Threat Intelligence Gateway
Accelerating and scaling cybersecurity applications and appliances
The old paradigm for Cybersecurity is a dedicated system, or a cluster of security systems, placed at key points in the network. These systems provide both the analytic functionality to detect threats and the mitigation actions to address threats. All traffic that needs to be secured must flow through these security point. This solution is expensive and is difficult to scale for today’s throughput requirements.
Another limitation arises from Cybersecurity solutions being implemented on Intel x86 processors running software-based packet processing. This is an excellent environment for the security analytics engines, but the X86 architecture is a very inefficient platform for handling packet-processing tasks. Consequently, software based mitigation filtering provides limited throughput, does not scale economically, and is often limited by hard upper limits for solution throughput.
How NoviFlow Does Things Differently
NoviFlow switches implement the next generation SDN networking technology – a flexible forwarding plane optimized for processing match-action rules within a fully programmable pipeline. This enables the off-loading of packet-processing intensive tasks from X86 based VMs and appliances to the NoviFlow’s NoviSwitches, which can execute these tasks far faster and more cost-effectively because of their use of optimized networking processors – such as the 6.4 Tbps Barefoot Tofino. Also, NoviFlow switches, with programmable capabilities, enable mitigation actions to implemented in one or more tables in the packet processing pipeline.
CyberMapper enables NoviWare™ compatible switches (such as NoviFlow’s NoviSwitches and select white-box switches) to deliver packet filtering, threat mitigation and load balancing directly in the network fabric in a simple, scalable, compact form factor, and at a fraction of the price of conventional networking solutions.
Moving the mitigation action to the programmable pipeline in NoviFlow switches increases the speeds of packet data handling and the execution of the mitigation rules by as much as 2 to 3 orders of magnitude over x86 processors, effectively changing the economics of implementing network packet data processing.
Another advantage of the CyberMapper solution is that the analytics engines finds threats and the programmable network fabric implements the mitigation actions instantly, for the fastest possible protection from breaches, denial of service attacks, and loss or destruction of data and network assets.
CyberMapper’s new networking paradigm has huge implications in the Cybersecurity context. CyberMapper enables security mitigation actions to be injected right into the network fabric, turning NoviSwitches into Threat Intelligence Gateways.