With levels of SSL/TLS encrypted traffic at over 70%, network and security architects within large enterprises face an increasingly difficult task when it comes to inspecting 100% of their traffic to protect against cyber-attacks. Unfortunately, this is a challenge facing many organizations.
It all starts when security architects notice that their firewall performance suffers as they try to decrypt SSL/TLS traffic. They quickly find themselves turning off policy to alleviate these performance issues but the pay-off is reduced traffic inspection, creating prime opportunities for an attacker to successfully infiltrate their network and cause any amount of damage. The other solution they explore is to buy a bigger firewall, but they know this is only a stop gap as single purpose, hardware-based firewalls simply can’t scale traffic inspection as needed.
A new approach for scaling network security
Corsa Security has a third option to scale network security without impacting performance. As a member of the Palo Alto Networks NextWave Partner Program, Corsa Security has integrated our turnkey network security virtualization platform with Palo Alto Networks VM-Series Virtualized Next-Generation Firewall. By tightly integrating virtualization with intelligent orchestration, this solution streamlines deployment, management and operations of virtualized next-generation firewall (NGFW) arrays for large networks.
This push-button virtualization of firewalls works by moving traffic across as many Palo Alto Networks VM-Series instances as the enterprise needs. Behind the scenes, the virtual NGFWs are running on state-of-the-art hyperconverged infrastructure, specifically optimized for scaling network security. Customers can elastically add virtualized NGFW capacity to meet the demands for increasing bandwidth with the click of a button.
Successful threat protection at SuperComputing 2019
We showcased this multi-vendor solution as part of SCinet at SuperComputing 2019. SCinet supports the revolutionary applications and experiments that are a hallmark of the conference, enabling exhibitors to demonstrate the advanced computing capabilities of their solutions and services, whether in large-scale or one-on-one. This year these connections were protected by the Corsa platform.
The Corsa solution was deployed at the perimeter of SCinet, which was comprised of three high speed links to the commodity Internet:
In addition to deploying our integration with Palo Alto Networks VM-Series, the Corsa Security platform integrated seamlessly with industry-leading SOC analysis tools such as Splunk, Corelight and others, to identify, alert and block threats during SC19.
During the event, the Corsa Security platform was inspecting 240 Gbps of potential bandwidth. And, we blocked over 30 GB of data, which represented 25,000 threats, both inbound to SCinet and outbound from SCinet.
The benefits of a multi-vendor network security solution
As demonstrated, the integration of the Corsa Security platform with Palo Alto Networks VM-Series appliances provides a scalable approach for network security, but the benefits don’t stop there.
- A familiar system for quick setup. Customers can continue to use their Palo Alto Network products, including the Palo Alto Networks Panorama policy manager. This means set-up and integration is quick – firewall policy is configured the same way as always – and it also eliminates the need for additional training.
- Flexible management of capacity. The cloud-like design gives the enterprise the ultimate elasticity and manageability of on-premise network security virtual solutions. With a simple click of a button, they are able to add inspection capacity, without worrying that inspection profiles might affect network performance. This scale-out approach is the only viable solution to inspecting the increasing volume of SSL/TLS encrypted traffic.
- An intuitive UI for ongoing operations. Built on a simple and intuitive UI, the Corsa Security Orchestrator is a single portal to set up and orchestrate all virtual NGFW. The manager indicates the health of the virtual firewall system, resource allocation, VM and network utilization. Since the Security Orchestrator is tightly integrated with Palo Alto Networks Panorama, you can easily manage at-scale stateful inspection using a cluster of Palo Alto Networks VM-Series instances.
- Stronger security. It is imperative for customers to be able to inspect all their traffic, all the time. If they opt to limit inspection or turn off policy, they risk opening themselves up to a breach and the ensuing cost and inconvenience. With this joint solution, they gain predictable performance for any inspection and threat prevention thanks to the scale-out architecture.
- Future proofing of security needs. As enterprise needs evolve and contain hybrid environments, this joint solution will give them another option as they manage cost and their needs and requirements in deploying NGFW form factors such as hardware and virtual. This offering supports a subscription-based model that gives the customer flexibility as they scale and manage the network and cost.
Protecting our organizations from cyber-attacks is becoming increasingly challenging, and it’s only going to get more demanding with the predicted rise in encrypted traffic. The integration we have with our turnkey network security virtualization platform and Palo Alto Networks VM-Series will help protect your organization by scaling out your inspection capacity quickly, easily and affordably. Just like we demonstrated at SCinet.