SlideShare a Scribd company logo

Check Point Real World Performance Testing

Dameon Welch-Abernathy
Dameon Welch-Abernathy

In the past, network security appliance selection was based on one criterion – firewall throughput. The testing is done in a manner similar to measuring the power of a car only by its maximum speed, driving downwind and downhill. With increasing security threats and their sophistication in today’s world, threat prevention appliances must perform advanced security functions under constantly rising traffic volumes. We need a metric that takes into account how underlying components combine to deliver a realistic threat prevention work load.

Technology
1 of 5
Download to read offline
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 1 CHECK POINT REAL WORLD PERFORMANCE TESTING NEXT GENERATION THREAT PREVENTION DEMANDS REAL WORLD METRICS SECURITYPOWER IS A REAL WORLD PERFORMANCE METRIC RFC BASED TESTING METRICS LEAD TO NUMEROUS ERRORS IN APPLIANCE SIZING In the past, appliance selection was based on one criterion – firewall throughput. The security appliance was tested in lab conditions with a simple firewall-only security policy with only one allow-all traffic rule. Though the results of these tests yielded a very high throughput number, it did little to forecast the capability to meet customers’ security requirements in real world conditions. In essence, it equated to measuring the power of a car only by its maximum speed, driving downwind and downhill. With increasing security threats and their sophistication in today’s world, threat prevention appliances must perform advanced security functions under constantly rising traffic volumes. In this new environment, it can be challenging to choose the right appliance to meet your security objectives, performance requirements, and growth expectations. CPU core counts, quantity of RAM, and Network Interface Card (NIC) speed alone are not enough to determine how a given hardware appliance will perform in the real world. We need a new metric that takes into account how underlying components combine to deliver a realistic threat prevention work load. SecurityPower is that new metric. SecurityPower The new way to measure the real power of security appliances Old Way Firewall Throughput Based on lab conditions Only Firewall Security Single firewall rule New Way SecurityPower Based on real-world customer traffic Advanced security functions Typical security policy
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 2 REAL WORLD PERFORMANCE CAPABILITY AND CAPACITY OF SECURITY APPLIANCES WHAT IS SECURITYPOWER? SecurityPower is a new measure of the real power of security appliances. A benchmark measuring the capability and capacity of an appliance, SecurityPower tests multiple advanced security functions (Software Blades) such as IPS, Application Control, Antivirus, URL Filtering, and DLP, using real world traffic conditions and a typical security policy. SecurityPower provides an effective metric in evaluating an appliance, predicting its current and future behavior under security attacks and day-to- day operation. SecurityPower capacity can be measured by third parties, both for Check Point appliances as well as security appliances of other vendors. REAL WORLD VS IDEAL TESTING When you examine the detail of performance testing figures on vendor datasheets how often do you see the caveat “Performance and capacities are measured under ideal testing conditions”? Sizing and capacity decisions based on such figures cannot be trusted. In “Ideal testing conditions” the very security that you need to mitigate threats to your organization may be disabled. You need a meaningful benchmark to make an informed decision when purchasing your new security appliance. The Check Point SecurityPower benchmark differs distinctly from “Ideal testing conditions” benchmarks. Real World Ideal Testing Conditions Signatures Latest, up to date IPS recommended signatures Out of the box signatures Security Policy Realistic security policy with 100 rules matching test profile traffic Any-Any-Any-Accept Traffic Blend A real life mix of HTTP, SMTP, HTTPS, DNS, FTP and other protocols derived from research conducted over hundreds of customer environments Simple large, HTTP transactions Traffic Content Real world content as seen in customer environments, e.g. HTTP traffic from popular web pages; Google, Amazon, Facebook, etc. Simple repetitive content Features Logging and NAT enabled Logging and NAT disabled Recommended Signatures The Check Point Security Research Group is responsible for our “Recommended IPS Profile”. Emerging IPS signatures detect the most important and current attacks whilst maintaining a relatively predictable performance impact. The Check Point SecurityPower benchmark includes the latest available and recommended signatures. This is used in the performance testing of our security appliances and available in our published datasheets. Appliance Performance
