IDS mailing list archives
RE: ASIC-based vs. Software-based Security Platform
From: Pankaj Parekh <psparekh () yahoo com>
Date: Tue, 30 Sep 2003 15:56:49 -0700 (PDT)
Ron, Thank you for the commendation but a slight correction. iPolicy's ipEnforcer is a purpose built hardware platform which uses a combination of Network Processors (14 to be precise), multiple General purpose processors, Multiple programmable encryption/decryption and IKE processors, and multiple FPGAs. It does not use ASICs. It can support Fast/Gig Ethernet to OC48 (5 Gbps) interfaces in full duplex mode to run up to seven different security applications (IDS, IPS/DDoS blocking, Firewall, VPN, URL Screening, Surveillance etc) simultaneously at wire speed. Although the current debate ASIC-based vs. Software based is a very valid debate in the industry, technology has evolved to a degree that you can get the best of both worlds i.e. software flexibility and performance by going the network processor route without using an ASIC. In fact, we believe that using ASICs can seriously limit extensibility of applications and performance. Further, given the increasing tooling cost and elapsed time to achieve reliable ASICs in production volume, our experience would suggest avoiding ASICs whenever possible. There are multiple key technology providers in the networking space that eliminates the need for ASIC even if one needs highest performance. These chip vendors have built purpose built chips to accelerate networking functions while keeping software programmability and flexibility. Pankaj Parekh Founder, CTO iPolicy Networks -----Original Message----- From: Ron Gula [mailto:rgula () tenablesecurity com] Sent: Wednesday, August 27, 2003 5:33 AM To: focus-ids () securityfocus com Subject: Re: ASIC-based vs. Software-based Security Platform Of course, Look at companies like IPolicy. They make extensive use of ASICs and FPGAs, but have a completely flexible underlying architecture for updating how they do network flow reconstruction, IDS, firewall, etc. Ron Gula At 01:49 AM 8/27/2003 -0700, Shaiful wrote:
Hi guys, Can we have the best of both worlds? With the emergence of network processors and the FPGA like devices that you can buy off-the-shelf, I think it is a very promising direction. Pls refer to the following links: Intel's Network Processor IXP family: http://www.intel.com/design/network/products/npfamily/ Altera's Nios development kit http://www.altera.com/products/devkits/altera/kit-nios.html Tarari's content inspections processor http://www.tarari.com/index2.html Regards, Shaiful
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com --------------------------------------------------------------------------- __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------------- Captus Networks IPS 4000 Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance Policies FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101 ---------------------------------------------------------------------------
Current thread:
- RE: ASIC-based vs. Software-based Security Platform Pankaj Parekh (Oct 02)