Check Point and Intel Claim Security Software Acceleration

The two firms say they have improved the ability of Intel-based systems to run power-hungry security applications such as network intrusion detection software.

Security specialists Check Point Software Technologies and chip giant Intel claim that a development partnership between the two firms has yielded significant performance breakthroughs for customers who want to use the two firms products in unison.

Through a year-long technology development project launched between the two companies in Israel, where both have research operations, the partners claim to have made "unparalleled" progress in speeding the ability of Check Points various security applications to run on Intel-based systems.

The primary benefit of the achievement is that it will allow customers to use more sophisticated security applications, such as network scanning tools, without suffering the degradation in system performance that customers have come to expect, officials from the companies said.

The companies have specifically worked on optimizing the interaction between Intels dual-core "Woodcrest" Xeon Processors and Check Points VPN-1 Power integrated security suite, which includes firewall, VPN (virtual private network) and intrusion prevention applications.

Executives involved with the development effort claim that the security tools are now capable of running at 10G bps on Intel-based servers, which they believe surpasses the capabilities of customized security appliances which tend to cost far more than Check Points products.

"Over the last several years there has been a trend among large companies toward using multifunction security gateway appliances to handle this work, but the performance of the of these gateways has not kept up with what they need to deliver in terms of security, in relation to intrusion protection specifically," said Bill Jensen, product marketing manager at Check Point, which is based in Ramat Gan, Israel.

The biggest gain is that companies can enjoy better performance using only Check Points software and non-customized Intel hardware.

"People have ended up abandoning the practice of doing deep scans at the gateway because of the enormous degradations in network traffic that result in trying to do so, which are sometimes as high as 90 percent loss of performance" Jensen said.

"But we think weve gone beyond what can be done in custom hardware using only software and the open-platforms brought to market by Intel."

/zimages/4/28571.gifClick here to read about Cisco and Microsofts plans for NAC-NAP interoperability.

In addition to aiding network performance while running security scans, Jensen said that the technology-alliance would aid companies installing VOIP (voice over IP) systems that are struggling with the bandwidth demands necessary to encrypt the Web phone calls.

By eliminating the need for custom security appliances, the collaboration will also help firms lower overhead costs related to operating and cooling those devices.

In addition to the 10G bps processing capabilities, the companies said the interaction between their products will allow for delivery of 430MB per second network throughput with firewall and intrusion prevention software programs.

Systems running the security applications promise the ability to handle 2 million packets per second, benefiting applications such as VOIP and streaming video, and to process up to 3.17G bps of encrypted traffic throughput through Check Points VPN.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.