OPSEC Partners

ipANGEL™

Product Version Certified: 2.x (Sensor-Gateway & Standalone)
Certified for use with: Check Point Next Generation

Product Description: TrustWave's ipANGEL Vulnerability Shield, coupled with Check Point FireWall-1®, provides complete protection against all network and application attacks. It is designed to defend against relevant attacks - the attacks that will compromise network operations. ipANGEL is "user friendly" and virtually maintenance free; forgotten attributes in other IDS/IPS products.


Key Features and Benefits OPSEC Integration Additional Information

Company Description: TrustWave is a leading developer of next generation security software that defends networks against attacks; providing a real-time vulnerability shield that enhances Check Point FireWall-1. TrustWave's product, ipANGEL, is affordable, easy to use, and provides unmatched protection against attacks. In 2002, TrustWave was named "Outstanding New Partner" by Check Point Software for its innovative technology.

Key Features and Benefits

Vulnerability Shield - a new approach

TrustWave's ipANGEL marks a departure from the traditional thinking of what an intrusion prevention product should do. It detects and shields vulnerable applications without duplicating the capabilities of the firewall. TrustWave purposefully limited ipANGEL's scope:

Operates exclusively with FireWall-1®
Does not duplicate FireWall-1's capabilities
Ignores traffic that is not an attack against vulnerable applications and systems

This approach has enabled TrustWave to focus on building the intelligence and automation that make ipANGEL easy to deploy and maintain

Five intelligent engines power ipANGEL:

Firewall-1 Policy mapping (using CPMI API)
Vulnerability Scanning
Rule Correlation & Management
Intrusion Detection
Defense & Countermeasure (using SAM API)

ipANGEL can be deployed in either a"standalone" or a "sensor-gateway" configuration. Both are OPSEC certified and tightly integrated with Check Point FireWall-1. As a sensor-gateway, ipANGEL operates as an add-on module and is installed on the same hardware device as FireWall-1. TrustWave's ipANGEL sensor-gateway is a unique solution in conjunction with Check Point FireWall-1.

Automated Features

Vulnerability scanning
Intrusion detection
Self-tuning
Auto-update of attacks and rules
Real-time attack protection

Benefits

Affordable
Easy to deploy and maintain
Always up-to-date
Ongoing vulnerability protection
Enhanced perimeter security

OPSEC Integration

The ProcessipANGEL interogates FireWall-1's policy via Check Point's CPMI API and creates a policy map that reflects the network's current security posture. A list of hosts and ports to be scanned is then extrapolated from the policy map and a vulnerability scan is launched. The results of the vulnerability scan are used to create a vulnerability profile from which appropriate intrusion detection rules are determined and loaded into the rulebase. When the intrusion detection engine identifies a relevant attack, ipANGEL instructs FireWall-1 to drop the connection via Check Point's SAM API.

CPMI -	ipANGEL queries the firewall for policy information via Check Point's CPMI API.ipANGEL determines which IP addresses (and ports) will be automatically scanned and instructs the detection engine to listen for attacks on specific IP addresses (and ports) based upon information in the firewall policy.
SAM -	ipANGEL instructs the firewall to "drop & inhibit" attacks via Check Point's SAM API.When ipANGEL sees a relevant attack against a vulnerable host, it instructs FireWall-1 to drop & inhibit the connection. The "inhibit" time to live (TTL) can be set via ipANGEL's user interface.

Additional Information

The Emergence of the Vulnerability Shield - Whitepaper (PDF)
ipAngel-FireWall-1 Interoperability (PDF)
ipANGEL - Datasheet (PDF)