Scaling Network Security

Young people today laugh at folks with a couple decades of experience when they rue about the good old days, when networks snaked along the floors of offices, and trusted users were on the corporate network, while untrusted users were not.

Suffice it to say the past 25 years have seen some rapid changes to technology infrastructure. First of all, in a lot of cases, there aren’t even any wires. That’s kind of a shocking concept to a former network admin who fixed a majority of problems by swapping out patch cords. On the plus side, with the advent of wireless and widespread network access, you can troubleshoot your network from the other side of the world.

We’ve also seen continuing insatiable demand for network bandwidth. Networks grow to address that demand every year, which stresses our ability to protect them. But network security solutions still need to inspect and enforce policies, regardless of how fast the network gets. Looking for attack patterns on today’s networks requires an entirely different amount of computing power than it did in the old days. So an essential requirement is to ensure that your network security controls can keep pace with network bandwidth, which may be Mission: Impossible. Something has to give at some point to keep the network secure.

In this “Scaling Network Security” paper, we will look at where secure networking started and why it needs to change. We’ll present requirements for today’s networks which will take you into the future. Finally we will wrap up with some architectural constructs we believe can help scale up your network security controls.