Security in the switch

Extreme Networks claims to have released a groundbreaking switch-based security solution, which is designed to counter security threats while retaining throughput of information at 10Gbytes/s.

  • E-Mail
By  Simon Duddy Published  May 15, 2005

|~|extreme_ch_m.jpg|~|“Security is the number one concern of most customers. Moreover, we see a trend, which is confirmed by most leading analysts, that security is moving from dedicated security companies into the network arena,” - Chris Moore, regional manager, Extreme Networks MENA.|~|Extreme Networks claims to have released a groundbreaking switch-based security solution, which is designed to counter security threats while retaining throughput of information at 10Gbytes/s. The Extreme solution comprises two parts, with the CLEAR-Flow security rules engine, which is available now, being integrated into Extreme’s BlackDiamond 10K switch. The second component is the Sentriant virtual security resource (VSR) appliance, which will be available in the next few months and will cost US$41,995. The solution is designed to provide a defence against zero day attacks, which are threats that lack a signature or previous pattern. Extreme claims the solution will contain these attacks before they cripple network performance. The system works by using the Clear-Flow analysis engine to detect potentially damaging traffic. This is then diverted to the Sentriant, which counters the threat. Extreme is the one of the few switch vendors on the market making a claim to scale its security mitigation to 10Gigabit links. Traditionally switch vendors use separate intrusion detection systems (IDS) and intrusion prevention systems (IPS) or on-switch blades to counter threats. These tend to scale to1Gbytes/s and typically operate at a throughput of 300Mbytes/s. “Extreme currently has the unique differentiator of being able to claim selective threat prevention to 10Gigabit links, which contrasts with most competitors that have performance near the 1Gbytes/s mark,” says Joel Conover, principal analyst for enterprise infrastructure at research and analysis firm Current Analysis. The centralised nature of Sentriant lets Extreme’s switches to do the heavy lifting of initial identification of threats, which allows the VSR to handle many streams of information without developing a bottleneck. Extreme also claims that its solution has the edge in price over its infrastructure rivals. Extreme says the Sentriant does the same job as two Cisco blades – the Threat Anomaly Detection Module and the Threat Anomaly Guard Module, which Extreme says cost in excess of US$100,000. As well as highlighting the benefits of Extreme’s initiative, analysts have pointed out some caveats regards its approach. As the solution is unproven, it may take Extreme some time to convince potential customers that the solution is robust. “The Clear-Flow analysis engine is highly complex,” says Conover. “In the past, such highly complex mechanisms have been a red flag warning to IT administrators to beware of performance incursions as a result of enabling those features,” he explains. Making use of the Sentriant also requires that the enterprise deploys a switching infrastructure from Extreme. This is because the Sentriant is tightly integrated with the Clear-Flow engine in the Extreme’s high-end switches. In contrast, other players, such as Enterasys and 3Com can deploy their security solutions across other vendor’s architectures. This could prove a problem for enterprises that have invested heavily in kit from other vendors. Critics have also pointed out that Extreme’s solution is geared towards day zero attacks only and that other vendors have more comprehensive end-to-end security offerings. The Extreme solution is indicative of a trend among switch vendors to be more active in the security space. This covers a wide range of approaches from Cisco’s network admission control (NAC) initiative to security features being built into switches, such as virus throttling in HP ProCurve’s 5300 switch. Other vendors have also implemented switch-based security monitoring that scales to 10Gigabit, for example Foundry’s sFlow technology. Sflow works with Foundry’s JetCore ASIC and can be applied to all ports on switches across the network without degrading performance, according to the vendor. “Security is the number one concern of most customers. Moreover, we see a trend, which is confirmed by most leading analysts, that security is moving from dedicated security companies into the network arena,” says Chris Moore, regional manager, Extreme Networks MENA. “Threats are moving towards the inside of the network because you can’t protect every port with a firewall plus current security devices cannot deal with the huge amount of data on Gigabit and 10Gigabit networks,” he adds. End users, however, often like to separate security functions from switching infrastructure for simplicity and to ensure compatibility. Vendors must hurdle a high barrier to convince these customers that their security offering is complete and robust. “I will not consider a security appliance from the supplier of the switch or the router, as most active device manufacturers are not standardised with other brands,” says Sameer Khoory, IT manager at eTQM College. Others in the industry are sceptical about the infrastructure players’ motives for moving into the security arena. Rather than seeing it as a response to customer demand, some see it as an attempt to speed up the sales cycle of products. “Cisco and other infrastructure hardware vendors are getting into security because it will increase the turnover of their products,” says Antony Chapman, senior director of Asia Pacific for security vendor SonicWall. “Routers tend to last for ten years, but security is a more dynamic market where products are changed every three or four years. Building security into products will allow big network players to speed up their sales cycle,” he adds. Along with these concerns, bringing security functionality into the switching infrastructure presents considerable challenges for vendors. As security is not their core competence, switch vendors have to prove that their solutions work and also show that their architecture can handle the increased complexity that comes with integrating security. Vendors also must focus on making its channel partners security aware and proficient. The trend in the network is moving away from isolated security appliances to a coherent network security system built around sophisticated switches. However, to allow switches to deal with threats at wire speed, the vendor’s policy engine has to be very efficient. The switch vendor also has to be able to fill important security roles, such as authentication, authorisation, intruder detection and quarantine either with its own products or by ensuring easy compatibility with third party solutions.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code