The Inspection Model is Broken
So, how do you scale inspection for today’s traffic volumes without impacting network performance? And how do you make it economical?
Historically the most common strategy to scale network security and inspection has been vertical scaling of fixed function devices. Despite spending lots of time and money doing this, large enterprises are still struggling with some perennial issues: encrypted traffic causes security appliance performance to drop by 90%, compounded by traffic volumes and traffic mix producing unpredictable performance.
It’s time to decouple the network from network security.
A Turnkey Virtualization Approach to Scaling Traffic Inspection
If you scale network security services horizontally, not vertically, then you can increase or decrease your traffic inspection capacity as needed to meet demand. Just like you do for web applications in the datacenter. For high capacity links, this is the only feasible approach, since full traffic inspection can only be done with a greater number of processors sharing the load, rather than with a bigger, specialized, single-purpose appliance.
And once you are scaling horizontally, then you can take advantage of virtualization. When you virtualize the security stack, you can scale your traffic inspection into virtual security services that can be mixed and matched from different vendors and controlled independently of one another. This builds out immunity to traffic mixes and bandwidth demands, as well as creating an architecture that is completely flexible to what security services you actually need.
Like we see with hyperconverged infrastructures for storage, the various elements of this solution must be delivered as a turnkey platform. Then, it can be ordered and priced using a cloud model and delivered as a service that operates seamlessly within the customer’s existing security stacks.
Network Security Virtualization Platform
Corsa Red Armor is a turnkey network security virtualization platform that makes it possible to scale traffic inspection for 100% visibility, without degrading performance on high-capacity networks. Leveraging a private cloud approach, users can order with one click, deploy in minutes and pay-as-you-grow, improving TCO compared to the CAPEX for existing security approaches.
Scaling Traffic Inspection with Corsa Red Armor and our Network Security Ecosystem
In its best form, traffic inspection needs to be completely abstracted away from the network and instead with a single-click, you select how much inspection capacity you need.
The Corsa Red Armor Network Security Virtualization Platform is turnkey so it feels like a private network security cloud where you can add or remove inspection capacity as needed with one click and you don’t have to define what is running in the background to make the inspection happen.
You can start with the Corsa platform to economically inspect 100% of your traffic without impacting network performance and then grow to keep pace with changing security threats and increased network bandwidth demands by scaling as required and leveraging our network security ecosystem partners.
How it works
The Red Armor platform provides the sophisticated integration of four key elements:
- A security services load balancer from Corsa
- Commodity servers, such as DellEMC, running Openstack and optimized for network security performance
- Virtual security instances from our network security ecosystem partners, such as Palo Alto and Fortinet
- Corsa Virtualized Infrastructure Manager (VIM)
Traffic enters the platform on either 1G/10G or 100G links and is balanced into the server under control of a hypervisor specifically designed for optimal management of network security workloads. This load balanced traffic arrives at 20 Gbps of compute which is configured with [your favorite firewall] security instances based on how much inspection capacity you require. Advanced load balancing and horizontal scaling let you turn up as much traffic inspection on a link as you require. As your 20 Gbps sled fills towards capacity, we alert you so there is plenty of opportunity to increase capacity and “Pay as you Grow”.