Check Point Software Technologies has unveiled a new
Open Performance Architecture it believes will offset network
performance issues that deeper defences can cause in
voice over Internet protocol (VoIP) set
ups.
 | | | | | Security vendors like Check
Point, TippingPoint and Cisco sell devices that are looking at
packets anyway, so it makes all the sense in the world to converge
VoIP protection with data protection.
Stephen Northcutt,
training and certification directorSANS
Institute |
| | | | | |
| |
|
The Israeli enterprise security vendor describes the Open
Performance Architecture as an acceleration framework to combine
security with high levels of performance and reliability that
allows for deep security inspection at multi-gigabit speeds. This
framework is a component of Check Point's Unified Security
Architecture and is now available in its VPN-1 line of network
security gateways.
Dave Burton, Check Point's product marketing director, said many
organisations are rolling out technologies like VoIP without the
necessary due diligence on security. One reason is that deeper
security scans can become impractical because of the throughput
problems that are caused. The new Open Performance Architecture
will help solve the problem, he said.
"Customers have had throughput issues that made deep inspection
not so practical," Burton said. "But [the architecture's Core
XL-based technology] allows a strict level of application
protection at the necessary speed. It means more inspection of VoIP
traffic without having to take a performance hit."
The new architecture arrives as an increasing number of security
experts worry that technologies like VoIP are being deployed far
faster than the ability of companies to properly secure it.
The
SANS Institute recognised the VoIP problem
in its November 2006 Top 20 attack targets list. Attackers can
exploit VoIP to change what you hear and cause huge outages.
"There are a large number of security risks that should be
considered for a
converged data and VoIP network, primarily denial of service,
loss of confidentiality and having someone else use your service,"
said Stephen Northcutt, training and certification director at the
SANS Institute. "Security vendors like Check Point, TippingPoint
and Cisco sell devices that are looking at packets anyway, so it
makes all the sense in the world to converge VoIP protection with
data protection."
But in the final analysis, he said, all the security technology
in the world won't help stem the tide of such threats if IT
administrators aren't being trained properly to deal with the
risks.
"My advice is to invest a bit of that savings into getting an
engineer trained to look at and troubleshoot VoIP protocols," he
said. "When the new converged network is down and nothing works, no
data, no voice, no video you do not want to be depending on a
technology you do not understand."