This article originally appeared in the August 2010 issue of INTERNET TELEPHONY.
Combating cyber-terrorism is an ever-growing concern as plans to build an effective national cyber security program are taking shape. Last spring, President Obama conceded that the U.S. was not fully prepared to defend itself against serious network threats. As of about a year ago, more than 10 million U.S. residents had been victimized by identity theft alone, and that number is increasing by approximately one victim every second.
Enterprise Security Information and Event Management, or SIEM, applications from companies like NetWitness (News - Alert) and Trustwave promise the intelligence and forensics needed to better secure our nation’s critical networks.
What is stopping us from mobilizing these intelligence-based threat capture and cyber security management systems in a meaningful way? For one, advanced SIEM systems operated by well-trained network information analysts need a highly available, scalable and redundant network infrastructure capable of automating real-time analytics. Most national security and government networked systems cannot accommodate the command and control analytics needed to activate a true security management system. Until critical networks are upgraded, their otherwise static network monitoring and data logging applications will remain insufficient.
Developing a dedicated, real-time system to monitor critical network assets requires deep packet inspection. DPI is used to detect and take action on the granular and often interdependent contents of the packet payload rather than just the packet header. Multi-core scalability and leveraging the sheer number of CPU cores available today are key to maximizing the performance of DPI-based security management. Legacy SIEM architectures can scale from 10,000 to 15,000 events per second, but today’s security market and regulatory requirements demand the capture of 100,000 events per second or more.
Do those requirements sound familiar? They should, because the recently released ATCA multi-core CPU blades based upon Intel’s (News - Alert) Xeon 5600 processors offer six cores per processor to satisfy SIEM’s scalability demands. New platform solutions like the RadiSys ATCA-7220, a dual OCTEON packet processing AdvancedTCA (News - Alert) blade, are ideal for implementing DPI. This blade contains an on-board 10GE switch that acts as a smart front-end for its OCTEON processors. This allows independent resetting of the OCTEON processing complexes for fault isolation, off-loading and augmenting the OCTEON data path processing software, and it provides flexible data flow options.
Real-time access to the critical data needed to manage threats will be more attainable as the AdvancedTCA architecture transitions from 10G to 40G later this year. As packet rates increase, having 40G bandwidth will help reduce the unwanted latencies for deep packet processing and finally begin to align security forces with real-time management.
As cyber threats become more complex and severe, SIEM applications and the network platforms on which they operate will improve. Are our national security experts looking at the latest ATCA-based packet processing systems with multi-core CPU blades stacked on a 40G backplane?
Jeff Hudgins (News - Alert), Vice President of Engineering at NEI, writes the Tech Score column for TMCnet. To read more of Jeff’s articles, please visit his columnist page.
Edited by Stefania Viscusi