Ron,
Thank you for the commendation but a slight correction. iPolicy's ipEnforcer is
a purpose built hardware platform which uses a combination of Network
Processors (14 to be precise), multiple General purpose processors, Multiple
programmable encryption/decryption and IKE processors, and multiple FPGAs. It
does not use ASICs. It can support Fast/Gig Ethernet to OC48 (5 Gbps)
interfaces in full duplex mode to run up to seven different security
applications (IDS, IPS/DDoS blocking, Firewall, VPN, URL Screening,
Surveillance etc) simultaneously at wire speed.
Although the current debate ASIC-based vs. Software based is a very valid
debate in the industry, technology has evolved to a degree that you can get the
best of both worlds i.e. software flexibility and performance by going the
network processor route without using an ASIC. In fact, we believe that using
ASICs can seriously limit extensibility of applications and performance.
Further, given the increasing tooling cost and elapsed time to achieve reliable
ASICs in production volume, our experience would suggest avoiding ASICs
whenever possible. There are multiple key technology providers in the
networking space that eliminates the need for ASIC even if one needs highest
performance. These chip vendors have built purpose built chips to accelerate
networking functions while keeping software programmability and flexibility.
Pankaj Parekh
Founder, CTO
iPolicy Networks
-----Original Message-----
From: Ron Gula [mailto:rgula_at_tenablesecurity.com]
Sent: Wednesday, August 27, 2003 5:33 AM
To: focus-ids_at_securityfocus.com
Subject: Re: ASIC-based vs. Software-based Security Platform
Of course,
Look at companies like IPolicy. They make extensive use of ASICs and FPGAs,
but have a completely flexible underlying architecture for updating how they
do network flow reconstruction, IDS, firewall, etc.
Ron Gula
At 01:49 AM 8/27/2003 -0700, Shaiful wrote:
>Hi guys,
>
>Can we have the best of both worlds?
>
>With the emergence of network processors and the FPGA
>like devices that you can buy off-the-shelf, I think
>it is a very promising direction.
>
>Pls refer to the following links:
>
>Intel's Network Processor IXP family:
>http://www.intel.com/design/network/products/npfamily/
>
>Altera's Nios development kit
>http://www.altera.com/products/devkits/altera/kit-nios.html
>
>Tarari's content inspections processor
>http://www.tarari.com/index2.html
>
>Regards,
>Shaiful
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the worlds premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6
Visit: www.blackhat.com
---------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
---------------------------------------------------------------------------
Captus Networks IPS 4000
Intrusion Prevention and Traffic Shaping Technology to:
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Precisely Define and Implement Network Security & Performance Policies
FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Received on Oct 02 2003
Intro
