Skip Links

Check Point overhauls its security software architecture

Software Blades, dedicated processing power and build-your-own UTMs on tap

By , Network World
February 24, 2009 12:54 PM ET

Network World - Check Point is in the midst of a major overhaul of its security software architecture so customers can pick and choose the applications they want and dedicate computing resources to each depending on the performance they want to guarantee.

View a slildeshow of this product.

The company has taken the first step with the latest R70 version of its software that separates its various applications – firewall, VPN, Web filtering, intrusion detection/prevention systems (IDS/IPS) – into software blades that are available to customers a la carte or in pre-packaged bundles.

And Check Point is working toward being able to dedicate part of the computing power of multi-core processors to a single application, starting with its IDS/IPS platform. This capability will be expanded to the company's other security platforms over time.

The software-blade architecture is being announced Tuesday at Check Point's international customer meeting in Paris and will enable loading a custom mix of applications on a single, multi-core machine and dedicate entire cores to individual applications to guarantee performance, the company says.

Check Point calls this dedication of computing power Core XL and has applied for patents on it.

In earlier software versions, Check Point's security applications were bound to each other, as in its unified threat management (UTM) software that includes a firewall, IPS, virus and spyware protection, antispam, a Web-application firewall, VoIP security, instant messaging and peer-to-peer application blocking and Web filtering.

With the new architecture, customers could buy just those applications they want to create their own version of a UTM or to add more applications to today's UTM bundle, for example. Check Point calls this custom UTM capability XTM, to express that it is possible to extend UTM capabilities to add features. (Compare Unified Threat Management products.)

This software-blade architecture could make deploying security more efficient for Visa, says the company's director of network security Chuck Riordan. "We're working toward consolidation and globalization and eliminating separate tools," he says. Rather than having a separate IDS/IPS platform as it does now, for instance, the company might put it on a single, multi-function platform, he says.

By running multiple security applications on a single, multi-core machine, the company could consolidate its hardware while preserving performance. "Using core technology on the hardware chipset itself, you could dedicate compute power to Web filtering and not affect stateful inspection," Riordan says.

The new architecture allows more flexibility than the old one or the alternative of using separate appliances from multiple vendors, he says. "On the fly you could add or remove a function," he says.

Visa has not yet tested the new Check Point software, but plans to. "We'll run it through the mill to see how we might take advantage of the core technology," he says.

Eric Ogren, a security analyst with the Ogren Group, says that the software-blade architecture holds the promise of focused security applications with recommended policies preset and ready to go out of the box.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News