Check Point overhauls its security software architecture

Software Blades, dedicated processing power and build-your-own UTMs on tap
Page:

Check Point is in the midst of a major overhaul of its security software architecture so customers can pick and choose the applications they want and dedicate computing resources to each depending on the performance they want to guarantee.

The company has taken the first step with the latest R70 version of its software that separates its various applications -- firewall, VPN, Web filtering, intrusion detection/prevention systems (IDS/IPS) -- into software blades that are available to customers a la carte or in pre-packaged bundles.

And Check Point is working toward being able to dedicate part of the computing power of multi-core processors to a single application, starting with its IDS/IPS platform. This capability will be expanded to the company's other security platforms over time.

The software-blade architecture is being announced Tuesday at Check Point's international customer meeting in Paris and will enable loading a custom mix of applications on a single, multi-core machine and dedicate entire cores to individual applications to guarantee performance, the company says.

Check Point calls this dedication of computing power Core XL and has applied for patents on it.

In earlier software versions, Check Point's security applications were bound to each other, as in its unified threat management (UTM) software that includes a firewall, IPS, virus and spyware protection, antispam, a Web-application firewall, VoIP security, instant messaging and peer-to-peer application blocking and Web filtering.

With the new architecture, customers could buy just those applications they want to create their own version of a UTM or to add more applications to today's UTM bundle, for example. Check Point calls this custom UTM capability XTM, to express that it is possible to extend UTM capabilities to add features.

This software-blade architecture could make deploying security more efficient for Visa, says the company's director of network security Chuck Riordan. "We're working toward consolidation and globalization and eliminating separate tools," he says. Rather than having a separate IDS/IPS platform as it does now, for instance, the company might put it on a single, multi-function platform, he says.

By running multiple security applications on a single, multi-core machine, the company could consolidate its hardware while preserving performance. "Using core technology on the hardware chipset itself, you could dedicate compute power to Web filtering and not affect stateful inspection," Riordan says.

Page:
More about: Check Point, Check Point Software, Core Technology, Gateway, IPS, Promise, Visa
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: check point software
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/149/dropbox/

Dropbox

Dropbox is a sharing tool that allows you to synchronize your documents, as well share files with others. It automatically uploads the files to the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia