Lessons Learned from Government
Vaas: Im sure McAfees been working with government agencies and military, moving to 10g networks. What can you tell us about any lessons learned there? What can we come away with? Marcus: I think what youll start seeing over the course of the next few years is much more stuff on the network going toward appliances and away from things that run through an operating system. Thats definitely a lesson learned. When you deploy something on the network, more and more theyre becoming appliance-based, so they dont have a lot of overhead. The problem with running a security application through a regular operating system is you incur all the processing byte of whatever the operating system its running is. More and more, we see people looking to create things that are very appliance-based, because you get such an increase in performance. And thats been a big lesson learned: run more stuff on the network on appliances.Marcus: Yeah, absolutely, because you definitely avoid a lot of problems when you run things in a very custom-built appliance mode. You can burn things into the hardware so you dont incur the processing cost, and that definitely is a big benefit. Vaas: Is there any other benefit to going to appliance, besides performance? Off by itself, it really doesnt have a lot of interaction. Marcus: Not necessarily. It definitely makes it a lot more difficult to attack the device, too. When youre running something thats an appliance-base or something thats an inline device thats kind of doing silent analysis on the wire, it makes it essentially invisible or at least a lot more difficult to attack directly. Thats always a benefit. When your security technology is a lot harder to identify, its always better that it cant get attacked. Vaas: Lets talk about the move to an appliance or to 10g networks in general. What should companies be thinking about as they prepare for that kind of a move? Marcus: Well, they should definitely be thinking about what is the speed of their application, how much data are they actually moving across their wires and then making sure that the countermeasures that theyre going to implement can successfully deal with that new speed, because you certainly dont need your intrusion prevention device, or your firewall, or your e-mail server or anything like that to be the bottleneck, to not be able to analyze the new traffic correctly. Its going to cause it to bottleneck, drop traffic, drop mail and we certainly dont need that. Vaas: Do you have a list of questions people should be posing to vendors as theyre contemplating the switchover? Marcus: Well, the same types of questions from when they went from a 10/100 network to a 1-gig network - are you running an application, are you running in appliance mode, do you have the ability to do decodes at 10 gigs, are you introducing any latency, if so, how much latency are you introducing. Those are probably some of the biggest questions that weve learned over the years; make sure your security technology is as invisible on the wire as possible, and its able to keep up with the wire speed. Dont inject any latency. Or if youre going to inject latency, make sure its as little as possible. Vaas: What are some good benchmarks out there? Marcus: Its really hard to say at this point, because not enough companies really have been running 10gs long enough for us to know what benchmarks are. But once again, it comes down to the latency thing. For instance, http is a good way to test network latency. You have a device that can produce large amounts of Web traffic and, essentially, you have a reflector on the other end. So if it puts out 10, it should reflect 10. And if you put your security technology in the middle of it, whats the difference now that youve introduced the security technology. Those kinds of things are very easy to benchmark.
Next Page: Predictions for the Future.
Vaas: All right, definitely appliances. We have seen a lot more companies going into the appliance space for sure.