skip to main content

News

Rsa Snortb

SNORT++ IDS/IPS Hyper Acceleration at RSA 2019

Posted on March 01, 2019

Belfast, UK, March 1st 2019 - Titan IC, the company behind the Regular Expression Processor (RXP), the world-leading solution for licensed IP for accelerated security analytics and threat detection, today announced that it is working to add support for its hardware accelerated regex scanning to SNORT 3.0 (Snort ++) and will be showcasing the latest enhancements to RXP at the 2019 RSA Conference in San Francisco on booth 6561 in the North Expo Hall.

A leading player in the field of security analytics, Titan IC’s core RXP technology has been licensed to many tier-one semiconductor and cyber security companies for the detection of cyber threats on high speed networks and for the parsing of vast log file farms. Titan IC’s R&D team has already completed many of the tasks that will result in RXP’s ability to dramatically accelerate the newest Snort 3.0 (Snort++) IDS/IPS software by Cisco, which just entered public beta. Working closely with the Snort 3 developers, the Titan team is working to utilize the new multithreading and asynchronous support to finally allow standard SNORT to take better advantage of hardware accelerators like the ones supplied by Titan IC. However, great care is being taken to ensure that the new functionality is as generic as possible so that other accelerators can be accommodated or future RXP updates can be more easily integrated.

Snort has become the standard for IPS with over 6 million downloads and, according to snort.org, it is the most widely deployed intrusion prevention system in the world. The Snort engine also powers many of the leading Next Generation IPS and Next Generation Firewalls in production today, and its rule syntax format is the standard for how network behavior is discovered and exchanged.

Noel McKenna, Chief Executive Officer at Titan IC said, “Titan IC is committed to working with Cisco and the Open Source Snort community to enable significant enhancements to Snort. With the changes we have already made, it bodes well for the final GA of the Snort 3.0 release and for even more enhancements in future revisions. The work we are doing also maps well to other highly sophisticated Intrusion Prevention, Web Security, Data Leakage Protection and Lawful Intercept product families.”

Real Performance Benefits – A Double Helping – Both CPU Offload and Acceleration

Real world benchmarks show that up to 80% of Snort's compute power is actually dedicated to content inspection. By incorporating Titan IC’s RXP, a massively parallel hardware RegEx search accelerator, Snort will be able to reach new levels of performance, all while offloading the main ARM or x86 processors to do other more important tasks. With the ability to almost completely offload all the scanning overhead, performance boosts of 4–5X are not unheard of – plus some cybersecurity experts are already salivating at the ability to run more complex PCRE style regex rules as fast patterns at wire speeds.

Wide Availability of RXP IP – ASIC/SoC, FPGA and Cloud

Titan IC’s RXP technology is ideally suited to ASIC/SoC implementations and our IP is often chosen to complement and offload multi-core ARM based processor complexes in SmartNICs or in dedicated security appliances. Performance of 100G can be achieved in under 20mm2at 16nm and in under 5W of extra power. This is in contrast to the significant power budget of 100+Watts required for just the content scanning work as soon as an Intel Xeon enters the equation.

RXP has also been ported to support a wide range of FGPAs and adapter boards - including the Xilinx Virtex® UltraScale+™ VU9P and VU13P chips and the new Xilinx Alveo™ U200 and U250 board solutions – Titan IC also sells a family of Hyperion PCIe Adapters supporting 20 to 100G of performance.

Lastly, RXP is also available in the Cloud and has been deployed as part of the Amazon Elastic Cloud. Customers can choose a "pay as you go" model using the Amazon AWS EC2 F1 instance for content inspection acceleration in a Cloud/Datacenter environment. Security vendors with appliance offerings like the ability to use the exact same rules and APIs in the Cloud to accelerate the scanning function, again freeing scarce host resources. The F1 instance is also ideally suited for high speed database or log file analysis.

100G Live Demo

A live demo of RXP’s 100Gbps Network Threat Detection capabilities can be seen at the RSA Conference, 4 – 7th March 2019 on Titan IC’s booth 6561, North Expo, Moscone Center, San Francisco.