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 3 PRACTICAL APPLICATION OF SECURITY POWER UNITS LEVERAGE APPLIANCE SIZING TOOL TO CONVERT CUSTOMER NEEDS TO REQUIRED SPUs HOW TO USE SECURITYPOWER UNITS (SPU)? Security requirements can be converted into a SecurityPower value. Each Check Point appliance has a SecurityPower capacity as measured by our performance labs. We compare your needs against the real-world capabilities of our appliances allowing you to determine which appliances meet your needs today and in the future. APPLIANCE SIZING TOOL Traditional stateful inspection requires relatively little processing power compared to advanced security functions such as Application Control, Antivirus, or IPS which requires much deeper analysis and consumes more system resources. With Check Point you can consolidate these security functions into a single platform, reducing costs and improving your security posture. Our Appliance Sizing Tool combines two key metrics to help you select the correct appliance:  Throughput  Required security functions We translate your environment and security requirements into a required SecurityPower value. This value is then checked against the SecurityPower Capacity offered by Check Point appliances. The end result of the comparison is a small set of recommended appliances appropriate for you.
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 4 APPLIANCE SIZING TOOL PROVIDES ROOM TO GROW INTERNET TRAFFIC BLEND REFLECTS TYPICAL MIX OF TRAFFIC SEEN THROUGH AN INTERNET GATEWAY WITH PREDOMINANTLY WEB BROWSING TRAFFIC GROWING TREND IN HTTPS TRAFFIC DATA CENTER TRAFFIC BLENDS TYPICALLY CONSUME 20% MORE SPU SECURITYPOWER TEST METHODOLOGY When assessing the capacity required from an appliance three key factors must be consistent:  Configuration of the device under test (DUT)  The load testing apparatus  The traffic profile The configuration of the device and the load testing apparatus is consistent for all Check Point appliances. See our General Assumptions and Testing Methodology. To reflect different deployment scenarios, we define two different traffic profiles: the Data Center and Internet blends. These traffic blends are the result of in-depth customer analysis. Internet Traffic Blend  Represents the type of Internet traffic, security appliances handle on a day- to-day basis.  Consists of the following Streams/Protocols: HTTP; HTTPS; SMTP; DNS; POP3; FTP; Telnet.  The majority of the traffic is Internet Access (HTTP). The growing trend in Internet traffic blend towards HTTPS encryption is built into the Appliance Sizing Tool and we are able to factor a specific proportion of customer traffic from the basic mix above (10% HTTPS) all the way up to 100% HTTPS. Data Center Traffic Blend The Data Center blend reflects the predominance of the following traffic characteristics:  Web Services, File Stores, Authentication Services, Line-of-Business Applications, Custom Applications and Data Intensive Applications.  Consists of the following Stream/Protocols: HTTP, HTTPS, SMTP, SMB_CIFS, SQL, NFS, SMB_DCERPC, Oracle, DNS, LDAP, SSH, FTP. The Data Center traffic blend consumes approximately 20% more SPU than the Internet traffic blend.
©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 5 ENSURE POC EXERCISES COMPARE APPLES WITH APPLES Internet Traffic Blend Protocol Content Action Per Cent HTTP Amazon Home Page HTTP GET -> 676K 16% Yahoo Home Page HTTP GET -> 292K 16% Facebook Home Page HTTP GET -> 271K 16% Google Home Page HTTP GET -> 41K 17% Google Mail HTTP GET of Gmail index.html file, 21K 2% HTTP Post 100K PDF File 1% SMTP SMTP 17K MIME Message with PDF attachment 7% SMTP 100K MIME Message with Word attachment 6% HTTPS HTTPS 10K HTTPS GET of 10K file 5% HTTPS 100K HTTPS GET of 100K file 5% Other DNS DNS Query 6% POP3 Message size: 256-512 bytes 1% Telnet Login; cd /disk/images; ls 1% FTP FTP GET, 1MB file 1% SECURITY SHORTCUTS Whilst we strive to introduce the real world to performance testing, we know the playing field is not level. The configuration of modern security appliances has a massive impact on performance and throughput capacity. If you remove or disable certain aspects of traffic inspection, an appliance will perform better. This is a problem in Proof of Concept (PoC) exercises. Frequently these exercises comprise a sequence of tests, some of which focus on performance, whilst others on the effectiveness of the security. It is crucial that all testing combines both of these elements and delivers an accurate reflection of the relative capabilities of the solution. The traffic load used for testing must include a variety of threat vectors e.g. transport over HTTP, Email, and SMB etc. whilst also employing evasion techniques. Results must measure both the throughput achieved and the number of threats detected for an accurate reflection of the relative capabilities. Further information regarding PoC Best Practice and security shortcuts can be found here: http://tiny.cc/poc-shortcuts. SUMMARY Performance testing is a complex business; the permutations of configuration are so vast that exact answers are impossible. Check Point provides a practical means to assess your security and traffic throughput requirements, translating those into a solution to meet your needs today and in the future. CONTACT US Worldwide Headquarters | 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com U.S. Headquarters | 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com Internet Traffic Blend HTTP SMTP HTTPS OTHER

