With the exponential increase in traffic demands and the high encryption rates for that traffic, enterprises face an ever-expanding threat surface when it comes to cybersecurity. We have an unacceptable blind spot in network security called the SSL inspection gap – the point where an enterprise can’t keep up with decrypting incoming traffic while maintaining their network’s performance, so they opt to let traffic through unchecked in order to speed up their network. In my last blog post I outlined the problem. Here I want to tell you about the solution.
When a technology no longer addresses market needs, you must be willing to explore a new and disruptive approach. At Corsa, rather than continuing to try and solve today’s challenges with the same, but bigger, solutions, we decided to step back and look at the problem from another angle.
Horizontal scaling in web application servers
We looked to web application servers for inspiration and asked ourselves, “how do web applications deal with scale?” In the data centre work arrives and is distributed among web application servers. If more work arrives from the Internet, you simply spin out more server capacity. The sources can be more or less, and the destination can match the capacity needed. This is horizontal scale at work, and the beauty of it is that it’s elastic. Capacity can be added or removed dynamically as needed.
When it comes to network security, the security industry has forgotten about the elegance of horizontal scale and we’ve been trying to solve the issue of 100% inspection on high throughput networks with vertical scaling, or buying bigger, specialized hardware. However, throwing more of the same – single purpose appliances with hardwired security functions – at the problem of scale simply isn’t working.
As we looked at the problem, we concluded that a much more flexible and efficient way to scale in-line security is to scale it horizontally, rather than vertically. Just like we do with web application servers.
Horizontal scaling means that, instead of turning off decryption or buying more single-purpose hardware, you can split the work between more and more devices until you can inspect 100% of your traffic, 100% of the time. For high capacity links this is the only feasible approach. SSL/TLS decryption can only be processed with a greater number of decryption processors sharing the load rather than with a single, CPU complex trying to keep up with demand.
A new approach: Software-defined Network Security
When you scale out your traffic into multiple virtual security services that can be mixed and matched from different vendors, and controlled independently of one another, that’s powerful. This provides immunity to increases in bandwidth demands and changes to traffic mixes, as well as creating a flexible architecture for the security services you need. What we’re doing is leveraging proven virtualization technologies to create a long-term solution for the SSL/TLS inspection gap and other network security challenges.
With the current solution of network security hardwired into one security appliance you lose 90% of your visibility when encryption is turned on, get unpredictable results, and you’re stuck with a product hardwired into your architecture which requires forklift upgrades. Now we’re proposing a software-defined network security approach that horizontally scales your network security. You gain 100% SSL visibility and you can elastically add or remove capacity as your traffic mix or profile changes. No need for forklift upgrades, plus you get the full flexibility of on-premise cloud architecture.
What’s more, this approach opens the ability to add other security services to the stack when needed. As the security needs expand, Corsa will evolve this platform to scaling other security functions such as IDS, IPS and forensics. It’s the future of network security.