploy new policies requiring end users to install the updates. This unique Integrity benefit eliminates administrative time to manually gather and update policy data. Each Integrity Server supports up to 150,000 concurrently connected users. For smaller implementations, Integrity Server Workgroup Edition provides the simplest, fastest, and lowest total cost of ownership deployment, supporting up to 1,000 users with a built-in database that eliminates third-party database and integration costs.