With security threats rising in prevalence and sophistication, threat prevention appliances are performing under higher-than-ever-before traffic volumes. In this new environment, it can be challenging to choose the right appliance to meet your security objectives, performance requirements, and growth expectations.
In the past, selecting the right security appliance was based on artificial lab testing conditions when the device is operating at maximum capacity. The appliance was tested in lab conditions with a simple firewall-only security policy with only one allow-all traffic rule –preferred conditions that rarely exist in the field. Though the results of these tests yielded a very high throughput number, it did little to forecast the capability to meet customers’ security requirements in real world conditions.
To solve this problem, in 2012, Check Point introduced our Appliance Sizing Tool. The sizing tool was developed from testing security appliances in a typical configuration and using a realistic traffic blend of that time, called “SecurityPower”, that was representative of data collected from about 500 production environments at the time.
Fast forward a few years, and now we have telemetry data from tens of thousands of reporting devices. In addition to traffic, we also analyzed how well our security appliances were performing, gathering memory consumption and CPU utilization statistics.
So how well did our early model do in calculating a recommended appliance to match the customers’ requirements?