By now I’m sure you’ve seen, heard, or read Check Point’s official announcements made at NASDAQ this morning. This is by no means a regurgitation of the official press releases, but it is my own personal take on what was announced. If you want to see the announcement for yourself, check out the recording!

(Just to be clear, I work for Check Point and these are my own thoughts.)

Check Point R75.20

This release (press release, download) brings a number of new features. One of the most anticipated ones is the ability to inspect outgoing SSL traffic. Not just for Application Control, where it is most needed given the proliferation of sites requiring SSL, but in all the various software blades we support. And its included as part of the relevant software blades license (i.e. it’s not a separate charge).

SSL inspection is done by essentially doing a “man in the middle” on the traffic. The gateway dynamically generates a certificate for the destination website, which is presented to the client when they connect. This allows the Security Gateway to see the traffic “in the clear” and make the relevant security decisions. The connection is encrypted as it leaves the gateway with SSL. Since SSL inspection is more intensive than inspecting HTTP traffic, and potentially creates potential regulatory issues by its use, you will have granular controls as to when this feature is invoked.

Another new feature in R75.20 is a completely revamped URL Filtering blade. While Check Point is still selling this as a separate product, it is actually integrated with Application Control. Applications and URL Filtering categories are given equal billing in the now combined Application Control and URL Filtering rulebase. You can do user-level URL filtering (with Identity Awareness) and can take advantage of our UserCheck technology to inform users of the policies. We can also handle HTTPS websites and custom categories. The categories themselves have also been substantially updated.

Unlike with previous versions of URL Filtering, where the entire URL filtering database was stored locally on the Security Gateway, the new engine makes use of the cloud. Commonly accessed URLs and their categories are stored in a local cache on the gateway. Over 99% of your web traffic should be met by the local cache on your gateway. When someone accesses a URL not in the local cache, the URL Filtering database in the cloud is consulted, with the result being stored in the local cache for future use.

The Data Loss Prevention (DLP) blade also gets a substantial update in R75.20. HTTP performance is substantially improved in this release and you also gain the ability to examine HTTPS traffic as well. A large number of additional “out of the box” datatypes are now included. We also integrate with an internal Microsoft Exchange server so DLP can be performed on internal email as well as email leaving the organization.

SecurityPower

A common complaint I’ve heard from Check Point customers over the years is that the performance numbers we quote for our appliances don’t reflect what performance you’ll get in the real world with real world traffic patterns. This is because performance numbers have been historically quoted for a single firewall rule (any any any accept) with the most optimal traffic pattern (1500 byte UDP packets). To be fair, this has been the standard industry practice for some time now. Every vendor of network equipment performs tests like this.

Unfortunately, this isn’t a good indicator of how an appliance will perform under real world conditions. With that in mind, Check Point has developed a new testing methodology for its appliances using a real rulebase (100 rules) with real-world traffic patterns (both based on industry standards and actual patterns seen at Check Point customer installations). This rulebase and traffic pattern exercises all of the various features and functionalities available in our Security Gateway. Based on those tests, Check Point has rated each appliance with a SecurityPower Unit rating (SPU).

One could call the SPU an arbitrary metric. What it gives you is a relatively simple way to compare appliances and the relative security load they can handle. More importantly, an SPU can be generated for a given set of requirements (required blades, throughput, number of connections, and so on). You can then compare that against the available appliances to ensure you choose the right security appliance for the right security task.

Check Point has developed a tool that does exactly this. It will be available shortly. Personally, I think this is a big deal.

New Appliances

Two new appliances are being launched today for the data center: the 21400 (press release, product page) and the 61000 (press release, product page). These appliances are aimed squarely at the data center, where tens or even hundreds of megabits gigabits per second of throughput are needed!

The 21400 is a powerful 2U platform that features massive port density (up to 37 1000-base-T ports, 36 1000-base-F SFP ports, or 12 10GBase-F SFP+ ports), 50 GB of firewall throughput, 21GB of IPS throughput, hot-swappable redundant power supplies and disk drives, and an optional Lights-out Management card. Everything you’d expect from a carrier-grade chassis. The appliance runs both R71 and R75 with SecurePlatform.

The 61000 series, on the other hand, is a monster appliance! It’s a 14U (DC) or 15U (AC) bladed chassis that, when fully loaded, will support 200GB of firewall throughput today and, with future hardware and software enhancements, will support over 1TB of throughput in the future! Aside from all of the various connectivity and redundancy options, the appliance acts as a single platform that, when new hardware blades are added, automatically configures itself to distribute the load between the blades! The platform currently runs a 64bit version of SecurePlatform based on R75.

Both appliances, which are referred to as Data Center Appliances, are available now on the Check Point pricelist.

Mobile devices are, like any powerful tool, a double edged sword. They enable unprecedented ability to access and create information from anywhere! They are also a huge problem for information security.