Recommended

How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
Moti Sagey מוטי שגיא
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
Moti Sagey מוטי שגיא
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
Castleforce
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
Group of company MUK
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
Ronald ortiz web 2.0 ventajas y desventajas
Ronald ortiz web 2.0 ventajas y desventajasRonald ortiz web 2.0 ventajas y desventajas
Ronald ortiz web 2.0 ventajas y desventajas
ronaldyfz
 
Application Performance Testing Checklist
Application Performance Testing ChecklistApplication Performance Testing Checklist
Application Performance Testing Checklist
Collaborative Consulting
 

Recommended

How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
Moti Sagey מוטי שגיא
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
Moti Sagey מוטי שגיא
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
Castleforce
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
Group of company MUK
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
Ronald ortiz web 2.0 ventajas y desventajas
Ronald ortiz web 2.0 ventajas y desventajasRonald ortiz web 2.0 ventajas y desventajas
Ronald ortiz web 2.0 ventajas y desventajas
ronaldyfz
 
Application Performance Testing Checklist
Application Performance Testing ChecklistApplication Performance Testing Checklist
Application Performance Testing Checklist
Collaborative Consulting
 
Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statement
Moti Sagey מוטי שגיא
 
Paloalto Networks ACE
Paloalto Networks ACEPaloalto Networks ACE
Paloalto Networks ACE
adam_jhon
 
Fortinet broch
Fortinet brochFortinet broch
Fortinet broch
Mirza Bilal Baig
 
Lecture The Search for Innovation
Lecture The Search for InnovationLecture The Search for Innovation
Lecture The Search for Innovation
Event StoryBoard
 
NGFW Brochure 08 08
NGFW Brochure 08 08NGFW Brochure 08 08
NGFW Brochure 08 08
Sunardi Fatan
 
Rick Barron: User Experience Testing Methods
Rick Barron: User Experience Testing MethodsRick Barron: User Experience Testing Methods
Rick Barron: User Experience Testing Methods
Rick Barron
 
Zero Trust Networking with Palo Alto Networks Security
Zero Trust Networking with Palo Alto Networks SecurityZero Trust Networking with Palo Alto Networks Security
Zero Trust Networking with Palo Alto Networks Security
Denis Batrankov, CISSP
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 

More Related Content

Viewers also liked

Lecture The Search for Innovation
Lecture The Search for InnovationLecture The Search for Innovation
Lecture The Search for Innovation
Event StoryBoard
 
Rick Barron: User Experience Testing Methods
Rick Barron: User Experience Testing MethodsRick Barron: User Experience Testing Methods
Rick Barron: User Experience Testing Methods
Rick Barron
 

Viewers also liked (8)

Check Point mission statement
Check Point mission statementCheck Point mission statement
Check Point mission statement
 
Paloalto Networks ACE
Paloalto Networks ACEPaloalto Networks ACE
Paloalto Networks ACE
 
Fortinet broch
Fortinet brochFortinet broch
Fortinet broch
 
Lecture The Search for Innovation
Lecture The Search for InnovationLecture The Search for Innovation
Lecture The Search for Innovation
 
NGFW Brochure 08 08
NGFW Brochure 08 08NGFW Brochure 08 08
NGFW Brochure 08 08
 
Rick Barron: User Experience Testing Methods
Rick Barron: User Experience Testing MethodsRick Barron: User Experience Testing Methods
Rick Barron: User Experience Testing Methods
 
Zero Trust Networking with Palo Alto Networks Security
Zero Trust Networking with Palo Alto Networks SecurityZero Trust Networking with Palo Alto Networks Security
Zero Trust Networking with Palo Alto Networks Security
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Check Point Real World Performance Testing

