RealTime IT News

Check Point's Multi-Core Approach to Security

Accelerating network security has historically involved the development of proprietary hardware and components in order scan traffic more quickly. Network security vendor Check Point is going a different route by taking advantage of standard Intel multi-core processors in order to speed up network security scanning.

The new offering is Check Point's attempt to validate that its VPN-1 software-based approach to network security is as fast, if not faster, than competitive offerings from industry leader Cisco and others.

CoreXL is a new multi-core feature that is being rolled into Check Point's VPN-1 Power technology that provides integrated firewall, intrusion prevention and VPN capabilities. CoreXL leverages the power of Intel's multi-core CPU's to dramatically accelerate the traffic throughput rate of the VPN-1 Power.

"CoreXL provides deep inspection across multi-core CPUs," Dave Burton, director of product marketing at Check Point, explained to internetnews.com. "It enables load balancing of security traffic over multi-core CPUs."

For instance, if an enterprise is running a two-quad core processor setup, then seven of the cores would each be running an individual instance of theVPN-1 Power gateway, while the eighth core is used as a load balancer for the security traffic.

According to Burton, enterprises typically do not turn on full strict intrusion prevention capabilities since there is a significant impact on traffic throughput.

Strict profile capabilities will perform a deep level of packet inspection on nearly every packet that passes through the network device. The performance hit of running a strict profile is no longer a major performance bottleneck with an Intel multi-core powered VPN-1 Power deployment.

"In a nutshell, we've essentially tripled our protection in strict profile," Burton said.

Compared with competitive offerings from Cisco and other big networking vendors which rely on their own branded hardware, Check Point's VPN-1 Power offering is licensed software that is then paired with hardware appliances through Check Point's partners like Nokia.

The core operating system on which VPN-1 Power is based is something Check Point calls "Secure Platform," which is really just a hardened customized version of Linux.

The fact that Check Point doesn't offer its own hardware for VPN-1 Power does have its disadvantages.

"We're not able to take advantage of additional revenues we'd get by selling hardware with the software," Burton admitted. "But we've been successful by going with a more open flexible approach as the high end customers want to specify their own hardware.

"They get the benefit of a perpetual software license they can move from hardware device to hardware device as they refresh their hardware over the years."

Check Point does brand its own hardware for SMBs, and Burton noted that the plan is to make the multi-core acceleration technology more broadly available across Check Point's product portfolio.

For now Check Point is focused on Intel-based multi-core architecture, though Burton noted that the goal moving forward is to not be exclusively Intel.

The multi-core acceleration enhancements in VPN-1 Power build on the overall platform efficiency enhancements that Check Point rolled out earlier this year across its VPN-1 product lines with the R65 release.