Unlike a traditional PC, where there are a number of solutions to address various information security needs, mobile devices (those running iOS, Android, Symbian, Blackberry and others) provide little if any mechanisms for third parties to provide security solutions. Beyond ActiveSync integration, which itself is potentially untrustworthy (remember how iOS used to lie to Exchange servers that their mail store was encrypted?), other options for securing the device or data on the device are limited.

That said, mobile operating systems have had the benefit of experience of other operating systems. They are designed to be more resistant to intrusion by requiring signed code, employing sandboxing, limiting the available APIs, and more. It doesn’t eliminate the risk of security vulnerabilities, but it does minimize the risk known ones will occur.

Unfortunately, the “baked in” security only addresses a small segment of potential security issues. It does nothing to address future security issues that might crop up. Due to the limited APIs, it is not possible for third parties to address these issues without cooperation from the OS vendor (e.g. Apple, Google, Nokia). Unfortunately, security threats evolve far faster than an OS vendor’s ability to mitigate these threats on their own. Just look at how long it took Microsoft to enable the firewall in Microsoft Windows by default, implement driver signing, or any number of other security mechanisms that are just the default on mobile operating systems.

Even so, the most important feature of a mobile device–the ability to access and share information from anywhere–is also a threat to an enterprise. The potential for data leakage is substantial! All I have to do is take a picture of a whiteboard in an office with confidential data on it using an Android phone with Google+ automatically uploading my photos “in the cloud” to have a potential data leak! Not to mention using your personal device to access mobile email and working with attachments.

Even if adequate tools existed to address all the issues on mobile devices, one should not blindly rely on these tools. It comes down to people understanding the security implications of their actions and adjusting their actions accordingly.

I have a habit of keeping older technology around. Just because it’s not new and shiny doesn’t mean it won’t continue to be useful.

Such is what I have found with my Think Outside Stowaway Sierra Bluetooth Keyboard. I bought it back in 2007 to pair with the Nokia N800 tablet. While the Nokia N800 never lived up to its full potential (and given what’s Nokia’s plans are for Meego, one wonder why they bothered to release the N950), the Think Outside Keyboard can still be used with any Bluetooth-enabled Smartphone or, in this case, my iPad 2.

I remembered why I liked this keyboard initially: it’s more or less a full sized keyboard complete with arrow keys. This makes it very easy to type on. It also folds up into a reasonable size, which makes it very portable.

For the sake of argument, I’ve taken some comparison pictures with the Zippy BT-500, which is a portable keyboard I reviewed previously. As you can see, the Zippy keyboard is a smaller keyboard, but the keys are too cramped to type on comfortably. This Think Outside keyboard is definitely better to type on.

The only thing I don’t like about it is that the keyboard is not suitable for using on anything but a flat surface. However, I can’t complain about the cost of this keyboard since I paid for it four years ago. With a fresh battery, it still works pretty good.

Think Outside got acquired by iGo at some point and they’ve stopped selling these or similar keyboards. It’s a shame, because a variant of this keyboard will still sell pretty well today.

I don’t normally write about something as mundane as HDMI cables. They’re all the same, right?

RedMere Technolgies makes an active-cable technology that various video cable manufacturers can incorporate into their cables to make them smaller, lighter, and more flexible, yet provide excellent video quality. While that’s certainly nice even for your typical HDTV components, where the thinner cables are really desirable is for portable devices such as mobile phones.

RedMere’s PR agency sent me a couple of cables for my Nokia E7 to review (they didn’t know if I needed an HDMI-C Mini or HDMI-D Micro cable, turned out it needs an HDMI-C). They were RedMere-branded cables, but RedMere themselves doesn’t make cables for sale. These are representative samples of cables you can find for sale from various manufacturers and retailers.

I hooked up my Nokia E7 to my HDTV using both the RedMere-supplied cable as well as a regular HDMI cable connected to my Nokia-supplied adapter. I could not tell the difference between the two cables in terms of video quality, but there’s a clear difference between the thickness and weight of the cables. The RedMere cable clearly wins in terms of portability, being lighter and thinner than even my Micro USB cables I couldn’t imagine putting a regular HDMI cable in my travel bag due to its thickness and size.

There are a number of manufacturers that make cables with RedMere technology inside. If you’re looking for a smaller, thinner HDMI cable, you can’t go wrong with one of these cables.

As implied by my review of the Hammerhead case for iPad 2, I am now the proud owner of an iPad. Yes, I successfully resisted the siren call of Steve Jobs long enough. However, a funny thing happened: I spent a few days on the road with Kellman and saw how he used his. That pretty much sold me on the utility of the iPad.

Kellman did a number of really cool things:

• Had ubiquitous connectivity thanks to the built-in 3G modem. This isn’t so much of a concern for me when I travel in the US, but when I travel outside the US, it’s very much an issue. The iPad 2 is unlocked so I can easily swap in a SIM card from a different operator. I can also easily sign up for a prepaid data package right from my iPad (though I haven’t tried this yet).
• Did a presentation from his iPad. You can get a cable for your iPad that allows you hook up to a VGA projector, use Keynote to give the presentation, and control the presentation with an iPhone! No laptop required!
• Accessed a number of computers remotely using LogMeIn Ignition. While this is a rather pricey app at $29.99, it gives you the ability to control any number of PCs or Macs from your iPad using the well-known LogMeIn service without any additional charges. I recently tried this out with my computers and it works well.
• Flipboard. I had heard about it, but until I actually saw how it worked with my own eyes, I didn’t really get it. Now I do. It integrates Twitter, Facebook, and a number of news/information sources from the web and presents it in a magazine-based format that is very compelling.

