SecurityPower™

Check Point's SecurityPower^TMis a new benchmark metric that allows customers to select security appliances by their capacity to handle real-world network traffic, multiple advanced security functions and a typical security policy. Check Point’s Appliance Selection Tool leverages SecurityPower to help customers quickly determine which appliances can best meet their network security needs today, as well as support anticipated future traffic increases and additional security functions.

Choosing the right security appliance can be a challenging task – different organizations can have vastly different requirements in securing their computing environments: network size, required throughput, desired security functions, ability to handle future growth and allotted budget are all significant components of the decision process. Furthermore, until now, the task of determining an appliance’s performance under real-world conditions has been a daunting and time-consuming one.

Check Point's SecurityPower^TM is a new benchmark metric that allows customers to select security appliances by their capability to handle real-world network traffic, multiple security functions and a typical security policy. Each appliance has a specific SecurityPower Capacity that represents its real-world performance.

SecurityPower Capacity is calculated by integrating multiple performance measurements based on a real-world mix of network traffic derived through extensive research involving a large number of Check Point customers. Different combinations of advanced security functions including firewall, IPS, application control, antivirus, URL filtering, and data loss prevention are applied to the traffic. All measurements are performed using a realistic security policy that includes 100 firewall rules, logging of all connections, Network Address Translation (NAT), a strong IPS protection profile, and up-to-date antivirus signatures.

The new Check Point Appliance Selection Tool takes criteria of the customer’s network – including the required throughput performance and desired security functions – as inputs, and produces a SecurityPower Requirement value. That value is then compared against the SecurityPower Capacities of the range of Check Point appliances to determine and present candidates that can best meet the customer’s network security and performance requirements.

The Check Point Appliance Selection Tool is a revolutionary analysis engine that can be used to identify security appliances that have sufficient capacity to meet a customer’s requirements. Its main benefits are:

• Evaluate the appliance capacity to meet different real-world deployment scenarios
• Estimate the headroom for future growth that each appliance offers
• Evaluate the effect of enabling additional blades on top of different appliances

The specifics of a customer's network security and performance needs are entered into the tool. It then calculates the SecurityPower Requirement value that represents the power needed from an appliance to meet the customer’s requirements. It then compares and presents the Check Point appliances whose SecurityPower Capacity meets or exceeds the SecurityPower Requirement value – thus enabling the customer to quickly determine which appliances meet his needs today, as well as those that provide “headroom” to allow for growth in the future.

As an example, consider a scenario where the following advanced security functions are desired, with a traffic throughput of 1.7Gbps:

• Advanced Firewall
• Site-to-Site VPN
• User-based security policies (Identity Awareness)
• IPS
• Application Control

The desired security functions and throughput are entered into the Selection Tool. This results in two appliances being recommended:

The tool calculates a SecurityPower Requirement value of 1,308 SPU, which is the minimum power that an appliance must have to handle this customer scenario. Based on the tool output we can see that both the 12600 and the 21400 appliances meet the customer’s security and performance requirements. The 12600's SecurityPower Capacity of 1,861 SPU means the appliance will have high resource utilization and will not have much capacity for potential future growth. In contrast, the 21400’s SecurityPower Capacity of 2,900 SPU can easily support the customer requirements while providing significant room for growth, both in terms of bandwidth and in the activation of additional Check Point Software Blades such as URL filtering or DLP.