New ProCurve Threat Module: Flexibility Requires Planning
HP ProCurve announced a new module for their ProCurve 8212 and 5400 modular switches. The Threat Management Module offers firewall, VPN, and IPS functions simultaneously on the switch backplane which is unlike Cisco's approach with the Catalyst 6500 requiring separate security modules firewall, VPN, and IPS. The cost, however, is lower performance per module. ProCurve needs to increase module performance to make it a replacement for appliances.
HP ProCurve announced a new module for their ProCurve 8212 and 5400 modular switches. The Threat Management Module offers firewall, VPN, and IPS functions simultaneously on the switch backplane which is unlike Cisco's approach with the Catalyst 6500 requiring separate security modules firewall, VPN, and IPS. The cost, however, is lower performance per module. ProCurve needs to increase module performance to make it a replacement for appliances.The Threat Management Module can support up to 3Gb/s firewall throughput and 300Mb/s IPSec VPN using AES encryption. The capacity for Firewall and VPN are more than adequate for protecting WAN connections, but may pose a potential bottle neck for internal use. In particular, the firewall function is designed to be used between internal zones, or regions of your network, and 3Gbps could be overrun quickly. VPN functionality is targeted for LAN to LAN VPN over a wide area network and should be sufficient for most installations. The 300 Mb/s limit poses a significant bottleneck for VPN over the LAN so if internal encryption is needed a separate VPN appliance will be needed. Otherwise, you can wait for 802.1X-REV and 802.1AE, which standardize key management and network encryption, to be finalized and deployed in products.
Jennifer Jabbusch, CISO of Carolina Advanced Digital, a network design and consulting firm, who is familiar with ProCurve's product line points out that the Threat Management Module doesn't process all the traffic traversing the switch, only the traffic that is sent between zones through the module, so the interzone traffic load may be far less than the total switch traffic. Jabbusch notes that deploying the Threat Management Module does require redesigning your network topology since instead of a physical choke point, a firewall with a limited number of interfaces through which traffic funnels through, the Threat Management Module can support many more interfaces--any interface on the switch. The increased flexibility, if you are careful with capacity planning, is pretty useful.
The Threat Management Module lists for $16,999 for firewall and VPN services. Adding IPS, with a capacity of 1.5 Gb/s, tacks on an addition $2,600 to the price bringing the total to $19,599, which includes one year of IPS signature updates. Subsequent three year updates list for $9,399. The bundled functionality comes at an attractive price compared to purchasing a firewall, VPN, and IPS separately were each appliance can start at $10,000, but the capacity of the Threat Management Module is relatively low considering the port density of the 8212 and 5400 switches.
Four Threat Management Modules can be added to the system and managed through ProCurve Immunity Manager in clusters or individually. The additional modules can be use for active/passive HA or simply to add capacity. Module installation is pretty flexible depending on your needs. In addition, the Threat Management Module can be partitioned into zones so access is controlled as it crosses internal boundaries in the network. Don't confuse zone access control with ProCurve NAC solution, however. The zone based access controls are really designed to act more like network firewalls rather than providing fine grained user based access controls.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?