Risk
7/25/2006
11:14 AM
Connect Directly
RSS
E-Mail
50%
50%

Network Security Courtesy Of A Fist Full Of Chips

Why pay tens of thousands of dollars on a firewall or other network security device when you can get comparable protection from one at a fraction of the cost? That's the promise behind security system-on-chip technology that embeds virtual private network, firewall, and other capabilities into network appliances at the silicon level, eliminating the need for the software and integrated circu

Why pay tens of thousands of dollars on a firewall or other network security device when you can get comparable protection from one at a fraction of the cost? That's the promise behind security system-on-chip technology that embeds virtual private network, firewall, and other capabilities into network appliances at the silicon level, eliminating the need for the software and integrated circuits that make security appliances more expensive and generate more heat in your data center.Security system-on-chip technology gives a network appliance the information it needs at the silicon layer to identify and/or block suspicious packets. Although such chips are only offered by a handful of companies worldwide, these visionaries are beginning to spread the word that cheaper network devices that run cooler means security pros can buy and implement more of them and better protect their networks. As security system-on-chip technology progresses, it may also be used to replace security appliances altogether, allowing makers of PCs, servers, printers, and other network endpoints to embed security into these devices.

One of the most evolved security system-on-chip technologies comes from Mistletoe Technologies, which is finding network appliance makers to embed its RDX chips within their devices to provide VPN and firewall capabilities. By the end of September, Taiwan-based network security provider BroadWeb Corp. will begin shipping its new Zone Defender appliance throughout Asia as a way for companies in that region to encrypt data sent over a LAN without slowing the flow of data across the network. Mistletoe's RDX chip adds VPN and firewall capabilities. BroadWeb sells its own security system-on-chip technology, which it calls Orion, to makers of intrusion prevention system, anti-virus, universal threat management, and security content management appliances. But it was faster for BroadWeb to license Mistletoe's VPN/firewall chip than to develop its own.

Whereas a more conventional firewall--one that relies on software to do the firewall activities and is powered by an Intel chip that sends traffic through at gigabit-per-second speeds--can cost about $20,000, Mistletoe's more simplified design can deliver comparable capabilities for about $1,000, says Gartner VP John Pescatore, adding, "Mistletoe has come out with a firewall chip essentially, with the idea of allowing networking companies to sell firewalls at an inexpensive price."

Lawrence Berkeley National Laboratory, the oldest of the Energy Department's national labs, has deployed two Mistletoe-based VPN/firewall appliances made by Viking Interworks, a division of Sanmina-SCI Corp., to help secure a portion of the lab's network. Security system-on-chip has the ability to change the price/performance ratio that has restricted the lab's deployment of gigabit-per-second network security appliances. "With firewalls, it's like buying a car," says Mike Bennett, senior network engineer with Berkeley Lab's LBLnet, the network that provides the enterprise LAN connectivity and infrastructure for Berkeley Lab. "If you spend only a little money, you're going to get a low level of performance." Not a good situation, given that the future of network security will depend on organizations using appliances that provide deeper inspection of network traffic while moving that traffic along at gigabit-per-second speeds.

Mistletoe's VPN/firewall processors are available in four different speeds, and the company is developing chips that can be used in unified threat management devices to build in anti-virus, intrusion detection and prevention, and VPN/firewall capabilities.

Mistletoe, which was founded in December 2002, has received $25 million in funding from the likes of Sevin Rosen Funds, Worldview Technology Partners, and Incubic Venture Capital.

Yet for the technology to have its greatest impact, Mistletoe and other security system-on-chip makers must convince large networking equipment providers such as Extreme Networks and Nortel that this model gives them an edge in competing with the likes of Cisco and Juniper. Only when the big boys see this technology as a must-have will it make a dent in the thousands and thousands of network security devices currently in use.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-3828
Published: 2014-10-22
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.