 |
|
Accelerating Network Security Appliances Today, enterprise networks face many threats. Outside attackers can intercept data to steal or compromise information, or attack the enterprise with an arsenal of worms, viruses, spam, and other malware. Internal problems include accidental or intentional leakage of confidential information. The need to satisfy organizational standards and achieve regulatory compliance has made information security a key aspect of IP network communications. At the same time, networks require more bandwidth and greater performance for an increasing list of IP applications and services. However, many security solutions actually introduce new problems. For example, client-server security methods, such as SSL-encrypted communications, make data useless to potential interceptors, but also make it difficult to examine for possible threats or leaks. Without being able to examine the unencrypted data, network operators leave open the possibility of information being leaked or malware entering. In some cases, network operators encrypt communications, but only through SSL proxies that allow them to examine the content before it enters or leaves the enterprise. In other cases, they deploy security appliances that implement intrusion detection (IDS), intrusion prevention (IPS), unified threat management (UTM), network access control (NAC), and other methods for combating spam, viruses, and other malware. Such appliances provide a new level of security by verifying user access rights and interrogating communications within, to, and from the enterprise. However, their presence in-line for all communication flows creates performance bottlenecks. Increasing security at the expense of network performance is no more acceptable than meeting application bandwidth requirements while ignoring security. To date, meeting both objectives simultaneously has been difficult. The ideal solution would be a next-generation network and security appliance that provides both line-rate performance and complete visibility into the transmitted data. Such appliances would serve as host systems for the many network and security applications that enterprises consider staples of their Ethernet and IP infrastructures, such as IDS, IPS, UTM, NAC, anti-spam, and anti-virus. Besides serving as application hosts, they would be able to transparently intercept encrypted communications, providing the applications with all requisite flows for analysis. The ability to provide applications with both plain-text and encrypted communications is the key here. But this all must be done at top speed to avoid performance bottlenecks. For example, the Netronome SSL Inspector™ meets all these demanding requirements. It works with the Netronome Open Appliance Platform™ as well as third-party appliance products. SSL Inspector comes with a standard development kit, including an open application programming interface. Today’s network appliances create a quandary with regard to security. If you encrypt everything, you can no longer recognize outside threats and inside leaks. If you don’t, your data is subject to snooping and observation. New hardware solves the problem by providing enough computing power to analyze encrypted data for a wide variety of threats and leaks while maintaining high system performance. Jarrod Siket is the Vice President of Marketing at Netronome Systems. You can reach him at jarrod.siket@netronome.com. |