OPSEC Partners

QualysGuard for Check Point

Product Version Certified: 1.6 (CP2000), v1.7 (NG & CP2000)
Certified for use with: Check Point 2000 & NG

Product Description: QualysGuard for Check Point is the first web-based managed vulnerability assessment service that integrates with VPN-1 / FireWall-1 to monitor and automatically scan enforcement points and the hosts they protect after a policy update within a management server. Easy to read HTML reports communicate new vulnerabilities and network security trend analysis to security administrators.


Key Features and Benefits OPSEC Integration Qualys Whitepaper

Company Description: Qualys, Inc., the leader in Managed Vulnerability Assessment, enables security providers, security professionals, and corporate customers to automatically audit Internet-connected networks for security vulnerabilities. Qualys' innovative web-service platform approach enables immediate, transparent and continuous security auditing and risk assessment of global networks, inside and outside the firewall. Founded in 1999 by a team of Internet security experts, Qualys is headquartered in Redwood Shores, California, with offices in France, Germany and the U.K. The company is privately financed by Deutsche Bank ABS Ventures, Trident Capital, and VeriSign, the leading provider of Internet trust services.

Key Features and Benefits

QualysGuard for Check Point offers the following features and benefits.

QualysGuard Firewall Plug-In is OPSEC certified for integration with Enterprise Management Consoles & Provider-1 for seamless firewall policy monitoring.
Automatic vulnerability assessment of enforcement points and protected systems when a policy update is installed to one or more enforcement points.
Easy to read HTML reports with email notification to security administrators when an assessment is complete.
Log file updates noting vulnerability assessment results and trend analysis.
Complete vulnerability assessment utilizing the QualysGuard Inference Engine that assesses over 300 applications on more than 20 different platforms.
Trend analysis showing improvements or new vulnerabilities for an ongoing record of network security history.
No software updates or hardware upgrades required, as the QualysGuard Managed Vulnerability Assessment (MVA) service is online 24x7.
Now you can proactively conduct network vulnerability surveillance as part of the firewall policy update process; it is automatic, quick and comprehensive.

OPSEC Integration

QualysGuard for Check Point is certified for use with NG and CP2000 releases.

The QualysGuard Firewall Plug-In integrates with CPMI (Check Point Management Interface) for NG installations, or the OMI (Object Management Interface) for CP2000 installations. The Firewall Plug-In integrates with Check Point Enterprise Management Consoles and Provider-1 to detect when new policy updates are installed on enforcement points. Once a policy update to a gateway is detected, the QualysGuard Firewall Plug-in activates a vulnerability assessment scan utilizing the QualysGuard Inference Engine for a quick and comprehensive review. Security administrators receive an email when the process is complete with a link to easy-to-read HTML reports noting any new vulnerabilities and a network security trend analysis for each firewall and its protected hosts.

Utilizing ELA (Event Log API) the QualysGuard Firewall Plug-In also writes updates to the Check Point Management Console log files for both NG and CP2000 installations, noting results from the vulnerability assessment scan, a URL link to the HTML reports, and network security trend analysis information.

The QualysGuard Firewall Plug-In is a Windows-based service that can be installed upon a Windows-based Enterprise Management Console or on a Windows system near a Solaris-based Enterprise Management Console or Provider-1. The QualysGuard Firewall Plug-In is compatible with all enforcement point operating systems and appliances.