  • 1. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 1 CHECK POINT REAL WORLD PERFORMANCE TESTING NEXT GENERATION THREAT PREVENTION DEMANDS REAL WORLD METRICS SECURITYPOWER IS A REAL WORLD PERFORMANCE METRIC RFC BASED TESTING METRICS LEAD TO NUMEROUS ERRORS IN APPLIANCE SIZING In the past, appliance selection was based on one criterion – firewall throughput. The security appliance was tested in lab conditions with a simple firewall-only security policy with only one allow-all traffic rule. Though the results of these tests yielded a very high throughput number, it did little to forecast the capability to meet customers’ security requirements in real world conditions. In essence, it equated to measuring the power of a car only by its maximum speed, driving downwind and downhill. With increasing security threats and their sophistication in today’s world, threat prevention appliances must perform advanced security functions under constantly rising traffic volumes. In this new environment, it can be challenging to choose the right appliance to meet your security objectives, performance requirements, and growth expectations. CPU core counts, quantity of RAM, and Network Interface Card (NIC) speed alone are not enough to determine how a given hardware appliance will perform in the real world. We need a new metric that takes into account how underlying components combine to deliver a realistic threat prevention work load. SecurityPower is that new metric. SecurityPower The new way to measure the real power of security appliances Old Way Firewall Throughput Based on lab conditions Only Firewall Security Single firewall rule New Way SecurityPower Based on real-world customer traffic Advanced security functions Typical security policy
  • 2. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 2 REAL WORLD PERFORMANCE CAPABILITY AND CAPACITY OF SECURITY APPLIANCES WHAT IS SECURITYPOWER? SecurityPower is a new measure of the real power of security appliances. A benchmark measuring the capability and capacity of an appliance, SecurityPower tests multiple advanced security functions (Software Blades) such as IPS, Application Control, Antivirus, URL Filtering, and DLP, using real world traffic conditions and a typical security policy. SecurityPower provides an effective metric in evaluating an appliance, predicting its current and future behavior under security attacks and day-to- day operation. SecurityPower capacity can be measured by third parties, both for Check Point appliances as well as security appliances of other vendors. REAL WORLD VS IDEAL TESTING When you examine the detail of performance testing figures on vendor datasheets how often do you see the caveat “Performance and capacities are measured under ideal testing conditions”? Sizing and capacity decisions based on such figures cannot be trusted. In “Ideal testing conditions” the very security that you need to mitigate threats to your organization may be disabled. You need a meaningful benchmark to make an informed decision when purchasing your new security appliance. The Check Point SecurityPower benchmark differs distinctly from “Ideal testing conditions” benchmarks. Real World Ideal Testing Conditions Signatures Latest, up to date IPS recommended signatures Out of the box signatures Security Policy Realistic security policy with 100 rules matching test profile traffic Any-Any-Any-Accept Traffic Blend A real life mix of HTTP, SMTP, HTTPS, DNS, FTP and other protocols derived from research conducted over hundreds of customer environments Simple large, HTTP transactions Traffic Content Real world content as seen in customer environments, e.g. HTTP traffic from popular web pages; Google, Amazon, Facebook, etc. Simple repetitive content Features Logging and NAT enabled Logging and NAT disabled Recommended Signatures The Check Point Security Research Group is responsible for our “Recommended IPS Profile”. Emerging IPS signatures detect the most important and current attacks whilst maintaining a relatively predictable performance impact. The Check Point SecurityPower benchmark includes the latest available and recommended signatures. This is used in the performance testing of our security appliances and available in our published datasheets. Appliance Performance
