FORM 20-F - Check Point
FORM 20-F - Check Point
FORM 20-F - Check Point
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
endpoint devices, such as personal computers. Endpoint security includes personal-firewall, Network Access<br />
Control (NAC), program control, antivirus, anti-spyware, data security, URL filtering, anti-spam and remote<br />
access features that have been specifically designed for remote personal computing devices.<br />
Lost or stolen computers can end up in the wrong hands, intentionally or unintentionally. Companies of<br />
all sizes and government agencies face the consequences of losing sensitive data from lost laptop computers,<br />
removable media or plug-and-play storage devices. This drives the need for a complete data protection solution<br />
that secures data on all common platforms, deploys easily, scales to any size organization and meets strict<br />
compliance requirements related to privacy laws and regulations. For example, a number of publicized cases<br />
involving large corporations losing unencrypted laptops and exposing millions of customers and employees to<br />
potential identity theft have prompted a surge in data protection legislation and regulatory compliance laws<br />
worldwide. The relative ease with which data may be lost makes data security a major concern for organizations.<br />
To mitigate this risk, organizations are looking to extend security beyond the network infrastructure, to the data<br />
itself.<br />
The primary means of protecting data that resides on endpoints are: full-disk encryption of the hard drive<br />
with access control (rendering the data useless to unauthorized parties), media encryption and port protection (to<br />
prevent unauthorized copying of sensitive data to USB flash drives, writable CDs and DVDs, etc.) and mobile<br />
device and memory card data encryption (to prevent sensitive data from being accessed on lost or stolen PDAs<br />
and smartphones).<br />
Products and Services<br />
Our products, services and technologies provide the following protection:<br />
1. Network and gateway security:<br />
Our wide range of network security gateways allows our customers to implement their security<br />
policies on network traffic between internal networks and the Internet as well as between internal networks<br />
and private networks used with partners. These gateways are available as either software solutions or<br />
integrated into complete solutions including hardware and can scale to meet the requirements of<br />
organizations of many sizes. Versions of our software include the following technologies to secure traffic:<br />
� Firewall – Inspects traffic as it passes through security gateways, classifying it based on various criteria<br />
such as source and destination of connection, protocol, services and application used. This provides a<br />
means to allow, block and log each connection based on the organization’s security policy. Our firewall<br />
technology is based on several key differentiated technologies, including:<br />
o Patented Stateful Inspection technology that allows flexible and programmable classification<br />
of network traffic.<br />
o Application Intelligence technology that contains various means to detect the correct use of<br />
application protocols and can block attacks that attempt to utilize such exploits in specific<br />
applications.<br />
o Network Address Translation – Allows hiding of internal addresses so internal users are not<br />
exposed to external threats, as well as connecting private networks that use “generic”<br />
addresses using publicly defined external addresses.<br />
o Specific technologies to prevent denial-of-service (DoS) attacks on networks. These attacks<br />
include various ways of overloading applications and networks in multiple requests that try<br />
to slow and stop their response.<br />
22