The new architecture allows more flexibility than the old one or the alternative of using separate appliances from multiple vendors, he says. "On the fly you could add or remove a function," he says.
Visa has not yet tested the new Check Point software, but plans to. "We'll run it through the mill to see how we might take advantage of the core technology," he says.
Eric Ogren, a security analyst with the Ogren Group, says that the software-blade architecture holds the promise of focused security applications with recommended policies preset and ready to go out of the box.
"So instead of the poor IT guy trying to figure out which IPS rules to use for voice over IP traffic or at some point down the road virtual desktops, Check Point could build that right in," Ogren says. "They could say we're going to give you a voice-over-IP-security module, and it will have a policy that says these are the types of exploits that we're looking at. And that saves IT a kind of headache."
Another feature of the R70 software version is its improved performance -- as much as 22 times faster than the previous software -- which will make its use as part of a custom UTM more attractive, Ogren says. "That's an order of magnitude times two. With these performance improvements, I can see the IDS as one less box, one less bump in the wire," he says.
The software-blade architecture extends to Check Point's management platform as well, carving it up into more than 20 individual capabilities that customers can buy separately.
Check Point is offering security gateway packages of its software blades that sell for less than buying each application separately. For instance, a package called SG207 costs US$11,000 and includes a firewall, VPN, IPS, antispam, e-mail security, URL filtering, antivirus, antimalware, acceleration and clustering. Individually, the same package would cost $17,000, the company says.
R70 is available in March as is the IPS Core XL blade and a VoIP provisioning blade. A change management blade is due in the second quarter and a data loss prevention blade is due in the second half of this year. Others such as browser security will come later, Check Point says.