Check Point moves to software blade architecture

Each blade is an independent, modular and interoperable security application

IT security firm Check Point is hoping to fundamentally alter network security with the launch of a Software Blade Architecture.

At Check Point Experience in Paris this week, chief executive Gil Shwed said that IT managers are under growing pressure as network infrastructures become increasingly complex and good security becomes more difficult to deploy.

Similar to the concept of hardware blade server architectures, customers choose a container which sets out the hardware specifications, such as one, two, four or eight cores, and then populates the container with a selection from a library of gateway and management software blades to give them the exact security protections necessary to their business.

Each blade is an independent, modular and interoperable security application, such as a firewall, virtual private network (VPN), intrusion prevention system, anti-virus, policy management or provisioning blade, and allows customers to select the exact security software blades they need for each part of the business.

"Every business has different needs and requirements. Even within the same organisation different parts of the business have different security requirements, for instance between headquarters and branch offices or between different departments," said Shwed.

"The new software blade architecture gives the ultimate flexibility by allowing people to create any configuration they require. To address each new risk businesses can now consolidate multiple security systems by simply activating software blades on their Check Point security platform."

According to Shwed, the new platform is simple, flexible, extensible and manageable. Should new security features be needed, the appropriate blade can be added to a container and activated, while container licences can be upgraded, or new containers purchased, should extra resources be required. Blades can also be migrated between containers to meet resource or deployment needs.

For example, a business could start with a single-core, single-blade firewall system, and turn on functionalities such as VPN, network anti-virus, VoIP security and intrusion prevention by adding four blades. To meet their performance needs the system can be upgraded into a two-, four- or eight-core computing system, enabling multi-gigabit performance with the extended functionality.

"IDC expects the next generation of security products to offer more flexibility in features and deployment options, a trend that is accelerated by the current state of the economy and the demand for more cost-effective solutions," said Andrew Hanson, network and endpoint security analyst at IDC.

"Check Point's new software blade architecture offers important flexibility and customisation options to deliver security tailored to each enterprise's specific environment. The modular approach can also supply cost saving benefits as they can be deployed dynamically without the need to upgrade hardware, firmware or drivers."

Software blades can be deployed on Check Point UTM-1 or Power-1 appliances as well as open servers. The company is also hoping to make purchasing blades simpler by charging a flat fee of $1,500 (£1,000) for almost every blade.

To start, Check Point will provide around 20 blades covering the most common security features, with more coming every few months. Future blades will include VoIP security, data loss prevention, network access control, SSL VPN and multi-core acceleration, as well as management blades for provisioning and workflow systems.

The first product based on the blade architecture is the Check Point R70, a major new version of its security gateway and management system.