By David Le Goff – 6WIND Product Marketing Manager
I spent a day recently at InfoSecurity in London (http://www.infosec.co.uk/) which with over 12,000 visitors is one of Europe’s largest security conferences.
I talked with many exhibitors about network security along with their challenges in migrating from proprietary environments to more flexible platforms, based on x86 processors and with virtualized architectures. It seems that the security market is working hard to bring more agility to network security products while still offering advanced security functions. Indeed, almost everyone I talked to agreed that Software-Defined Networking (SDN) solutions, increasingly requested by service providers and data center operators, are key to delivering the SLAs that end-users expect, while ensuring acceptable ROI for the service providers themselves.
It is not surprising the difficulty of predicting application trends, along with the boom in sales of smartphones and tablets, present major challenges to service providers who must predict and adjust finely their capacity while keeping costs at a reasonable level. This is a key driver for the deployment of SDN technologies in order to deliver the same benefits for networks that server virtualization already provides for compute subsystems.
I talked to suppliers of next-generation firewalls, Unified Thread Management systems, Intrusion Prevention Systems, Application Delivery Controllers and WAN Acceleration Controllers, who confirmed their need to re-architect their solutions to x86 new Intel architectures while maintaining the performance levels reached by proprietary hardware. Additionally they are all exploring the adoption of virtual network appliances.
On another topic, I talked to various OEMs working on plans for improving their DPI engines, since they see a convergence between Layer 4 through Layer 7 security services. Policy enforcement, cyber security, URL parsing and deep layer 7 protocol analysis become a requirement for many of their products. But there are significant challenges in the way of implementing these services on standard servers, such as how to terminate TCP or SSL sessions for Layer 7 DPI, how to implement crypto engines in a virtualized environment and how to architect a smart “flow table” for triggering DPI engines.
How do you see market trends in the security domain? Are you working on some form of security convergence? What are your plans for hypervisor optimization and how would you implement a smart flow table on an x86 platform?