Every organization sees security as an area where you can never have too much, but the cost of securing the network is effectively money lost. Security comes at a price, but the constant evolution of the threats means that both developers and end users must make major investments to keep pace.
The end user trying to protect their network is presented with a confusing array of options when it comes to network security hardware. Most are costly and rarely integrate simply with existing infrastructure. The developer is faced with the challenge of developing solutions that remain competitive but that operate within the environments demanded by the end user – who wants to spend the smallest amount possible to provide “complete security”.
The problem for both the user and the developer is the cost of engineering hardware that is capable of meeting the users’ needs and budget while providing a business for the solution developer. Traditionally the way to do this has been to develop custom hardware platforms that require a root and branch change of the security hardware each time a new communication standard was required. Custom hardware is costly to develop in terms of volumes of production, non recurring engineering costs, and most importantly time. You simply cannot turn around a new hardware platform from concept to production in tight timescales – and as line rates increase the rules change and custom hardware designs no longer scale to the multi-gigabit stage and beyond. So where can developers and end users turn when they cannot justify in-house development of custom hardware?
The answer is to develop solutions based around commodity server technology. The humble PC server has seen exponential growth in performance and capability in recent years. In addition, multi-CPU and multi-core processors and new bus technologies allow for data processing at rates previously impossible.
Using a server base, scaling processing ability and storage space becomes a function of inserting more CPUs, more disks or extra RAM – the options are almost limitless – and the technology is inexpensive and readily available.
It’s no surprise therefore to find that this high performance server technology, coupled with high performance network interfaces gives software vendors a perfect environment on which to deliver high performance applications. The flexibility and scalability of the server approach means that the demands of even the most taxing applications can be easily met, and the availability of high performance network interfaces mean that all that processing power is available to work on the data rather than manage the interface. Throw in an operating system designed to make the best of this combination and you have an unbeatable platform.
The result for the end user is a product that arrives at the right price, offering the right performance in the right package – and it integrates with existing infrastructure as a PC server – manageability comes as standard and rights-based multi-user access is a snap.
Server virtualization adds further to the flexibility – allowing multiple applications that would otherwise have independent systems to run concurrently on one system – reducing capital investment, space, and complexity. A system implemented primarily for compliance can also generate an ROI for the network manager by offering useful network monitoring functions on the same box. With virtualization, these are in logically separate and secure operating system environments.
Finally, let us not forget open source software! Many popular network security applications (Network intrusion detection systems as an example) are often benchmarked against open source software. If open source sets the baseline – why not *use* the open source tools in implementations. The open source community has delivered some leading applications in their categories, such as Wireshark and Snort. These applications are constantly developed to meet emerging needs. Performance can be scaled by adding more CPU’s making multi-gigabit applications a reality and allowing everyone to realize the benefits – from the enterprise LAN to the service provider core.