Check Point Cuts Conventional Security with Software Blades

Check Point Software Technologies unveiled a new “software blade” architecture that it says will make it easier for its partners and end-user customers to design and implement security solutions tailored for their specific needs.

Similar to storage and server blades, Check Point’s software blades divide the different network and perimeter security functions into logical, interoperable modules. Depending on an organisation’s specific security needs, it can select the right mixture of blades—firewall, intrusion prevention, data loss prevention, VPN, management console.

“It’s all al a carte. You can add more licenses based on need,” says Oded Gonda, vice president of Network Security Products at Check Point.

The announcement of the new blade architecture was made at Check Point’s European user and partner conference in Paris. Check Point’s North American partners will get their first look at the new architecture and the first software blade product—the Security Gateway R70—at the North America user and partner conference in Las Vegas next month.

Check Point’s software blade concept is not a new idea. Since the advent of unified threat management (UTM) appliances in 2002, security vendors have been bundling essential security applications—stateful-inspection firewalls, IPsec VPN, intrusion detection system (IDS), anti-virus and Web filtering—into purpose-built perimeter appliance. One of the key selling points was the ability to turn on and off licenses for different modules, as need or desired.

Check Point says its software blade architecture differs significantly from the old paradigm in that the software blades are certified for interoperability and the creation of the synergistic layers of security is the choice of the end user of the reseller designing the solution. While Check Point has a line of appliances and recently acquired the security appliance division of longtime partner Nokia, its software blades are designed to run on the servers of the customer’s choice.

“The form factor is adjusted for the performance needs, but the blades are used for selected needs,” says Juliette Sultan, Check Point’s head of global marketing. “You don’t need a UTM; you can have all the functions you need on the same server.”

The ability to choose the right platform is a significant differentiator, Check Point claims. Its software blades are designed to operate on any server, and performance is limited by server capacity. The software blades are consistent in their functionality. This means users can deploy the software blades on a small server for a remote office and a large server in an enterprise data centre and have the same level of security and manageability across the extended network.

Performance degradation is not limited to the server capacity, however. Adding more software blades to a server will impact performance. Check Point says it will certify performance levels for different combinations, so users will know what to expect. In most cases, Check Point claims, performance degradation when using multiple blades is minimal. If performance is an issue, Check Point offers an acceleration blade as part of its repertoire.

Pricing for the software blade architecture comes in two forms: a la carte and predefined systems.

Predefined systems include a bundled set of blades and priced based on a combination of the number of blades used and the number of server cores. The a la carte option allows solution providers and users to pick and choose the right combination of blades for specific security needs. Check Point says the a la carte option gives users the ability to move blades to different servers and locations depending on utilisation and need. The predefined packages do not give that flexibility.

The first product of the software blades architecture is the Security Gateway R70, which includes the intrusion prevention blade, firewall and VPN, and a management console. Check Point is making the R70 available for sale next month.