Modular software blades for each security function
Blades are ideal for providing flexibility in the switching, server and storage infrastructure, and Check Point Software Technologies Ltd today extended that notion with a proposal for a flexible software blade architecture for enterprise security.
Announcing the arrival of the latest R70 edition of its core code base, Check Point said its strategy would transform the way it develops and delivers its security systems, starting with the introduction of a new intrusion prevention software blade.
The company describes a software blade as a security building block that is independent, modular and centrally managed. They are logical blades that a security administrator can tailor to suit specific needs. As those needs change, the security infrastructure can be modified by adding and activating new blades on the same software chassis.
Opening its European user and partner conference in Paris, the company said its new architecture means businesses can select the exact security applications or “software blades” they need, such as firewall, virtual private network (VPN), IPS or anti-virus from a library of over 20 software blades. New software blades can be added without deploying new hardware.
Caroline Ikomi, technical director for Check Point said the idea was to bring a new level of flexibility to the way enterprise security software is deployed. “Basically, the idea is to add an on/off switch to security applications, so that they always meet the exact functional and performance needs of the time.”
She explained that the move was more than a new twist on product marketing. “It is a complete change – from the way we develop code, to how the products are licensed. Going forward it will bring huge functional benefits.”
Specific features, like addition of a session border controller that is used to secure VoIP traffic in some cases, could be modular coded and developed on a software blade and deployed as part of the gateway. That brings a new level of flexibility to the way the security vendor develops the application, and the way security managers would deploy it.
The company reckons software blades provide the right level of security, at all enforcement points, and at all layers of the network. It said they can be run on any Check Point UTM-1 or Power-1 appliance, and can be deployed in a virtualised environment.
Eventually all parts of the network and perimeter security application set will be offered as logical, interoperable blades, and the company is reported to be proposing charging a flat fee of $1,500 for all types of blade.