In today’s complex and fast growing network infrastructure, where network traffic is always on the rise and network capacity is added to the network pipes, cyber security tools are often overwhelmed with network traffic that they cannot handle. The inability to process all network traffic or the lack of remaining resources to analyze data due to over utilization, creates security risks that the enterprise must avoid. The network congestion, generated by duplicated packets and unfiltered traffic, has a negative impact on both customers and vendors. A cyber security vendor will not be able to sell a product that cannot handle the network traffic, and a customer that deployed a cyber security tool will not gain the expected benefits, if it suddenly becomes over utilized. I have come across multiple cases of vendors that could not sell and deploy their tool due to the lack of a deduplication solution and had multiple conversations on this issue last week at the CYBERTECHconference in Singapore, with customers who are now eagerly seeking for a solution to resolve the deduplication challenge that over utilizes their cyber security tools.
There are three ways to address the network congestion challenge:
A. Deploy a network visibility layer that filters network traffic and performs deduplication
While his is the most common way to address the challenge (see Network Visibility and Cyber Security), it is a large scale project that may take time and financial resources that are not immediately available, and may defer the successful deployment of the cyber security tools. You may want to read more on how to reduce the cost and complexity of deploying the network visibility solution in a recent post The 5 Hidden Costs of Cyber Security that you Should Avoid.
B. Perform filtering and deduplication as part of the cyber security tool
Some vendors take this approach, however, it has two significant disadvantages. The first is that performing the filtering and deduplication activities consume scarce CPU and RAM resources from the tool and at some point, the tool will become over utilized again. The second disadvantage is that cyber security vendors master the cyber security domain and typically do not have the expertise nor the resources to invest in developing the powerful network filtering and deduplication layer that they need.
C. Offload filtering and deduplication with a Smart NIC solution
This is the best alternative in case a full network visibility layer does not exist. The SmartNIC™ is a smart network interface card using quad core 64 bit ARM-based CPU, designed to offload packet processing and filtering from cyber and monitoring tools. SmartNIC™ improves tool efficiency and performance by filtering and eliminating duplicated traffic and stripping specific headers that cyber and monitoring tools cannot otherwise process. User-defined configuration parameters allow the SmartNIC™ to feed clean and filtered traffic that the tools can easily process and control.
For more information, please contact me at firstname.lastname@example.org