Daniel Joseph Barry
Malware growth over last 20 years
The Internet and IP networks are the success stories of the 20th century. No other technology has become so pervasive so quickly and affected our lives so drastically. Indeed, it is difficult to imagine life without the Internet, as it now forms the foundation of many of the services we rely upon on daily. But is the Internet in danger of collapse? Is it possible that the platform on which we are building our future is actually a burning platform?
The Internet is essential for our work, social, and entertainment needs, and increasingly our purchasing needs. Not only are communication services supported by IP technology, but banking, financial trading, government, healthcare, and educational services also now rely on the Internet and IP networks.
With the advent of cloud computing and virtualization, we can no longer be sure where our data resides or is processed—or who has access to it. Our data is accessible using a variety of devices ranging from traditional PCs to mobile phones to TVs to iPods.
Client-side solutions are necessary, but they aren’t sufficient to ensure data protection. Various levels of the network require a multi-layered strategy that can deal with multiple, often mobile, devices and users.
We should remember that cybercriminals also have evolved from mischievous teenage hackers to highly organized, resourceful attackers that many people encounter today. They have the intelligence and the means to cause considerable damage and are quick to exploit new avenues of attack provided by new devices and software.
To understand the scope of the network security challenge, consider figures from Trend Micro, a leading provider of network security solutions, which has reported an explosive growth in the number of unique malware samples (i.e., types of attack) over the last 20 years (see the figure).
Network security system vendors are struggling to respond to these new attacks as quickly as they occur. In a sense, they are playing a cat-and-mouse game with adversaries who are as intelligent and innovative at exploiting weaknesses in networks and applications as they are at detecting attacks.
The Burning Platform
Higher data rates compound the challenge facing network security system vendors. IP networks are now being upgraded from 1-Gbit/s to 10-Gbit/s link speeds with 40 Gbits/s and 100 Gbits/s on the horizon. At 1 Gbit/s, a network security system needs to analyze up to 1.5 million packets per second. At 10 Gbits/s, this becomes 15 million packets per second. And this is per port and only in one direction!
The challenge for network security system vendors is to ensure that their systems:
- Can handle up to 15 million packets per second per port in each direction
- Have the necessary processing power and memory to analyze packets in real time
- Can scale to detect millions of new malware samples and higher line rates
The traditional approach to building network security systems is to build customized hardware, including ASIC chip development. However, with the exponential growth in malware and higher line rates, network security systems need to scale in both terms of data handling and computing power on a regular basis. This in turn means that the lifetime of a product revision will be shorter.
Can network security system vendors keep up, and do they have the deep pockets required to fund custom hardware and chip development on a regular basis? If they can’t keep up, what does this mean for the Internet and the services we base upon it? Will the Internet become a burning platform where we no longer can trust the security of our data? Or, is there another way?
Rethinking System Development
High-performance network security systems can be based on standard, off-the-shelf PC servers combined with intelligent real-time network analysis adapters for handling full line rate data. During 2010, Napatech provided several demonstrations of a full-throughput 10-Gbit/s intrusion prevention demo system based on both Snort and the Open Information Security Foundation’s (OISF) Suricata, which used this approach. The approach takes advantage of the strong roadmap of PC server and CPU chip vendors that are updating their performance and the number of processing cores they support on a yearly basis.
Network security system vendors can develop high-performance security appliances capable of operating at high data rates by taking advantage of off-the-shelf hardware. This allows these system developers to focus on what is important: making smarter security algorithms and staying one step ahead of cybercriminals.
It also means that these network security systems can be deployed throughout the network, on client PCs, and on last-mile connections running at megabits per second right to the core of the network running at 10, 40, or 100 Gbits/s. This allows a multi-layered response to network attacks even in cloud computing environments.
But to effectively ensure the reliability of the Internet platform, we must also bolster the foundations by constantly monitoring the performance and use of the Internet. Network security must not come at the cost of delays and inconvenience. By using network management appliances, we can ensure that the networks supporting the Internet are dimensioned and planned to ensure optimal performance.
Network management appliances collect data in real time, enabling immediate response to congestion issues, much in the same way as network security appliances respond to attacks. They can be used to ensure quality of service (QoS) levels, monitor real-time network performance, and troubleshoot problems as they occur. Many of these network appliances have already adopted for the off-the-shelf hardware approach and the information they provide can be used to effectively manage IP networks and the Internet.
Secure The Internet Platform Today
The combination of multi-layered network security using network security appliances and network management based on real-time data provides the foundation that will secure the Internet platform for generations to come. Investment in these solutions should therefore be top-of-mind for end users while development based on off-the-shelf hardware will ensure that system developers remain focused and agile, ready to keep up with the demands that future expansion of the Internet will undoubtedly bring.