Check Point Announces New Software To Control Facebook, Other Web Apps

Employees have access to thousands of Web applications, from productive business tools to benign time-wasters to apps that represent serious security threats. Wildly popular Web 2.0 apps such as Facebook can fit into any one of those categories, which makes it difficult for enterprises to define and enforce policies that protect the business without stifling legitimate activity. Check Point Software Technologies aims to help with new software that provides policy-based application control. The Check Point Application Control Software Blade lets enterprises implement flexible policies over more than 4,500 applications and 50,000 social network widgets. The software can run on appliances from Check Point and its partners.

"From a security perspective, this gives enterprises white-listing capabilities and bandwidth throttling," says Job Oltsik, senior principal analyst at Enterprise Strategy Group. "I can control if I don't want people to have access to certain applications, or I want to restrict access based on time of day, for example." Enterprises can simply block applications or apply granular controls on users or groups based on tight integration with Active Directory.

With control over social networking widgets, organizations can give employees free rein to use Web 2.0 apps for business, while curbing unproductive use and minimizing associated security threats. For example, companies can allow chat and selected applications on the Facebook platform, but ban games and other unproductive or risky apps.

Organizations can also use the application control software as a training/employee awareness tool by creating custom pop-up messages that either advise users of corporate policy or ask how they intend to use the app. In any case, all activities are logged for follow-up reporting, forensics and acceptable use and/or security policy enforcement. Check Point assigns a risk rating of 1 to 5 for each application it controls. For example, P2P file-sharing software BitComet is ranked 5, while Adobe Acrobat Reader is a 1. So when creating policy, rather than go through each of the 4,500-plus applications, enterprises might start by prohibiting all apps carrying a high risk rating.

The real strength for Check Point is not in any one blade but in integrating a comprehensive range of security (firewall, IPS, DLP, Web security and e-mail) and network (QoS, acceleration, clustering and VoIP) blades onto a common architecture with central management. "There's a tremendous amount of firewall consolidation," says Oltsik. "I see a lot of enterprise companies looking for more integrated solutions; this could open the door to more enterprise opportunities." That said, Check Point also faces significant challenges from major vendors such as Cisco Systems and McAfee, as well as nimble young companies such as Palo Alto Networks, which makes an application firewall.

Companies are concerned about security threats posed by the proliferation of social network use, according to a Check Point-sponsored survey released today by the Ponemon Institute. In particular, about 80 percent of the respondents from the U.S. and Japan think that Web 2.0 has a "significant" or "very significant impact" on corporate security posture. However, respondents also said that human resources and legal should be most responsible for ensuring that employees use Internet applications and content sharing properly, well ahead of IT, IT security and the end-users themselves.

While Check Point is putting strong emphasis on security in marketing the application control software, more than half the respondents cited workplace inefficiencies among problems or concerns associated with Web applications. In other words, companies are also worried about employees wasting time on the Web, and the productivity message may carry just as much weight with potential customers as security risks. The survey, "Web 2.0 Security in the Workplace," reflects responses of more than 2,100 C-level executives (more than half of them CIOs) from the U.S., U.K., France, Australia and Japan.

Check Point is building its blade on the application database developed by Web security vendor FaceTime, which Check Point acquired earlier this year. Check Point says it continues to build the database. The Application Control Software Blade will be available in the fourth quarter of this year.