Network architects and security engineers are challenged to ensure their networks always operate with integrity and are properly protected. They are looking to be proactive in their approach to network security by taking all of the information gleaned from leading network performance and analytics solutions, matching it against policy and then in real-time, updating traffic flow and network configuration (yes, I have to say leveraging AI……and drop that buzz word!). Right now, a lot of this relies on a variety of monolithic appliances, usually on-premise and usually reactive, and more often than not, having issue with scaling, flow precision and automation. This is today’s less-than-ideal network security situation.
The big shift, and opportunity for Corsa, is to leverage NFV, the cloud and the emerging best of breed SaaS approach to make network security really work as IoT, 5G, virtualization and micro-segmentation become common.
Instead of trying to force everything into monolithic platforms, disaggregate network security. Now you can garner the benefits of a performant yet minimal flow-based hardware appliance that excels at traffic export for data acquisition and network statistics as well as traffic enforcement for precision traffic filtering to maintain integrity of the network. All the while putting the analytics, policy and smarts into the cloud (where they should be) to form an adaptive response architecture.
We call the performant, flow-based appliance a Network Security Control Point and it follows the SDN evolution seen in data centers and networking, an architecture of separating data plane (for security, it’s data export and filtering for enforcement) from control plane (cloud analytics).
With the explosion of network traffic combined with the escalation of cyber security attacks, the Control Point must exhibit the right performance and scale behavior. It must be able to operate with any cloud-based tools, whatever you choose. It must be a simple, universal way to collect data, and then connect the cloud analytics (I know what is happening) to the action (this is what I want to do with it).
Currently, there is a gap. Where the analytics are incredibly powerful and readily available, collection and action at control points are not. To put it in Gartner’s terms, where they define the 3 key stages of a threat intelligence strategy to be acquire, aggregate, and action, it’s precisely the acquisition and action stages that are missing.
Corsa Red Armor, built on patented Corsa Traffic Engine (CTE) technology, is an answer to both and is the universal control point that closes the network security gap to produce automated (adaptive) response. Corsa’s NSE7000 can act as both the acquisition point and the action point without performance or scale limitations.
This philosophy of disaggregated control points then becomes the underlying enabler of real security automation (true machine learning).
With a disaggregated flow-forwarding engine designed for internet-scale, control points can be created anywhere in the network to augment current architectures and equipment. The control point can not only serve data to any cloud-based analytics and orchestration software, for any use case, but also receive instruction for precision flow-based enforcement.
Red Armor NSE7000 is a family of transparent, in-line L3/L4 network security devices. With full line-rate performance, and ultra-precise, NSE lets you control any packet with any operator-defined rule and a wide choice of actions: accept, drop, rate-limit, copy, redirect, GigaFilterTM and MegafilterTM ACLs and more. The ability to program hundreds of thousands of different rules, with REST or full BGP FlowSpec support, and have the network respond at a per flow level gives control back to the network architects and security engineers who can now define policy, flag anomalies through rigorous analytics and automatically shut down bad flows at any scale and at any point in the network.
In the easiest possible way, you can create a dynamic network control point by placing the NSE in-line wherever you need it.
So, if you need to create a scalable security perimeter, add the NSE7000 as an enforcement point. Want to scale your firewall? Then redirect traffic to virtual firewall instances that dynamically expand and contract your gateway protections. Or perhaps you are leading the incident response team and need to buy time for further investigation, then use the control point to rate-limit certain traffic to maintain network integrity while you dig deeper. If you are a managed DDoS service and you want to clear out DDoS traffic, then control traffic flow based on whatever filters you need at the time and rapidly adjust them to some new customized filter based on your intimate and proprietary knowledge of good traffic vs attack traffic. For traffic entering a network, Threat Intelligence Gateways can become vastly more effective with the extra functionality of a control point architecture.
A network security gap closed with Corsa control points placed anywhere in your network takes your network integrity to the next level and gets you out in front of the threat landscape. It allows best in breed, cloud-based analytics software to evolve within the context of AI to create a preventive approach to network security.