Scaling Network Security
Table of Contents
RIP, the Moat
4
The New Network Security Requirements
8
The Scaled Network Security Architecture
11
Summary
15
About the Analyst
16
About Securosis
17
Securosis — Scaling Network Security
"3
RIP, the Moat
Young people today laugh at folks with a couple decades of experience when they rue about the
good old days, when networks snaked along the floors of offices (shout out for Thicknet!), and
trusted users were on the corporate network, while untrusted users were not.
Suffice it to say the past 25 years have seen some rapid
changes to technology infrastructure. First of all, in a lot
of cases, there aren’t even any wires. That’s kind of a
shocking concept to a former network admin who fixed
a majority of problems by swapping out patch cords. On
the plus side, with the advent of wireless and
widespread network access, you can troubleshoot your
network from the other side of the world.
We’ve also seen continuing insatiable demand for
Network security solutions still
need to inspect and enforce
policies, regardless of how fast
the network gets. Looking for
attack patterns on today’s
networks requires an entirely
different amount of computing
power than it did in the old
days.
network bandwidth. Networks grow to address that
demand every year, which stresses our ability to protect
them. But network security solutions still need to inspect and enforce policies, regardless of how fast
the network gets. Looking for attack patterns on today’s networks requires an entirely different
amount of computing power than it did in the old days. So an essential requirement is to ensure that
your network security controls can keep pace with network bandwidth, which may be Mission:
Impossible. Something has to give at some point to keep the network secure.
In this “Scaling Network Security” paper, we will look at where secure networking started and why it
needs to change. We’ll present requirements for today’s networks which will take you into the future.
Finally we will wrap up with some architectural constructs we believe can help scale up your network
security controls.
The Moat
Let’s take a quick tour through the past 20 years of network security. We appreciate the digression
— we old network security folks get a bit nostalgic thinking about how far we’ve come. Back in the
day, a modern network security industry started with a firewall to provide access control. Then a
seemingly never-ending set of additional capabilities were introduced in the decades since.
Next was network Intrusion Detection Systems (IDS), which looked for attacks on the network.
Rather than die IDS morphed into IPS (Intrusion Prevention Systems) by adding the ability to block
attacks based on policy. We also saw a wave of application-oriented capabilities in the form of
Securosis — Scaling Network Security
"4
Please complete the form to gain access to this content
