Force10 Networks Chief Security Scientist Explores Complexities of Security

Securing high performance networks requires a new design framework that emphasizes flexibility while maintaining network performance, said Force10 Networks Chief Security Scientist Livio Ricciulli at the ESCC/Internet2 Joint Techs workshop. "While the threat to network security is not new, the increasing frequency and escalating costs of malicious attacks are driving the demand for a higher level of protection that doesn't compromise network performance," said Ricciulli. "To effectively combat these new threats at 10 Gigabit speeds, security devices must combine the flexibility of software with the performance of hardware." As network speed and complexity increase, the technological challenges associated with securing the network grow. The raw processing requirements to inspect packets at higher speeds can limit the ability of intrusion detection and prevention technology to find vulnerabilities quickly enough. An increase in the frequency of subversive activities further complicates attempts to secure the network. "High performance network security demands both internal and external measures that function at the speed of the network and can dynamically respond to varied attacks," continued Ricciulli. "The ability to inspect traffic at line-rate 10 Gig speeds and apply policies to prevent harmful traffic from entering the network are critical features of the high performance security that research and education organizations require to protect valuable data and analysis." Intrusion detection and prevention technology protects vulnerable computer systems from known application-level vulnerabilities undetected by systems that examine packet headers alone. By identifying vulnerabilities through application-level signatures, intrusion detection and prevention technology can stop packets carrying malicious payloads without shutting down the network, cost effectively reducing the impact of the attack on the organization. Despite existing network data security measures and government regulations, such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act, attacks and malware caused more than $500 billion in damages last year while the personal information of more than 57 million people was compromised in 2005. Force10 Networks recently acquired MetaNetworks Inc., the pioneer of line-rate 10 Gigabit intrusion detection and prevention technology. With the acquisition, Force10 can now build and secure high performance Gigabit and 10 Gigabit Ethernet networks at line-rate speeds.