RealTime IT News

Intrusion Protection Gets Full Force of 10

Users of 10 Gigabit Ethernet (GbE) no longer need to slow down their traffic in order to analyze it for potential threats.

Force10 Networks is claiming that its new P-Series security appliances are the first to perform deep-packet intrusion detection at full 10 GbE line rate speeds.

For 10 GbE networking, it's all about timing.

Stephen Garrison, vice president of corporate marketing at Force10, told internetnews.com that 10 GbE has only started to get a foothold recently.

"There is now enough of an installed base out there that people have found existing security solutions don't scale," Garrison said.

Force10 acquired privately held Metanetworks last November to help develop a solution that would scale to full 10 GbE line rate speeds.

Garrison said that, to date, other solutions in the marketplace may have 10 GbE interfaces but don't pass traffic in terms of throughput metric at that speed.

There is a significant technical challenge to monitoring and analyzing traffic at 10 GbE speeds. It's a challenge that Force10 meets with silicon.

Garrison explained that Force10 is using Field-Programmable Gate Array , a programmable silicon technology, in order to scan incoming traffic.

The approach used to scan the incoming traffic is something that Force10 has patented as Dynamic Parallel Inspection technology, which allows for parallel processing of thousands of security rules together.

"A packet comes into the silicon and basically gets looked at by a thousand parallel signatures all at once," Garrison said.

Beyond the silicon, Force10 is leveraging the open source Snort intrusion detection system for traffic signatures.

According to Garrison, Force10 does not have any partnership with Sourcefire, the commercial sponsor of Snort, and is only utilizing the pure open source version available at Snort.org.

"One of the reasons we went with an open source product is because too many customers told us a lot of packaged devices give them a lot of false positives and all they can do is make a phone call," Garrison said.

"With our system you can look into the logs, look into the traffic and the actual signatures themselves and figure out a lot on your own."

Network threats at 10 GbE are the same as those at 1 GbE, just faster.

"Think about 10 gig; it's going 10 times faster than your normal gigabit pipe, but that means you've got 10 times more risk," Garrison commented.

"We're not changing the rules, we're just allowing them to look at more traffic per unit of time and not create a bottleneck."