Smart Networking Solutions to Deliver
In-Network Security

As security concerns in data centers continue to rise, delivering efficient, cost effective and high-performance security solutions has become paramount to maintaining the integrity of the services provided in the data center and the data it hosts.

The traditional security models are failing and becoming inadequate as the data center environment and technologies are constantly evolving.

THE PERIMETER CENTRIC SECURITY MODEL IS BROKEN

Traditionally, data centers have been protected by perimeter-based security technologies placed at key ingress and egress points, designed to restrict and analyze network traffic coming into and out of the data center. This security model assumes that traffic within the data center occurs in a well-protected trusted zone, and is, therefore, not restricted. In other words, the visibility inside the perimeter is limited and lateral controls are minimal. So if the perimeter is breached, an attacker is almost free to traverse the data center network and amass internal assets. Equally serious is the fact that an attack can go undetected for long periods of time, allowing the attacker ample time to potentially find and extract valuable data.

As cyber-attacks continue to increase in their sophistication and effectiveness in penetrating existing security controls, the perimeter security scheme can no longer be relied on to effectively keep adversaries and threats outside the data center

THE DATA CENTER NETWORKING ENVIRONMENT IS TRANSFORMING

The adoption of new architectures and technologies that offer the opportunity to deliver networking capabilities in a more agile and cost effective manner is transforming the data center networking environment. The change in application architectures, the growth in eastwest network traffic, the use of network and server virtualization, and the rise in of microservices usage are all contributing to additional misalignments for security.

THE GROWING USE OF ENCRYPTION

Growing concerns over internet traffic interception by government agencies and how unencrypted information can be gathered and used have kindled a global desire for protecting privacy. This has led to a massive increase in the use of encryption to protect data-in-motion and data-at-rest. For example, encryption is now a standard for cloud-based applications where it is used to protect the confidentiality and integrity of data passed between locations. Encryption is also progressively used to protect lateral traffic inside the data center.

The relentless growth of data in the network, the demand for faster data processing, and the widening use of encryption are profoundly impacting in-network defenses efficiency. With the growth in encrypted data, these defenses are progressively less capable of monitoring network flows and are turning dark. Other common techniques used to inspect encrypted network traffic, such as acting as a man-in-the-middle between the two ends of a connection, are becoming obsolete with an increased use of certificate and public key pinning designed to safeguard against snooping.

Encryption also aggravates the lack of visibility, and attackers are commonly using it to conceal their actions.

SERVER CPU CANNOT HANDLE TODAY’S EXPONENTIAL DATA GROWTH

As more functionality is now implemented at the server access layer (for example, firewall, encryption, load balancing, virtual switching, and virtual routing), less and less compute resources are dedicated to running applications. Furthermore, the performance of this added functionality is far from being adequate in supporting the volume and velocity of data expected to be processed. As such, the overall server efficiency is being reduced without any meaningful gains.

This decline in server efficiency was appropriately described in a 2016 article by Microsoft on cloud data center acceleration: “Both the slowdown in CPU scaling and the ending of Moore’s Law have resulted in a growing need for hardware specialization to increase performance and efficiency”. Thus, the combined challenge is to provide solutions with specialized hardware that address the requirements for efficiency, performance and security. The answer: Smart networking solutions that deliver in-network security.

THE MELLANOX SOLUTION

Mellanox offers high-performance, end-to-end interconnect solutions embedding security into the DNA of the modern data center infrastructure. The solutions comprise smart network adapters, switches, network processors, cables and modules, and software.