Guest Post By Jos Schellevis, Chief Technical Officer, Deciso
The ever-expanding connectivity of applications brings new security threats that require a different defense than traditional firewalling.
The focus of hackers and cybercriminals has shifted from network intrusion attempts to exploiting weaknesses in applications.
These application-layer attacks also increasingly make use of encryption to dodge network security defenses.
A recent Gartner report titled “Security Leaders Must Address Threats From Rising SSL Traffic” by Jeremy D’Hoinne and Adam Hils, states: “Gartner believes that, in 2017, more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls, up from less than 5% today.[i]”
These threats demand more powerful hardware to decrypt and detect intrusion attempts at wire speed. Next generation firewalls not only have the capabilities to detect application-layer attacks but also have sufficient power to accomplish this task at gigabit connection speeds.
Any hardware design to accomplish this task thus requires a multicore CPU and fast Ethernet connections without any bottlenecks. Many existing designs have a separate CPU and chipset connected through a marginal interface, not capable of leveraging its full performance over the external – mostly PCIe® – interfacing.
To make things worse, some of the network designs we have come across in the past have integrated PCI bridges creating even more bottlenecks. While this may not have been an issue in 10/100Mb solutions, today’s networks increasingly operate at gigabit or even higher wire speeds.
The highly integrated AMD G-Series SOC at the heart of Deciso’s Netboard A10 design delivers the required performance, doesn’t suffer from bottlenecks and has low power requirements. The embedded low power design also eliminates high cooling requirements that current high performing server-like designs demand. And, the integrated AESNI engine makes encryption and decryption of VPN traffic much less CPU intensive. While new features of the next generation firewall may consume quite a bit of the available CPU cycles to inspect application-layer traffic, other demanding features such as VPN won’t suffer.
Jos Schellevis is Chief Technology Officer at Deciso B.V, a Dutch security equipment manufacturer. He graduated in workflow management at Rotterdam University of Applied Technology and has over 15 years experience in networking and telecommunications. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third-party sites and references to third-party trademarks are provided for convenience and illustrative purposes only. Unless explicitly stated, AMD is not responsible for the contents of such links and no third party endorsement of AMD or any of its products is implied.
via AMD Blogs http://ift.tt/1MdNyET