The race between unified security suites and best of breed combinations seems like one that has a never-reachable finishing line.The latest step in the battle has come from Check Point Software Technologies, which says it has boosted the performance of its VPN-1 integrated firewall, intrusion prevention gateway software suite through an upgrade of its NGX unified security architecture.
The company said that release 65 (R65) will allow the gateway’s firewall to achieve a throughput of 12 gigabytes per second, up from 10Gbps.
If the gateway’s intrusion detection is turned on, throughput is 5.1 Gbps, twice as fast as the previous version.
“This give resellers an opportunity to meet customer needs,” said Bill Jensen, Check Point’s product manager for the VPN-1 line.
Although many organizations have switched to 10GB Ethernet networks, the addition of voice over IP and some transaction-oriented applications has out an increased demand on infrastructures.
Jensen said his company was able to achieve the performance gains through its partnership with Intel and taking advantage of the microprocessor company’s dual core chips.
Redwood, Calif.,-based Check Point’s strategy relies on VARs to create bundles with its VPN-1 software and servers for buyers who need custom security solutions. (It also makes a UTM-1 appliance for those wanting a turnkey solution.)
The company also announced that as part of R65 it has created a plug-in architecture, allowing organzations to more easily add new feature components to its products.
The first is a management plug-in for Check Point’s Connectra SSL VPN (secure socket layer virtual private network. With it, administrators will for the first time be able to do policy-based SSL VPN management within the VPN-1’s SmartCentre control panel.
Jensen said the plug-ins will let administrators minimize downtime and regression testing when upgrading Check Point software.
Interacts with Intel NICs
R65 also adds the ability for VPN-1s to interact with Intel network interface cards, giving the option to lock out PCs showing abnormal behavior or deny activity such as peer-to-peer file trading.
Finally, Jensen said VPN-1s now have co-operative enforcement with the company’s Integrity line of corporate desktop firewalls.
As a result, if an online person wants to cross the firewall, the VPN-1 cannot only check if he or she is authorized, it can also check their device to see if it has the organization’s required software patches.
“It’s about unifying the security architecture even more,” Jensen said of the changes, “making it easier to get a comprehensive level of security rather than having disparate point products.”