cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

White Paper: Importance of Programmability in Next-Generation Security Appliances

xtech-blogs
Xilinx Employee
Xilinx Employee
0 0 404

Editor’s Note: This content is contributed by Awanish Verma, Principal Architect and Director in Technical Marketing at Xilinx

 

Next-generation network security implementation is under constant evolution and going through an architectural shift from lookaside implementation to inline implementation. With the beginning of 5G deployments and multifold increase in the number of connected devices, the architecture for security implementation needs to be re-visited and modified. 5G throughput and latency requirements are changing the access networks while requiring the need for extra security. This evolution is driving the following changes for network security

  • Higher throughput for Layer-2 (MACSec) and Layer-3 Security
  • Requirement of policy-based analysis at edge/access
  • More throughput and connection requirements for application-based security
  • Predictive analytics and malware identification using AI and ML
  • Implementation of new Cipher Algorithms for Post Quantum Crypto

Along with above requirements, network technologies like SD-WAN and 5G-UPF are getting more and more adopted, which requires implementation of network slicing, more VPN tunnels, and deeper packet classification. In the current generation network security implementation, most of the application security is processed using the software running in CPU. While CPU capability has increased in terms of number of cores and processing power, the rising throughput requirements cannot be handled by the software-only implementation. 

Policy-based application security has changing requirements so most of the available off-the-shelf solutions can only a handle fixed set of traffic headers and crypto protocols. With these limitations in software and fixed ASIC-based implementations, the programmable and adaptable hardware provides the perfect solution to implement the policy-based application security and solves the latency challenges imposed by other programmable NPU-based architectures. Adaptable system-on-chip devices are a combination of a well-established hardened network interface and cipher IPs, and programmable logic and memory to implement millions of policy rules with stateful application processing such as transport layer security (TLS) and regular expression search engines.

Adaptable Inline SecurityAdaptable Inline Security

 

This white paper describes implementation of L2-L7 security using the programmable architecture, which can be deployed for security acceleration at edge/access networks and next-generation firewalls (NGFW) in enterprise networks.

Download a white paper!