Broadcom today introduced its newest Trident chip targeting advanced enterprise network security by taking advantage of a surprisingly basic security principle: to fully secure the network, looking at all its traffic.
The Trident 4-X11C chip is “all about security in the enterprise,” Broadcom Director of Product Marketing Fred Olsson told SDxCentral. “Cybersecurity is kind of the thing here,” he said, noting contrast between the chipmaker’s newest chip, its Tomahawk family for data center use cases, and its Jericho line for service providers.
“The reason we do the three different lines is because the requirements are quite a bit different in these three markets,” Olsson said. Enterprises are usually most focused on security while hyperscalers’ biggest concerns are speed and latency, and service providers tend to focus on service delays and service level agreements (SLAs) for customers.
The new Trident chip, which boasts 12.8 terabits per second (Tbps) of switching capacity, provides enterprises enhanced security that’s built specifically for the core layer of corporate networks. “The main thing here is that it has a new way to do real-time monitoring of individual connections or flows that pass through the switch,” Olsson explained.
In this way, the chip provides fingerprinting capability and probes necessary for artificial intelligence (AI) and machine learning based servers to perform threat detection and response. “Whenever there’s a threat, identify the threat and respond to the threat very quickly. That’s what this chip is all about,” he said.
Trident 4-X11C is designed for compatibility with both pizza box and chassis setups, Olsson said, and it’s currently shipping, “running in the lab, [and] undergoing testing,” which he noted is “looking good.”
Simplicity Can Be Tricky
During the last few decades, firewall equipment reigned as a major protection against outside attacks that use the internet to hack into corporate networks. As a result, there was a lot of effort channeled toward increasingly advanced filtering tools for the boundary between an internal corporate network and the internet.
And while “that’s still super important” and remains “a very critical piece of hardware,” firewalls alone don’t quite cut it anymore, according to Olsson.
A good deal of threats aren’t coming externally from the internet, but from inside. Take an infected employee laptop, for example. “You connect to your corporate network when you go to work, and that virus can spread from inside the network,” he said, adding employees could also breach the network in similar ways for malicious rather than unintentional reasons.
The insufficiency of using firewall network protections alone isn’t a new idea, Olsson added, and many enterprises have begun placing probes inside the network in addition to external policing.
But there’s still a lingering issue he described as a lack of bandwidth. A corporate network’s internet access is usually one gigabit per second in terms of speed, which is much smaller than the bandwidth running inside the network itself. “These core network tends to be many terabits per second of bandwidth. So the bandwidth is so much higher inside the network than the small fraction that actually goes out to the internet,” he explained.
The fairly standardized enterprise response to this problem is analyzing a small sample of the sometimes thousands of packets traveling on the network to identify the type of traffic going through it.
This means, however, that enterprises are only seeing a tiny fraction of all the network’s traffic. “It’s better than nothing, but clearly it’s not great, right? You can imagine why,” Olsson said. But when enterprises can analyze every packet on the network and map the connection it’s on, more granular threat analysis becomes possible.
The Trident 4-X11C chip boasts increased performance that allows for connection level monitoring at both the network edge and core. “We can actually see all the traffic going through the core, and we can make better predictions because threats may not originate only on one switch at the edge here. It may actually be distributed, coming from multiple switches at the edge,” Olsson said.
“In addition to the speed increase, there’s also corresponding scale increase in the number of flows that you can keep track of, which are now in the middle of the network. So both of these are increased about five times in different dimensions,” he explained.
While this solution seems relatively simple, it “turns out this is actually pretty hard to do,” he added. “You have billions and billions of these packets every second coming through. And to do that kind of inspection on such [an] amount of traffic is tricky.”
But because this chip allows enterprises to see the entire network and not just a small slice of it, “there [are] strong benefits in pushing this analytics from the edge into the core — if you can make it fast enough,” Olsson said.
"network" - Google News
September 07, 2022 at 12:00AM
https://ift.tt/pbGxj1q
Broadcom Trident 4 Silicon Pushes Enterprise Network Security - SDxCentral
"network" - Google News
https://ift.tt/Tv6FYQc
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
No comments:
Post a Comment