NETWORKS

Figure 1 shows this alarming development:

Source: Trend Micro, Enterprise Security Whitepaper and update at InfoSecurity April 2009

Network security system vendors are struggling to respond to these new attacks as quickly as they occur. In a sense, they are playing a cat-and-mouse game with adversaries who are at least as intelligent and innovative at exploiting weaknesses in networks and applications, as they are at detecting attacks.

The high-speed cybercrime pursuit

Higher data rates compound the challenge facing network security system vendors. IP networks are now being upgraded from 1 Gbps to 10 Gbps link speeds with 40 Gbps and 100 Gbps on the horizon. At 1 Gbps, a network security system needs to analyze up to 1.5 million packets per second. At 10 Gbps, this becomes 15 million packets per second. This is per port and only in 1 direction! 

The challenge for network security system vendors is to ensure that their systems:

1. Can handle up to 15 million packets per second per port in each direction
2. Have the necessary processing power and memory to analyze packets in real-time
3. Can scale to detect millions of new malware samples and higher line rates

Scaling network security systemsThe traditional approach to building network security systems is to build customized hardware including ASIC chip development. However, with the exponential growth in malware and higher line-rates, network security systems need to scale in both terms of data handling and computing power on a regular basis. This in turn means that the lifetime of a product revision will be shorter. 

This begs the question: can network security system vendors keep up and have they got the deep pockets required to fund custom hardware and chip development on a regular basis? 

It also leads to the question: is there another way? High-performance network security systems can be based on standard, off-the-shelf PC servers when these are combined with Intelligent Real-time Network Analysis adapters for handling full line-rate data.The advantage of this approach is that it takes advantage of the strong roadmap of PC server and CPU chip vendors who are updating their performance and the number of processing cores they support on a yearly basis. 

Addressing the dual challenge

Basing high-performance network security system development on standard PC servers with Intelligent Real-time Network Analysis adapters provides a path to addressing the dual challenge of more malware at higher line-rates. It provides a cost-efficient, yet high-performance model that allows network security system vendors to focus on their expertise, namely combating cybercriminals and protecting the vital commercial platform that the Internet has become. For more info on building high-performance network security systems see www.napatech.com .