Historically, Check Point has run two operating systems (OSes), the Nokia IPSO OS and the SecurePlatform (SPLAT) that was on its own appliances. But Check Point acquired Nokia’s network security appliance business in 2009, and has now, at long last, merged the two OSes into a new unified OS release.
“Today, we’re finally integrating the two and creating the next generation unified secure OS, called GAiA,” Check Point CEO, Gil Shwed said during an event announcing the new release. “GAiA is basically the best of IPS and the Secure Platform with a lot more things. It’s got IPv6 and is fully 64-bit so it can take advantage of more performance and capacity to story more connections.”
The bare-metal OS sitting underneath GAiA is Linux.
GAiA also provides a Web user interface for provisioning and management. Additionally, the GAiA system delivers automatic software updates and role based software administration. Existing users of Check Point’s IPSO and SPLAT powered appliances can migrate to GAiA using a documented process with scripts that can help maintain current rules and policies.
GAiA is also fully supported on Check Point’s 2012 security appliance lineup, which ranges from the 6 port,1 gigabit Ethernet (GbE) 2200 device at the low end to the 32 port, 10 GbE 6100 appliance.
Though Check Point has a hardware appliance lineup, the key differentiator for them is that the security capabilities are sold in a software blade method that can run on multiple types of hardware, including virtual servers. As part of Check Point’s security update for software blades, they are now providing new anti-bot and antivirus software blades. Both of those new blades now connect to the Check Point Threat Cloud which is a real-time service that helps to analyze threat as they emerge.
“The main challenge with bots is that they communicate with their operator and can basically do anything that the operator tells them,” Shwed said. “Bots have been the source of many of the bad things we see on the Internet.”
Check Point’s anti-bot software blade includes a multi-tier discovery technology that is based on identifying the botnet operators. The system is also able to identify bot protocols as well as behaviors that can be indicative of bot activity. Additionally, the system provides network admins with forensic tools that can shed light on what the bot was attempting to do.
“Once we discover the bot, we know immediately how to stop the traffic to the remote operator,” Shwed said. “We can very quickly and effectively stop potential damage and the bot will not get commands to do other things that we don’t want it to do.”
The new antivirus blade has been enhanced by integration with the Check Point’s Threat Cloud, which allows for more virus signatures to be updated rapidly in real-time, instead of periodic updates being delivered to a client end point.