To effectively protect the high-speed WAN edge requires a different type of security appliance that can provide vis...
July 18, 2006
To effectively protect the high-speed WAN edge requires a different type of security appliance that can provide visibility into traffic as well as filter traffic at 10 Gigabit speeds, Force10 Networks Chief Security Scientist Livio Ricciulli said today at the ESCC/Internet2 Joint Techs Workshop.
“With the growth in 10 Gigabit Ethernet adoption, security appliances designed for Gigabit Ethernet, or even slower networks, can no longer keep up, leaving the network edge open to security breaches,” said Ricciulli.
“To ensure security at the frontline of high speed networks, the flexibility to set and order rules as demanded by the network or traffic composition is essential to ensuring security without compromising performance.”
Traditional security appliances have been defined by a rigid rule ordering logic that has prevented network operators from tailoring them to meet their needs. According to Force 10, at higher speeds, security appliances must embrace a greater degree of flexibility that lets network operators choose between policy control, ordered rules or summed outcomes.
“While flexibility is critical to providing security at 10 Gigabit speeds, the increasing sophistication of attacks is creating a requirement for greater transparency at the network edge,” Ricciulli said. “A security appliance in a high-speed network must look and operate almost as if invisible to the network while providing deep packet inspection from Layer 2 through Layer 7 to eliminate unwanted, harmful traffic.”