As this article points out, this is a direct response to market demand as well as Cisco's Okena and NAI's Entercept purchases. Also, checking for expected and valid http input, starts to put the firewall's functionality into the space covered, in part, by 'application firewall' vendors like Sanctum and KaVaDo.
Entercept is an OS level intrusion prevention technology that sits on the host, not on a gateway firewall. So it does server a similar business purpose but approaches the solution in a different manner.
Checkpoint's approach is something that firewall's really should have been doing a long time ago. One question, though, is going to be how and if this affects the firewall's performance. Checkpoint has built a reputation on speed and ease of use and doing additional data inspection can affect throughput if it's not architected properly.
Posted by Diana at May 12, 2003 07:22 AM