EMBEDDED CYBERSECURITY IN NOVIFLOW SWITCHES
NoviFlow switches implement the next generation networking technology – a flexible forwarding plane optimized for processing match+action rules within a fully programmable pipeline. This new networking paradigm has huge implications for Cybersecurity. It enables security mitigation action to be injected right into the network fabric turning NoviFlow’s NoviSwithces into Threat Intelligence Gateways.
SEPARATION OF MITIGATION FROM ANALYSIS
The old paradigm for Cybersecurity is a dedicated system, or a cluster of security systems, placed at key points in the network. These systems provide both the analytic functionality to detect threats and the mitigation actions to address threats. All traffic that needs to be secured must flow through these security point. This solution is expensive and is difficult to scale for today’s throughput requirements.
A better solution is to move the security mitigation action into the network fabric. NoviFlow switches, with programmable capabilities, enable mitigation actions to implemented in one or more tables in the packet processing pipeline.
In this new paradigm of SDN based Cybersecurity, the analytics engines finds threats and the programmable network fabric implements the mitigation actions instantly for fastest possible protection from breaches, denial of service attacks, and loss or destruction of data and network assets.
THE NOVISWITCH: OFF-LOADING x86 BASED MITIGATION TO NPU SILICON
Most Cybersecurity products are based on Intel x86 processors running software-based packet processing. This is an excellent environment for the security analytics engines, but a very poor environment for handling mitigation actions. Software based mitigation filtering provides limited throughput and is an expensive solution.
Moving the mitigation action to the programmable pipeline in NoviFlow switches moves the execution of the mitigation rules to a Network Processor (NPU). This is a silicon based solution that is 2 to 3 orders of magnitude faster than x86 process.
THREAT INTELLIGENCE GATEWAY EXAMPLE
This example shows Security Cluster generating detailed Mitigation events that are implanted in the top Gateway switch. The match+action multi-table programmable pipeline in the NoviSwitch enables the security analytics engine to generate millions of detailed (at a specific flow level) mitigation “block” rules in the case of a large-scale attack. Even with the largest mitigation rule sets the NoviSwitch will process packets at line-rate.
The example also shows a NoviSwitch providing services to the Security Cluster. This switch enforces “Shunt” events which block elephant flows after the first few packet, and provided load balancing of the traffic coming into the Security Cluster servers.