Intrusion Protection Gets Full Force of 10


Users of 10 Gigabit Ethernet (GbE) no longer need to slow down their traffic
in order to analyze it for potential threats.

Force10 Networks is claiming
that its new P-Series security appliances are the first to
perform deep-packet intrusion detection at full 10 GbE line rate speeds.


For 10 GbE networking, it’s all about timing.


Stephen Garrison, vice president of corporate marketing at Force10,
told internetnews.com that 10 GbE has only started to
get a foothold recently.


“There is now enough of an installed base out there that people have found
existing security solutions don’t scale,” Garrison said.


Force10 acquired privately held Metanetworks last November to help develop a
solution that would scale to full 10 GbE line rate speeds.

Garrison said that, to date, other solutions in the marketplace may have 10 GbE interfaces but don’t pass traffic in terms of throughput metric at that speed.


There is a significant technical challenge to monitoring and analyzing
traffic at 10 GbE speeds. It’s a challenge that Force10 meets with silicon.


Garrison explained that Force10 is using Field-Programmable Gate
Array , a programmable silicon technology, in order to
scan incoming traffic.


The approach used to scan the incoming traffic is something that Force10 has
patented as Dynamic Parallel Inspection technology, which allows
for parallel processing of thousands of security rules together.


“A packet comes into the silicon and basically gets looked at by a thousand
parallel signatures all at once,” Garrison said.


Beyond the silicon, Force10 is leveraging the open source Snort
intrusion detection system for traffic signatures.

According to
Garrison, Force10 does not have any partnership with Sourcefire, the commercial
sponsor of Snort, and is only utilizing the pure open source version
available at Snort.org.


“One of the reasons we went with an open source product is because too many
customers told us a lot of packaged devices give them a lot of false
positives and all they can do is make a phone call,” Garrison said.

“With
our system you can look into the logs, look into the traffic and the actual
signatures themselves and figure out a lot on your own.”


Network threats at 10 GbE are the same as those at 1 GbE, just faster.


“Think about 10 gig; it’s going 10 times faster than your normal gigabit
pipe, but that means you’ve got 10 times more risk,” Garrison commented.

“We’re not changing the rules, we’re just allowing them to look at more
traffic per unit of time and not create a bottleneck.”

News Around the Web