Check Point’s Multi-Core Approach to Security


Accelerating network security has historically involved the development of
proprietary hardware and components in order scan traffic more quickly.
Network security vendor Check Point is going a different
route by taking advantage of standard Intel multi-core processors in order
to speed up network security scanning.


The new offering is Check Point’s attempt to validate that its VPN-1
software-based approach to network security is as fast, if not faster, than
competitive offerings from industry leader Cisco and
others.


CoreXL is a new multi-core feature that is being rolled into Check Point’s
VPN-1 Power technology that provides integrated firewall, intrusion
prevention and VPN capabilities. CoreXL leverages the power of Intel’s
multi-core CPU’s to dramatically accelerate the traffic throughput rate of
the VPN-1 Power.


“CoreXL provides deep inspection across multi-core CPUs,” Dave Burton,
director of product marketing at Check Point, explained to
internetnews.com. “It enables load balancing of security traffic over
multi-core CPUs.”


For instance, if an enterprise is running a two-quad core processor setup, then seven of
the cores would each be running an individual instance of theVPN-1 Power
gateway, while the eighth core is used as a load balancer for the security
traffic.


According to Burton, enterprises typically do not turn on full strict
intrusion prevention capabilities since there is a significant impact on
traffic throughput.

Strict profile capabilities will perform a deep level of
packet inspection on nearly every packet that passes through the network
device. The performance hit of running a strict profile is no longer a major
performance bottleneck with an Intel multi-core powered VPN-1 Power
deployment.


“In a nutshell, we’ve essentially tripled our protection in strict profile,”
Burton said.


Compared with competitive offerings from Cisco and other big networking
vendors which rely on their own branded hardware, Check Point’s VPN-1 Power
offering is licensed software that is then paired with hardware appliances
through Check Point’s partners like Nokia.

The core operating system on
which VPN-1 Power is based is something Check Point calls “Secure Platform,”
which is really just a hardened customized version of Linux.


The fact that Check Point doesn’t offer its own hardware for VPN-1 Power
does have its disadvantages.


“We’re not able to take advantage of additional revenues we’d get by selling
hardware with the software,” Burton admitted. “But we’ve been successful by
going with a more open flexible approach as the high end customers want to
specify their own hardware.

“They get the benefit of a perpetual software
license they can move from hardware device to hardware device as they
refresh their hardware over the years.”


Check Point does brand its own hardware for SMBs, and Burton noted that the
plan is to make the multi-core acceleration technology more broadly
available across Check Point’s product portfolio.


For now Check Point is focused on Intel-based multi-core architecture, though
Burton noted that the goal moving forward is to not be exclusively Intel.


The multi-core acceleration enhancements in VPN-1 Power build on the overall
platform efficiency enhancements that Check Point rolled out earlier this
year across its VPN-1 product lines with the R65 release.

News Around the Web