The current model for scaling encrypted traffic inspection is broken…
So you ask yourself: how is it possible to scale encrypted traffic inspection for today’s traffic volumes without impacting network performance? And how do you make it economical?
Historically the most common strategy to scale network security and inspection has been vertical scaling of fixed function devices. Despite spending lots of time and money doing this, large enterprises are still struggling with some perennial issues: encrypted traffic causes security appliance performance to drop by up to 90%, compounded by traffic volumes and traffic mix producing unpredictable performance.
It’s time to decouple the network from network security.
A Turnkey Virtualization Approach to Scaling Traffic Inspection
If you scale network security services horizontally, not vertically, then you can increase or decrease your traffic inspection capacity as needed to meet demand. For high capacity links, this is the only feasible approach, since full traffic inspection can only be done with a greater number of processors sharing the load, rather than with a bigger, specialized, single-purpose appliance.
And once you are scaling horizontally, then you can take advantage of virtualization. When you virtualize the security stack, you can scale your traffic inspection into virtual security services that can be mixed and matched from different vendors and controlled independently of one another. This builds out immunity to traffic mixes and bandwidth demands, as well as creating an architecture that is completely flexible to what security services you actually need.
Like we see with hyperconverged infrastructures for storage, the various elements of this solution must be delivered as a turnkey platform. Then, it can be ordered and priced using a cloud model and delivered as a service that operates seamlessly within the customer’s existing security stacks.
Network Security Virtualization Platform
The Corsa turnkey network security virtualization platform makes it possible to scale traffic inspection for 100% visibility, without degrading performance on high-capacity networks. By tightly integrating virtualization with intelligent orchestration, Corsa Security streamlines deployment, management and operations of virtualized next generation firewall (NGFW) arrays for large networks.
Scaling Traffic Inspection with Corsa Security and our Network Security Ecosystem
In its best form, traffic inspection needs to be completely abstracted away from the network and instead with a single-click, you select how much inspection capacity you need.
The Corsa network security virtualization platform is turnkey so you subscribe to the Corsa Security service based on your traffic inspection capacity needs and then pay as your grow while never having to deal with the infrastructure.
You can start with the Corsa Security platform to economically inspect 100% of your traffic without impacting network performance and then grow to keep pace with changing security threats and increased network bandwidth demands by scaling as required and leveraging our network security ecosystem partners.
How it works
The Corsa Security platform provides the sophisticated integration of four key elements:
- Corsa Red Armor Orchestrator Virtualized Infrastructure Manager (VIM)
- Virtualized firewall instances from our network security ecosystem partners, such as Palo Alto Networks and Fortinet
- A security services load balancer from Corsa Security
- Commodity compute servers, such as DellEMC, running Openstack and optimized for network security performance
Traffic enters the platform on either 1G/10G or 100G links and is balanced into the server under control of a hypervisor specifically designed for optimal management of network security workloads. This load balanced traffic arrives at 20 Gbps of compute which is configured with [your favorite firewall] security instances based on how much inspection capacity you require. Advanced load balancing and horizontal scaling let you turn up as much traffic inspection on a link as you require. As your 20 Gbps sled fills towards capacity, we alert you so there is plenty of opportunity to increase capacity and “Pay as you Grow”.