  • 3. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 3 PRACTICAL APPLICATION OF SECURITY POWER UNITS LEVERAGE APPLIANCE SIZING TOOL TO CONVERT CUSTOMER NEEDS TO REQUIRED SPUs HOW TO USE SECURITYPOWER UNITS (SPU)? Security requirements can be converted into a SecurityPower value. Each Check Point appliance has a SecurityPower capacity as measured by our performance labs. We compare your needs against the real-world capabilities of our appliances allowing you to determine which appliances meet your needs today and in the future. APPLIANCE SIZING TOOL Traditional stateful inspection requires relatively little processing power compared to advanced security functions such as Application Control, Antivirus, or IPS which requires much deeper analysis and consumes more system resources. With Check Point you can consolidate these security functions into a single platform, reducing costs and improving your security posture. Our Appliance Sizing Tool combines two key metrics to help you select the correct appliance:  Throughput  Required security functions We translate your environment and security requirements into a required SecurityPower value. This value is then checked against the SecurityPower Capacity offered by Check Point appliances. The end result of the comparison is a small set of recommended appliances appropriate for you.
  • 4. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 4 APPLIANCE SIZING TOOL PROVIDES ROOM TO GROW INTERNET TRAFFIC BLEND REFLECTS TYPICAL MIX OF TRAFFIC SEEN THROUGH AN INTERNET GATEWAY WITH PREDOMINANTLY WEB BROWSING TRAFFIC GROWING TREND IN HTTPS TRAFFIC DATA CENTER TRAFFIC BLENDS TYPICALLY CONSUME 20% MORE SPU SECURITYPOWER TEST METHODOLOGY When assessing the capacity required from an appliance three key factors must be consistent:  Configuration of the device under test (DUT)  The load testing apparatus  The traffic profile The configuration of the device and the load testing apparatus is consistent for all Check Point appliances. See our General Assumptions and Testing Methodology. To reflect different deployment scenarios, we define two different traffic profiles: the Data Center and Internet blends. These traffic blends are the result of in-depth customer analysis. Internet Traffic Blend  Represents the type of Internet traffic, security appliances handle on a day- to-day basis.  Consists of the following Streams/Protocols: HTTP; HTTPS; SMTP; DNS; POP3; FTP; Telnet.  The majority of the traffic is Internet Access (HTTP). The growing trend in Internet traffic blend towards HTTPS encryption is built into the Appliance Sizing Tool and we are able to factor a specific proportion of customer traffic from the basic mix above (10% HTTPS) all the way up to 100% HTTPS. Data Center Traffic Blend The Data Center blend reflects the predominance of the following traffic characteristics:  Web Services, File Stores, Authentication Services, Line-of-Business Applications, Custom Applications and Data Intensive Applications.  Consists of the following Stream/Protocols: HTTP, HTTPS, SMTP, SMB_CIFS, SQL, NFS, SMB_DCERPC, Oracle, DNS, LDAP, SSH, FTP. The Data Center traffic blend consumes approximately 20% more SPU than the Internet traffic blend.
  • 5. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non-confidential content April 2016 Check Point Real World Performance Testing | White Paper 5 ENSURE POC EXERCISES COMPARE APPLES WITH APPLES Internet Traffic Blend Protocol Content Action Per Cent HTTP Amazon Home Page HTTP GET -> 676K 16% Yahoo Home Page HTTP GET -> 292K 16% Facebook Home Page HTTP GET -> 271K 16% Google Home Page HTTP GET -> 41K 17% Google Mail HTTP GET of Gmail index.html file, 21K 2% HTTP Post 100K PDF File 1% SMTP SMTP 17K MIME Message with PDF attachment 7% SMTP 100K MIME Message with Word attachment 6% HTTPS HTTPS 10K HTTPS GET of 10K file 5% HTTPS 100K HTTPS GET of 100K file 5% Other DNS DNS Query 6% POP3 Message size: 256-512 bytes 1% Telnet Login; cd /disk/images; ls 1% FTP FTP GET, 1MB file 1% SECURITY SHORTCUTS Whilst we strive to introduce the real world to performance testing, we know the playing field is not level. The configuration of modern security appliances has a massive impact on performance and throughput capacity. If you remove or disable certain aspects of traffic inspection, an appliance will perform better. This is a problem in Proof of Concept (PoC) exercises. Frequently these exercises comprise a sequence of tests, some of which focus on performance, whilst others on the effectiveness of the security. It is crucial that all testing combines both of these elements and delivers an accurate reflection of the relative capabilities of the solution. The traffic load used for testing must include a variety of threat vectors e.g. transport over HTTP, Email, and SMB etc. whilst also employing evasion techniques. Results must measure both the throughput achieved and the number of threats detected for an accurate reflection of the relative capabilities. Further information regarding PoC Best Practice and security shortcuts can be found here: http://tiny.cc/poc-shortcuts. SUMMARY Performance testing is a complex business; the permutations of configuration are so vast that exact answers are impossible. Check Point provides a practical means to assess your security and traffic throughput requirements, translating those into a solution to meet your needs today and in the future. CONTACT US Worldwide Headquarters | 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com U.S. Headquarters | 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com Internet Traffic Blend HTTP SMTP HTTPS OTHER