ASIC-Based Box Safeguards Web Servers

Designed to prevent attackers from ever getting a shot at Web servers, tool relies on the largest security ASIC ever built, say officials at NetContinuum Inc.

NetContinuum Inc., a Santa Clara, Calif., startup, on Monday will unveil its flagship product, an ASIC-based Web security appliance designed to prevent attackers from ever getting a shot at customers Web servers.

The new appliance, known as the NC-1000 Web Security Gateway, sits behind the corporate firewall and acts as a reverse proxy. It terminates all of the incoming TCP sessions and then proxies them to the Web and application servers. All traffic into and out of the Web server is encrypted via SSL (secure socket layer).

The NC-1000 relies on what company officials say is the largest security ASIC (application specific integrated circuit) ever built, the Continuum Security Processor. The chip holds more than 64 million transistors and is capable of handling on-chip TCP session termination and SSL (secure socket layer) encryption. It can process as many as 6,000 simultaneous SSL transactions per second, company officials said.

"All of the security functions are performed at the same time, which is something that you can only do on an ASIC," said Wes Wasson, vice president of marketing at NetContinuum. "It would be far too slow to do that in software."

The appliances design and position in the network enable it to prevent attackers from gathering any information about a companys Web servers. Because all of the TCP sessions terminate at the NC-1000, scan attempts—which are designed to discover the servers operating system, Web server software and other data—never reach the Web server.

And, the NC-1000 also prevents network attacks such as distributed denial-of-service attacks.

The appliance also keeps a single, encrypted transaction log thats time-stamped to prevent attackers from erasing their tracks.

The NC-1000 is available starting next week with pricing beginning at $28,000.