Given the above, the fact I already had a significant investment in the Apple universe (having purchased an iPhone 3GS two years ago and an iPod Touch for the family last year), and the fact that none of the Android tablets I looked at were nearly as compelling, including the Samsung Galaxy Tab 10.1, which is was the closest, I pulled the trigger and bought one. It wasn’t cheap, that’s for sure, especially since I opted for the 64gb version with 3G.

Once I got it home, and given my recent experiences with the Nokia E6 and Nokia E7, I began to understand why people really love the iPad. The software is one aspect, of course. Then again, as an iPhone/iPod Touch owner, I already knew this. What made it more compelling was, quite honestly, the larger screen.

It’s not just to see the content better, though I certainly found that to be one reason to like the iPad. The screen size also enables one to utilize a touch interface either. This point was driven home to me when I was evaluating the Nokia E6 with its small but touch-enabled screen. Having the real estate to actually perform the various touch actions is very important. The iPad has that. In spades.

The other obvious benefit to having a large screen is you can have an even larger battery. 10 hours is quite a lot of battery life. While I haven’t been able to get anywhere near running the battery down, it certainly will last a normal day. Considering I frequently fly to Israel, which takes me almost 24 hours, having a gadget that can last the entire journey without having access to a power plug is certainly desirable. I’m putting this to the test as I type this.

The iPad 2 has both a front-facing and rear-facing camera. The camera quality is nothing to write home about, of course, though I can find uses for this. I have smartphones to capture higher-quality pictures, anyway.

In any case, I am very happy with my iPad purchase. I wish more of the apps I had previously purchased previously were iPad enabled. I had to spend some money to buy iPad-enabled versions of many of the apps I was actively using, which is far preferable to using iPhone apps in the emulation mode.

I recently bought myself an iPad 2. While that topic in and of itself is worthy of a blog post, at the moment I’ll focus on the fact that needed a case for it.

The obvious choice would be the Apple’s Smart Cover. While I’ve seen them in action, the main issue I have with them is they only cover the screen. They don’t necessarily cover the rest of the iPad. The fact it wakes and sleeps your iPad is nice. $40 for a piece of polyurethane and magnets (or $70 for leather) was a bit spendy.

When I was looking in Target yesterday, the only thing that looked like it might work was a case from Speck, more specifically the PixelSkin HD Wrap for iPad 2. I didn’t like it. The case was too hard to get on and the screen cover was not easy to fold up for propping up on a table (or holding for that matter). Really didn’t like it.

Fortunately, when I got home, I found a Hammerhead iPad 2 Hard Shell Case had arrived at my house. Katie, a PR rep from Sommerfield Communications, sent it over to review. It was very easy to get on my iPad 2. The cover easily folds up for either horizontal, vertical, or slated use. The cover turns the iPad screen on and off when it closes just like the Smart Covers. And the price through Amazon with free shipping? $39.99! A better case for the money, if you ask me.

So you can see the case in action, I took a couple of shots of my iPad with the case in various conditions. I’m very happy with this case and, had it been available at Target, I would have bought it instead of the Speck.

From When a Smartphone Is Too Much for Travel – NYTimes.com:

With the rise of the iPhone and the Blackberry, it’s hard to imagine hitting the road without a phone that can’t download music, serve up maps or send and receive e-mail. But sometimes a body just needs to make a few calls from the road. Sometimes a body needs a featureless phone.

Or you can use an older Symbian device like the Nokia E71 and get the best of both worlds–the ability to make calls, long battery life and some Smartphone niceties like maps and social networking.

Some of the annoyances of Symbian phones of this vintage, namely the incessant prompts to connect, are actually a benefit. When I’m traveling and using one of my roaming SIMs (e.g. Truphone, Maxroam), I can certainly use data, but even at their lower rates, I don’t want to use very much data. Just enough to, say, update my Twitter feed.

Using Opera Mini on a late-model Symbian device like the Nokia E71, which compresses web pages by up to 90% by routing requests through Opera’s servers, you can do that and more without breaking the bank.

Two handsets arrived at Casa de PhoneBoy recently: a Nokia E7 with Symbian^3 and a Nokia E6 with Symbian Anna. In my last post, I reviewed the Nokia E7. This time around, I’m reviewing the Nokia E6. Unlike the E7, which I’ll get to keep, the E6, which went back to WOMWorld.

This will be another long post, so go get your coffee and settle in for a nice read. If you haven’t already, I would encourage you to read my previous post on Symbian^3 and the Nokia E7 as a lot of that also applies here as well.

(more…)