Check Point ups the ante against hackers
Jerry Ungerman, executive VP, Check Point Software
The goal: to ensure that as companies install more security, their networks don't slow to a crawl.
"We are making a transition from a world where security is enforced at the perimeter...to a world were security is ubiquitous," Jerry Ungerman, executive vice president for Check Point, said at a morning press conference. "If there's going to be a bottleneck, we want it to be the network, not the security."
The security-accelerating technology makes up the newest component of what the Redwood City, Calif., company calls its NG (next-generation) architecture.
Check Point made the announcement with the support of major partners, including Compaq Computer, Intel and Nokia Internet Communications. Last month, the security software maker announced technology that eases the management of the host of devices normally found on a corporate network.
For the most part, the NG plan calls for three changes to Check Point's software.
First, the company plans to turn major features--such as the firewall, network scanning and encryption functions--into discrete modules. Depending on its needs, a company could buy network appliances that focus on a single application, such as a firewall or a virtual private network (VPN), which secures remote communications.
In addition, Check Point has optimized each module and accelerates the software by allowing its partners to do most of the number crunching on specialized hardware. Hardware partners Broadcom, RapidStream, Intrusion.com, Intel, Compaq and Nokia all announced products designed to speed up such applications.
"The goal is to go to the limit, whatever the speed of the network," said Dan MacDonald, vice president of Nokia Internet Communications. "That is what the customer expects."
To better integrate its software with the newest network appliances, Check Point has made the interface to the NG architecture available to its partners. Called SecureXL, the interface allows several devices to work in tandem to protect a network.
The changes should boost maximum data rates through a network about 10 times, said Check Point's Ungerman, who estimates that by 2006, the amount of data that will have to be checked on a network by security tools will surpass 1.4 gigabytes per second.
That's a lot of speed, and Ungerman acknowledged that many companies may not need to add such capacity to their Internet operations for a while.
Still, the current trend is to add security to the internal corporate networks to limit damage from outside attacks and prevent sabotage, as well as plain old mistakes, by insiders, he said.
"The internal firewalls are what is really driving out growth," Ungerman said. "This is a big opportunity."