Check Point is in the midst of a major overhaul of its security software architecture so customers can pick and choose the applications they want and dedicate computing resources to each depending on the performance they want to guarantee.
The company has taken the first step with the latest R70 version of its software that separates its various applications -- firewall, VPN, Web filtering, intrusion detection/prevention systems (IDS/IPS) -- into software blades that are available to customers a la carte or in pre-packaged bundles.
And Check Point is working toward being able to dedicate part of the computing power of multi-core processors to a single application, starting with its IDS/IPS platform. This capability will be expanded to the company's other security platforms over time.
The software-blade architecture is being announced Tuesday at Check Point's international customer meeting in Paris and will enable loading a custom mix of applications on a single, multi-core machine and dedicate entire cores to individual applications to guarantee performance, the company says.
Check Point calls this dedication of computing power Core XL and has applied for patents on it.
In earlier software versions, Check Point's security applications were bound to each other, as in its unified threat management (UTM) software that includes a firewall, IPS, virus and spyware protection, antispam, a Web-application firewall, VoIP security, instant messaging and peer-to-peer application blocking and Web filtering.
With the new architecture, customers could buy just those applications they want to create their own version of a UTM or to add more applications to today's UTM bundle, for example. Check Point calls this custom UTM capability XTM, to express that it is possible to extend UTM capabilities to add features.
This software-blade architecture could make deploying security more efficient for Visa, says the company's director of network security Chuck Riordan. "We're working toward consolidation and globalization and eliminating separate tools," he says. Rather than having a separate IDS/IPS platform as it does now, for instance, the company might put it on a single, multi-function platform, he says.
By running multiple security applications on a single, multi-core machine, the company could consolidate its hardware while preserving performance. "Using core technology on the hardware chipset itself, you could dedicate compute power to Web filtering and not affect stateful inspection," Riordan says.