skip to Main Content

Lancope accelerates security
performance by a factor 4

Case Study

THE NETWORK SECURITY CHALLENGE
In the age of reconfigurable computing, with data amounts constantly snowballing, security infrastructures are challenged to keep pace. Safeguarding networks against sophisticated attacks is a continuous cat-and-mouse game where the only rule is that there are no rules.

Many security solutions are created around assumptions on how attacks are structured in strictly-defined, deterministic approaches. Companies rely on firewall port-based analysis, antivirus, malware detection and IDS/IPS pattern-based analysis to protect against attacks, but these approaches can only prevent known threats.

The ever-ingenious hacker is constantly looking for new ways to circumvent these static defenses with Advanced Persistent Threats (APTs), insider threats and multi-faceted attacks that use a combination of DDoS, malware and zero-day attacks to breach defenses. So how can these threats be detected and prevented in real-time?

CHALLENGE 
Lancope has long been an advocate for a more holistic approach to network security that not only relies on static defenses, such as firewalls, anti-virus and IDS/IPS, but also makes active use of the vast amount of real-time information available from other devices and the network itself to get a real-time view.

By collecting and analyzing data flows in the network, Lancope detects abnormal behavior not picked up by signature-based defenses, enabling improved detection of a wide range of threats, as well as enhanced incident response and network forensics. The Lancope Stealthwatch FlowSensor plays a key role in this process by using a combination of Deep Packet Inspection (DPI) and behavioral analysis to identify applications and protocols across the network.

With increasing data traffic, speeds and complexity, however, Lancope needed to increase performance of the Stealthwatch FlowSensors. The challenge was to ensure that the proposed solution could be optimized using a Dell OEM standard server platform. Dell OEM and Lancope therefore selected a pre-integrated solution from Napatech and Rohde & Schwarz Cybersecurity for application acceleration and Deep Packet Inspection (DPI).

SOLUTION
Napatech’s FPGA SmartNICs enable appliance developers to stay one step ahead of the networks they need to manage and secure. With guaranteed delivery of network data for analysis, Napatech FPGA SmartNICs ensure that all the relevant data for effective analysis is provided in real-time, even at speeds beyond 100G.

Designed for open and standard servers, Napatech FPGA SmartNICs make optimal use of server CPU and memory architectures providing substantial acceleration for analysis applications including offload of critical data handling tasks.

R&S®PACE 2
The protocol and application classification engine R&S®PACE 2 from Rohde & Schwarz Cybersecurity performs dedicated deep packet inspection (DPI). It enables network equipment and security vendors to easily integrate recognition of layer 7 protocols and applications. The tool is ideal for identifying protocols and applications that use advanced obfuscation and encryption techniques to avoid detection.

R&S®PACE 2 is optimized for fast performance, efficient memory usage and classification reliability. It supports thousands of network protocols and applications, and frequent signature updates ensure ongoing reliable detection. Based on performance tests on real traffic data, it can accurately identify over 95% of network traffic, even at high speeds.

BENEFIT
By integrating Napatech FPGA SmartNICs and R&S®PACE 2, Lancope successfully accelerated the performance of Stealthwatch FlowSensors by a factor of 4, providing greater real-time insight into what is happening in the network. As Napatech FPGA SmartNICs are pre-integrated with R&S®PACE 2, Lancope and Dell OEM could quickly design and verify their new solution without the risk of incompatibility and resulting delays. As such, the combined solution ensured a fast time-to-market for Lancope.

ADDED BENEFIT

  • Rohde & Schwarz Cybersecurity provides continuous updates to ensure that the latest protocols and applications continue to be detected.
  • Napatech’s reconfigurable SmartNIC hardware and software is continually updated and new solutions can be seamlessly integrated.

Napatech 200G Compact Solution

As the market is transitioning to 100G, the need for reliable high-capacity data solutions is rapidly intensifying. To arm the industry, Napatech has engineered a state-of-the-art concept that enables smooth and cost-efficient migration from 10G to 100G.

The compact 2 x 100G SmartNIC provides full packet capture of network data at 100G with zero packet loss. It offers the distinguished trademark features from Napatech, but delivered in a compact design. This provides the industry with an adept and cost-efficient alternative for networks with emerging traffic load – and serves as a seamless steppingstone for advancing to 100G networks and beyond.

Back To Top