Check Point Software Technologies unveiled a new “software blade”
architecture that it says will make it easier for its partners and end-user
customers to design and implement security solutions tailored for their
specific needs.
Similar to storage and server blades, Check Point’s software blades divide
the different network and perimeter security functions into logical,
interoperable modules. Depending on an organization’s specific security needs,
it can select the right mixture of blades—firewall, intrusion prevention, data
loss prevention, VPN, management console.
“It’s all al a carte. You can add more licenses based on need,” says Oded
Gonda, vice president of Network Security Products at Check Point.
The announcement of the new blade architecture was made at Check Point’s
European user and partner conference in Paris.
Check Point’s North American partners will get their first look at the new
architecture and the first software blade product—the Security Gateway R70—at
the North America user and partner conference in Las Vegas next month.
Check Point’s software blade concept is not a new idea. Since the advent of
unified threat management (UTM) appliances in 2002, security vendors have been bundling
essential security applications—stateful-inspection firewalls, IPsec VPN,
intrusion detection system (IDS), anti-virus and Web filtering—into
purpose-built perimeter appliance. One of the key selling points was the
ability to turn on and off licenses for different modules, as need or desired.
Check Point says its software blade architecture differs significantly from
the old paradigm in that the software blades are certified for interoperability
and the creation of the synergistic layers of security is the choice of the end
user of the reseller designing the solution. While Check Point has a line of
appliances and recently acquired the security appliance division of longtime
partner Nokia, its software blades are designed to run on the servers of the
customer’s choice.
“The form factor is adjusted for the performance needs, but the blades are
used for selected needs,” says Juliette Sultan, Check Point’s head of global
marketing. “You don’t need a UTM; you can have all the functions you need on
the same server.”
The ability to choose the right platform is a significant differentiator,
Check Point claims. Its software blades are designed to operate on any server,
and performance is limited by server capacity. The software blades are
consistent in their functionality. This means users can deploy the software blades
on a small server for a remote office and a large server in an enterprise data
center and have the same level of security and manageability across the
extended network.
Performance degradation is not limited to the server capacity, however.
Adding more software blades to a server will impact performance. Check Point
says it will certify performance levels for different combinations, so users
will know what to expect. In most cases, Check Point claims, performance
degradation when using multiple blades is minimal. If performance is an issue,
Check Point offers an acceleration blade as part of its repertoire.
Pricing for the software blade architecture comes in two forms: a la carte
and predefined systems.
Predefined systems include a bundled set of blades and priced based on a
combination of the number of blades used and the number of server cores. The a
la carte option allows solution providers and users to pick and choose the
right combination of blades for specific security needs. Check Point says the a
la carte option gives users the ability to move blades to different servers and
locations depending on utilization and need. The predefined packages do not
give that flexibility.
The first product of the software blades architecture is the Security Gateway
R70, which includes the intrusion prevention blade, firewall and VPN, and a management
console. Check Point is making the R70 available for sale next month.
