Current Threat: The drive in malware development today is towards obfuscation and evasion on all levels – different encodings, encryption, dynamic IP address allocation, and other methods of hiding malicious traffic within otherwise-benign streams. To combat this, network and security vendors have virtually all turned to some form of deep-packet or content inspection to deliver a better understanding of traffic at all layers of the protocol stack. PCI Express, or PCIe, has become the definitive PCI architecture for the next decade to satisfy increasing traffic volume, and adoption is growing rapidly along with network speeds. Content security acceleration is now a critical component of these network security platforms, and must now continue to provide the same low-latency, high-quality inspection paradigm with a PCIe form-factor and these correspondingly higher speeds.
Tomorrow's Technology Today: The PCI bus has been the long-standing bus interface of choice for the last 10 years and it will continue play a major role in the next few years. However with security applications driving increasing bandwidth requirements, processors and I/O devices are demanding much higher performance throughput than PCI or PCI-X can effectively deliver. These market trends are driving the wide adoption of the third generation of PCI: PCI Express. The adoption of PCI Express is rapidly gaining market momentum and is already recognized as the new PCI architecture for the next decade. According to a recently published report by In-Stat, PCI-Express is interconnects are expected to grow from 8.7 million in 2004 to over 283 million in 2009 (78% CAGR) – the fastest growing segment in the interconnect technology market that also include Hypertransport (28% CAGR) and RAPIDIO (15% CAGR).
Sensory Networks’ NodalCore C-2000 content security cards deliver up to 2 Gbps of content scanning and pattern-matching on a PCI or PCI-X interface. This is supported by Sensory’s suite of middleware and applications, including Antivirus and IPS applications, high-speed HTTP & SMTP proxies, decoders and unpackers, and compilers. The shift towards PCIe as the interconnect standard of choice in network appliances corresponds to increasing network speeds, and maintaining effective content security at this level of performance while still inspecting every byte in every packet of every stream requires a similar shift in content security accelerator interconnects.
The NodalCore C-3000 PCIe cards use soft RAM based FPGA technology that can be updated with performance enhancements or new scanning functions even after boxes have been deployed in the field. The card comes with a 4-lane PCI-Express interface, fully certified by PCI-SIG, with a theoretical maximum of around 8 Gbps, although in practice this is likely to achieve at most 6.5 to 7 Gbps. The first model of the C-3000 is termed the NodalCore C-3000 Extreme, and is currently capable of up to 3 Gbps content scanning throughput. Importantly, the use of FPGAs to implement the Security Processing Unit, or SPU, enables this exact model to run potentially even faster as more compact and optimized firmware is built for the existing fabric. The C-3000 has removed some and upgraded other internal bridges and connections to eliminate system bottlenecks for the increase in bandwidth. It also comes with a maximum of 4 banks of RAM, as opposed to the 2 available on the C-2000. This heavy-duty processing performance comes with an extremely lightweight power footprint – a maximum of 15W and an average of 12W.
The C-3000 is supported by the latest version of Sensory Networks’ drivers and libraries, NodalCore 3.5, and Sensory’s extensive suite of AV, IPS, and other anti-malware applications. Few of the alternatives currently available on the market can match the speed of the current C-3000 model, and this gap will continue to widen as our hardware engineers refine the firmware. Another approach has been to move to an ASIC-based model, which through changes in requirements or necessary functionality, can result in a forced re-spin, a process which outweighs any initial savings. With our latest in the C-Series line of content security accelerators, Sensory Networks has taken the quantum leap from PCI to PCIe without compromising on security coverage or application stability. The NodalCore C-3000 is the fastest and most extensible accelerator card in its class on the market.
Conclusion: Network and security devices using our latest PCIe cards and software can discover, trap, isolate and block malware at true wire-speed, even at the highest rates of network traffic. This keeps users safer from viruses, intruders, spam, spyware, and other forms of malware.
2595 East Bayshore Rd
Palo Alto CA 94303 USA