Could the new technology from Check Point rock the security sector?

Feature by Dan Raywood

Security technology and infrastructure is often developed and changed with a large degree of similarity. With respect to the vendors, there is development that does improve on what is offered, but at the same time there is not that much in the way of revolutionary technology being launched.

Security technology and infrastructure is often developed and changed with a large degree of similarity. With respect to the vendors, there is development that does improve on what is offered, but at the same time there is not that much in the way of revolutionary technology being launched.


However, I recently found myself in the surroundings of Disneyland Paris for the Check Point Experience, where CEO and founder Gil Shwed wrestled with Mickey and Minnie Mouse for stage space with the announcement of something altogether different.


The introduction of software blades is designed to offer full flexibility for IT managers when it comes to appliance management. The new architecture allows businesses to have the ability to select from a library of over 20 software blades; the exact security protections based on customer feedback on what appliances are most applicable to them.


Shwed claimed that the concept came from discussions with Check Point's customers and partners to find a solution that worked for them. He said: “This is a new adventure for security, we have spent time trying to find out what the customer wants and they do not all want the same thing. Companies have some solutions, they have endpoint security, network security, and some are happy with one or unhappy with another, they simply say that they wish to have some flexibility. If they can have management then they are happy.”


The basic structure begins when a company purchases a container and adds the blades that they want to implement into the security gateway. They can tailor make a security system that suits their needs, something that is suited specifically to what they want to achieve and protect and that allows functionality to move from one system to another.


Shwed said: “With software blades, the service is very flexible, really simple to implement and there is no big investment as you can start with the basic set up and grow it.


“The customer chooses what modules they want, most vendors offer either an a-la carte or combination package that is pre-defined, with this a typical system can have anything from three to six or seven blades and you can extend it in the future.


“With the initiative new companies can think of an extra blade to be added, this has made things very simple as all blades are priced the same. As you add new applications it can get out of balance, here one cabinet could be dedicated to performance.”


The flexibility really is the major selling point of the software blade system, a company can start with a single core, single blade firewall system and then add functionalities such as VPN, network anti-virus, VoIP security and intrusion prevention by adding four blades, turning their system into a five blade system.


If they need to upgrade it, the system can be upgraded into a two, four or eight core computing system, enabling the multi-gigabit performance with the extended functionality.


Vice president of global marketing Juliette Sultan confirmed this and claimed that the end product was created from the response of the customers it had surveyed the opinions of.


Sultan said: “We talked to huge enterprises and small companies and the feedback was consistent. They wanted to be secure but at the same time they want to grow the security in their business but they want the freedom to not worry about performance issues.


“We summarised the feedback and found that the customer wants total security and access at the information point, but flexible security and the right protection with the right performance, to keep the deployment and management simple.”


Gil Shwed has been a consistently mild critic of other vendors' actions. At the 2008 event, he claimed that with over ‘700 companies out there, customers are buying lots of niche solutions from these different vendors. But the more point solutions they buy, the more cumbersome their IT defences are to manage – and the more ineffective they become.”


He followed this up at the 2009 event, by saying: “In information security there are over 600 vendors with products that you can include in your system, and one of the key benefits of this is that you can implement a blade to fit with the technology from another product.”


Perhaps most directly, he claimed: “It is not enough to have better boxes, it is about what is inside. We want to give the architecture for the future. It is a different world from other vendors.”


So is this an attempt by Check Point to corner the market, ensure that its technology is the foremost option and once it is implemented, will not require any external additions and can only feature Check Point technology?


The answer, it seems, is yes. After all it is not Check Point that is developing the software for each blade, its partnerships and relationships with the likes of SanDisk, Nokia and McAfee have allowed it to develop the software blades to the specifications of the IT manager and security specialist.


The blades offered include options for VoIP, data loss prevention, network access control, SSL VPN and multi-core acceleration. The management blades are for provisioning and workflow. The first product based on the blade architecture is the intrusion prevention blade that allows deployment of pre-emptive and accurate protections to security gateways.


We talked to our customers and they said that they wanted a business model that is very flexible. If you start in the middle you can service both ends, if you start big you can't go down and if you start low the end market is too small,” said Shwed.


“This will do away with other technology as it becomes a much more simpler way to understand and decide if they want it. It is not a huge separate system and does not have built in features; the customer has been part of the solution.


“It is not easy to come up with something new, not a combination of ten different products and it is not easy to develop. You find one simple thing that can take technology in one way. This is about simplifying not making more complex.”


Overall it is good to see that one company is prepared to make an investment to do something different. As Shwed has hinted, there are so many companies doing similar things in security that it is ‘easy to come up with something new'.


What is most interesting is the question of whether or not this will be replicated elsewhere and what differences another manufacturer would make to this concept. Shwed's comments about the amount of vendors essentially doing the same thing should also raise more than a few eyebrows.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events