Check Point has come up with a new security architecture it hopes can put the best bits of the unified threat management (UTM) concept into a form that will appeal to high-end installations such as datacentres.
In the new Software Blade architecture, each security function - firewall, VPN, intrusion detection - runs as a separate piece of software within the same software environment, and atop a range of operating systems, including VMware. Security managers can run as many or as few as they need in ‘containers', safe in the knowledge that the whole system can be managed in a consistent way using one set of policies.
Today's alternative is to run these functions as separate security gateways, or for lower-end deployments, use more recent ‘all-in-one' UTM, which run multiple security functions on single boxes but which don't scale well.
According to Check Point's UK manager Nick Lowe, the new ‘blade' idea had been driven by the rising complexity of running multiple security functions such as a firewall, a VPN, and intrusion detection as separate elements. This duplicated security policies and made management so difficult it risked creating security problems in its own right.
By contrast, a Check Point configuration of one or more security blades created a logical security environment to replace the notion of discrete physical gateways.
"Security has become very complicated," said Lowe. "There are numerous technologies you need, possibly from different vendors. None of these platforms interoperate with one another and you can end up with fragmentation."
Check Point's Software Blade architecture would not replace the company's UTM-1 system for those who wished to use such an approach, he said, and could moreover be used in conjunction with this system and all other current hardware. What it would do is impose a framework on high-end security that would rip out much of its current management complexity.
Up to 20 blades can be chosen from, extending common firewall security functions with add-ons such as web security, URL filtering, anti-virus, anti-spam, network acceleration and clustering and VoIP. Hardware can also be upgraded by adding ‘cores' to meet performance demands.
It's worth noting that the UTM term was nowhere to be seen in the announcement, but the new Software Blade design does look like a way of making it easier to get the company's UTM-1 and Power-1 platform into high-end networks without losing the managability argument.
"To address each new risk businesses can now consolidate multiple security systems by simply activating software blades on their Check Point security platform. Check Point Software Blade architecture gives businesses the flexibility to create a unified security infrastructure that can be extended to fit their growing needs," said Check Point CEO, Gil Shwed.