Historically, we’ve inspected traffic using single-purpose, specialised hardware – namely firewalls. While performing a crucial role in preventing successful cyberattacks, firewalls have evolved over several generations to become much more than packet-filtering mechanisms.
Now, with exponential increases in bandwidth and SSL/TLS encrypted traffic, firewalls are unable to keep up and perform all the functions asked of them. Single-purpose, specialised firewalls simply can’t inspect the growing amount of encrypted traffic coming into an enterprise, while at the same time performing other functions and maintaining network performance for high capacity links.
It’s clear to large enterprises and even the firewall vendors themselves that something must be done to plug this SSL inspection gap. And so, began our journey…
Horizontal scaling in the data centre
With our roots in software-defined networking (SDN), Corsa started to look for a solution to the SSL inspection gap by turning to the data centre for inspiration.
Data centres faced even larger exponential growth in traffic and needed to transform from deploying ever larger hardware appliances, one at a time, to keep up. The innovation came when they decided to distribute the load between multiple systems rather than trying to build an ever bigger, single system. They moved from vertical scaling (adding a new piece of equipment for every new challenge) to horizontal scaling (service chaining using a software-defined approach).
Today, scaling out so the application is load balanced between as many servers as needed is the norm. It would be impossible to build a web scale application, like Facebook or Twitter for example, on a single server.
The industry’s solution to web applications demonstrated the possibilities of horizontal scaling. The same needs to be done for network security. There are a few factors which made this approach possible for web apps and are now ripe for the picking for network security:
Innovation in load balancing technologies which allows for distributing the load between multiple systems.
The commoditisation of general-purpose servers. Over the last decade server technology has become very cost effective and it’s now economical to buy more general purpose x86 CPUs for your applications as needed.
Improvements in virtualisation and cloud technologies. These allow you to use your server resources a lot more efficiently when multiple applications are able to run on the same physical infrastructure.
The need for turnkey virtualisation
While service chaining is a powerful solution to address the SSL inspection gap, there is always complexity when you virtualise. Hyper converged infrastructure (HCI) came into play to remedy that for storage so we looked at something similar for network security.
The challenge for virtualisation comes with the integration of the various platform components, then into the network security ecosystem, and then into the network. This is the final puzzle piece: turnkey virtualisation.
The platform needs to be pre-configured, with the ability to add capacity and services quickly and easily. If it’s not turnkey it’s just moving the complication and expense into another area of the organisation. It would be like offering a consumer a ‘build-your-own’ phone kit. You supply the parts and software, and the consumer has to build their own cell phone from scratch. With turnkey virtualisation, it’s like giving the consumer a fully enabled phone where they can customise their experience by adding the apps they want, when they want.
This is what we’ve done with the Corsa Red Armor platform. The firewall functions are overlays, in the same way that a mobile application becomes an overlay to a handset’s operating system. When new inspection capacity or security posture is required, a virtual NGFW or any other virtual security service can be added, just as one would add applications to any mobile OS. It’s simply a matter of ordering more inspection capacity as needed, rather than having to build and deploy more physical appliances, and as a result you get far better TCO.
Freeing up network security teams to focus on policy
When this is done right, network security teams can focus on security policy instead of spending their time struggling to predict network traffic needs or scope required hardware. Instead, just like managing cloud storage, users can spin virtual network security machines up and down at the click of a mouse. Moving away from single-purpose, dedicated hardware is key to building a network security solution which can process all the necessary encrypted traffic in a cost-effective way.
That’s been our journey to turnkey network security virtualisation at Corsa Security so far… but, it’s only just the beginning. Today, we offer a service that scales virtual firewalls from Fortinet and Palo Alto Networks for complete SSL/TLS visibility but it doesn’t need to stop there. We have plans to evolve our service to certify other security vendors and other security functions, such as IDS, IPS, and web proxy. Let us help you on your journey to scale network security.
To discover more about security virtualisation, why not register your interest for Digital Transformation EXPO Manchester!