Strategy: Security at Today's Network Speeds

Oct 16, 2012


Strategy: Security at Today’s Network Speeds

Switch vendors make it sound so appealing and easy: Slap the latest 10 or 40 Gbps Ethernet switch into your rack, add some inexpensive PCIe adapters to your servers and magically boost application performance by double-digit percentages.

It’s a great story, if the only things on your network are servers and switches.

The problem is that our infrastructures are chock full of the gear needed to manage, analyze and secure traffic: firewalls, intrusion-detection and -prevention systems, content filters, traffic analysis systems, packet capture appliances—every one of them a speed bump on the high-velocity network highway. Blindly hooking these legacy devices into a shiny new 10 Gbps or 40 Gbps Ethernet network is like having a freeway with toll booths every mile.

While network security and monitoring vendors strive to keep up with faster networks, it’s not easy because these devices do much more than just switch packets; they record, analyze and act on them. Hence, there’s a perpetual lag between the performance of state-of-the art edge and aggregation networks and that of security and analysis gear.

We’ll run down techniques for ensuring that high-speed networks don’t choke your network monitoring and security tools, review available products and technologies for bridging speed and performance gaps, highlight some high-end edge security appliances designed for the 10 Gigabit (and beyond) era, and offer advice on updating your monitoring and security infrastructure. (S5921011)

Research Report