More than ever before, the threats of intrusion and data disruption represent clear dangers to enterprises of all sizes. Years ago, Nicholas Negroponte, the director of MIT?s Media Lab, predicted in Being Digital that we are rapidly moving into a world where money is made less and less by moving hard products around and more and more by moving bits around. That day is now upon us, and the resulting need to protect information resources has never been greater?or more compelling.
High-speed links are already allowing worms to spread worldwide in less than 30 minutes. Today, on a global basis, more than 30 billion text messages and 40 billion email messages are transmitted across the network. The vast majority of this traffic is targeted at enterprise networks connected to them?and it isn?t all benevolent.
It gets worse. By 2015, IP traffic is expected to rise to one zetabyte per month. And mixed in with all the revenue and competitive position generating documents, software downloads, emails and movies will be a proportionally larger number of denial-of-service attacks, spam storms, viruses, Trojan horses and worms. Consider, then, the evolving role of the organisation tasked with preventing these attacks.
Equally vexing is the changing profile of the typical service provider. Once the providers of access and transport services are delivered from an intelligent core to a host of ?dumb devices?, they become largely unrecognisable in their role or architecture. Dial tone is no longer the proffered service: its data in all its forms.
In the US, AT&T and Verizon are battling to complete the deployment of two very different but highly capable optical access infrastructures that will provide massive nationwide bandwidth. Content, once housed solely in the user device, is inexorably moving into vast storage arrays in the network core, while call control migrates out to the user?s device as an SIP client. Combined with the other changes that are taking place, a tectonic transformation is changing the telecommunications industry and the companies it serves.
To protect the network against attack, it is critical to identify the nature and intent of the attacks. A front line of defence against intrusion can eliminate a high percentage of would-be disruptive events by reducing harmful traffic. It?s no secret that if the protection process becomes overly onerous to execute, employees will find ways around it, regardless of the potential impact of the threat it protects against.
The best way to prevent intrusions is to monitor the flow and type of traffic. Also, rather than just inspect the headers of each network packet, gateways should inspect all of the content of every packet for threats. This method is often referred to as deep packet inspection or content inspection.
Viruses must be identified and managed out of the enterprise network. This is done through frequently conducted virus profile updates, rapid and accurate identification of threat profiles, and efficient quarantine, inoculation and elimination practices.
From a user?s perspective, systems or applications that perform these tasks are worth their weight in gold. To an IT administrator, however, they can be complex to administer, technologically complex, expensive, and highly demanding of management and administrative time. New techniques for increasing the overall efficiency of these systems have been in demand for some time. One response to the demand has been the move to a unified threat management model, but this puts strain on already overloaded systems because they must now look for intrusions and viruses at the same time.
Of course, times change, threat profiles evolve, and market demands shift. Demands for a cost- and performance-effective solution continue to increase. At the same time, footprint and real estate become critical concerns. An answer to that challenge is now available: a low-cost solution to concerns about security, intrusion detection and prevention, and virus and spam control.
In response to the market?s demand for a more capable content inspection solution, leading technology providers have introduced content processing families of silicon devices.
RAM efficiency: Designed to operate in a RAM-less environment or with a single low-cost commodity DDR2 RAM attached, these devices completely eliminate the need to add expensive SRAM, RLDRAM or TCAM memories.
Performance: Key demand is for a solution that adapt to the network environment and threat profiles. The devices available today offer this handily. A flow-through processing design offers low latency performance and dramatically loads the main CPU.
Rule capacity: Some of the best silicon uses embedded cache memory, a design that significantly reduces manufacturing cost and power consumption, yet expands the number of rules that can be processed to over 1,00,000.
Cross-packet inspection: These devices are designed to support cross-packet inspection in hardware for situations in which a threat spans multiple packets, and can handle over one million streams of data at the same time.
Interconnects: Some of the most efficient content processor is designed to service high-volume, low-cost gateways and appliances and supports two industry-standard interconnect options, 32-bit PCI and PCIe.
In this environment of security and energy-efficiency, leading providers of silicon for storage uniquely address each of the above mentioned areas. It is now possible to deliver security, energy-efficiency, cost- and space-consciousness in a device that can be installed universally?and well within the cost constraints of even the most budget-conscious IT departments.
?The writer is with product marketing, LSI Corporation