Security system-on-chip technology gives a network appliance the information it needs at the silicon layer to identify and block suspicious packets. Only a handful of companies make the chips, but they say the cheaper, cooler network devices may replace security appliances altogether, allowing makers of PCs, servers, printers, and other network end points to embed security within their products.
Chipmaker Mistletoe Technologies is partnering with network appliance makers that will embed its VPN and firewall RDX chips into their devices. Network security firm BroadWeb plans to integrate Mistletoe chips in its Zone Defender appliance, which debuts in September. BroadWeb sells its own security system-on-chip technology to makers of intrusion prevention, antivirus, universal threat management, and security content management appliances. But it was faster for the company to license Mistletoe's VPN-firewall chip than to develop its own.
Lawrence Berkeley National Laboratory deployed two Mistletoe-based VPN-firewall appliances made by Viking Interworks to secure part of its network. The chip-based security technology overcomes cost limita-tions that have restricted the lab's deployment of gigabit-per-second network security appliances. "With firewalls, it's like buying a car," says Mike Bennett, senior network engineer at Berkeley Lab's LBLnet, which provides LAN services to the lab. "If you spend only a little money, you're going to get a low level of performance." Not a good situation, given that the future of network security will depend on organizations using appliances that provide deeper inspection of network traffic while still moving that traffic at gigabit-per-second speeds.
A firewall that relies on software to perform its security functions and is powered by an Intel chip that sends through traffic at gigabit-per-second speeds can cost about $20,000, but Mistletoe's simplified design can deliver comparable capabilities for about $1,000, Gartner VP John Pescatore says. "Mistletoe has come out with a firewall chip, essentially," he adds, "with the idea of allowing networking companies to sell firewalls at an inexpensive price."