Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security Industry Working Group Forming

If you're a Network Administrator or vendor, I'm sure you will benefit from an "apples to apples" comparison of test data on how effective your network security systems operate. To that end, a new consortium is being formed to develop an industry-standard test suite to achieve that goal. What does this all mean to you?

Next Generation Firewalls (NGFW) and Unified Threat Management (UTM) systems have advanced in sophistication since achieving market acceptance during the first decade of 2000. A UTM device is a comprehensive network security product, which is used as a primary gateway networking and defense solution for organizations. UTM is the evolution of the traditional firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance: network firewalling, network intrusion prevention system, anti-spyware protection, gateway antivirus (GAV), gateway anti-spam, VPN, website content filtering, load balancing and on-appliance reporting.

NGFW technology builds upon UTM, adding application awareness to detect application-specific attacks and enforce application-specific granular security policies, both inbound and outbound. Security policies can be used to increase or decrease the priority of certain flows of traffic, block traffic and record its use for auditing.

A key differentiation between the traditional firewall and the new breed of UTM and NGFW devices is the advent of deep packet inspection (DPI). DPI will identify and halt flows of network traffic containing malware and/or to classify traffic flows into application specific categories. Examples of applications are Skype, peer-to-peer (P2P), web surfing, database transfers, streaming video, etc.

The newer generation of firewall technology which implements DPI must examine every bit of every byte of every packet in order to effectively classify application traffic and detect malware, which is attempting to enter the protected network.  This results in a significant increase on processor load. All network device vendors provide data sheets which state performance and capabilities of their products. However, these data sheets commonly offer best case, ideal scenarios under which the vendors derive their performance numbers. Due to the increased processing requirements associated with performing DPI for a network packet, a substantial performance impact can be experienced.

Testing has shown up to a 90 percent decrease in traffic throughput can be observed due to the added requirements of examining all 1,514 bytes of a packet rather than the traditional ten bytes. For example, a device that can pass traffic at 100 Mbps while performing traditional firewall operations can slow down to approximately 10 Mbps when DPI is enabled.

To address the requirements associated with DPI performance testing and to "level the playing field," EEMBC, a leading benchmark consortium and an expanding group of companies recently formed a DPIBench Working Group to collaborate and formalize the DPIBench testing methodologies.  Companies that will benefit from this association include Cisco, Juniper, IBM, Checkpoint, MacAfee, Alcatel-Lucent and others. Members have yet to finalize test conditions and the Working Group is encouraging other voices to be heard in developing this industry standard benchmark suite. What is needed for further DPIBench development is consensus on final issues of test setup and agreement on common test and certification procedures.

The end goal is to provide consumers of networking security technologies objective test data so they can make an informed decision when selecting a solution from the myriad of vendor offerings.

The next meeting of the Working Group for DPIBench will be hosted by Cavium Networks in Mountain View, on August 19th.  If you find new network security benchmark testing interesting, you might want to participate in this industry-setting discussion