With ever-increasing volumes of data travelling at ever faster speeds across networks and into the cloud, the challenges for Cybersecurity professionals are increasing daily. Cyberattacks are becoming increasingly sophisticated and the repercussions for those affected both in terms of financial loss and reputational damage are more than significant. Every day we hear of new compromises or breaches of security – often involving millions of accounts.
Against this backdrop, Titan IC’s RXP processor technology offers wire-speed, hardware-accelerated anti-malware search capabilities enabling the detection of threats, intrusions and malicious content in real-time. This acceleration brings benefits to many cyber security applications, particularly those developing Cloud or Enterprise-based SmartNICs, Cloud security applications, Amazon EC2 F1 instances, FPGA Accelerators, Cybersecurity/IPS/Firewall appliances, Network security/communications processors or ARM/RISC-V based SoCs. Our RXP engines are very flexible and can be configured to support a wide range of performance – from 10Gbps to 200Gbps+ thus ensuring future-proofed, resilient and real-time security processing.
Intrusion Detection & Prevention Systems (IPS/IDS)
RXP provides acceleration for industry leading Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) offerings based on customers' own proprietary applications or using open source software such as SNORT and Suricata. IDS/IPS systems that seek to prevent breaches by comparing all network packets to a database of known cyber threats or threat signatures can benefit greatly by offloading burdensome tasks to the RXP. Real world benchmarks show that up to 80% of the compute power of most modern IDS/IPS systems are dedicated to content inspection, leaving few CPU resources available for other tasks. As a hardware RegEx search accelerator, RXP offloads the main ARM, RISC-V or x86 processor cores, freeing up critical resources and providing significant performance boosts for the heavy scanning part of the load typically between 20X to 40X.
RXP is a proven accelerator for the detection of malware, worms or data leaks as well as any violations of security policy and can flag any suspicious activity for further analysis. It delivers this powerful hardware accelerated RegEx scanning using complex PCRE rules at dramatically accelerated speeds of 10Gbps to 200Gbps+.
Data Leakage Prevention (DLP)
RXP technology can also help prevent data leakage. On an intrusion prevention system, the primary concern is preventing incoming intrusions, whereas a DLP system specializes in looking for important and confidential data leaving the corporation. This may be caused by a yet to be discovered breach on a database server or even a rogue employee sending customer data to be used by competitors.
RXP can be programmed to undertake complex searches including detection of social security card data using sophisticated perl compatible regex (PCRE) language. Codenames and documents marked as confidential can also be detected very easily using RXP.
Next Generation Firewalls (NGFW) & Web Application Firewalls (WAF)
Today’s Next-generation firewalls offer a range of enhanced features over and above the stateful inspection of network traffic. These include processor-intensive functionality such as integrated intrusion detection and prevention, application recognition and network identification.
By offloading these tasks from the host CPU, RXP accelerates the deep packet inspection, content processing and pattern matching processes utilized by both next-generation firewalls and web-application firewalls to prevent worms, spyware or viruses from entering your network.
URL, Spam & Adware Filtering
Today as more and more mobile, cellphone and tablet devices are deployed, we really need the help of more sophisticated equipment to track and assess sites that may have 'drive-by' downloads of malware infesting them. We need the ability to filter out unwanted content often provided by obfuscated short links (i.e. bit.ly links).
Spam Filtering - RXP complements existing Spam filters by enabling very high capacity classification of email data into spam and ham indexes. By supporting word stemming using complex PCRE language constructs – the usual gamut of “FREE” offers and various scams can be more easily detected.
Adware Filtering - The growth in number of internet adverts is already sapping the efficiency of workers and we are now seeing an increase in malicious adverts that infect computers and redirect searches to their own servers. This can be an opening to bias purchases towards their selected products, or worse, can be used to hijack computers ad steal confidential information or user identities.
Web sites infected via Google or other adverts may be replaced by malicious ones. A single infected advert can appear on many web sites and can bypass the normal safety practices put in place by webmasters since they are delivered from a separate ad server.
RXP technology can be incorporated into systems that can quickly identify web browser hijack or malicious adware. Its ability to handle very high throughputs at low latencies enables web site users to enjoy more secure web experiences.
Multi-Access Edge Compute / Mobile Edge Compute
MEC (Mobile Edge Computing or Multi-access Edge Computing) is an essential component of emerging 5G networks. Sending data all the way back to the cloud data center can add unacceptable latencies and network congestion that would break or cripple some applications. By facilitating the deployment of compute and storage resources closer to the subscriber’s point of attachment to the network, MEC eases pressure on the backhaul network and reduces congestion and network delays thereby facilitating new 5G applications such as large-scale mobile broadband and resilient low latency communication.
Many devices such as battery-driven cell phones and IoT devices don’t have the capacity to handle the required computation hence the increased interest in “Edge data centers”. These Edge devices are often far less powerful than host processors and RXP technology can offload the computational work when more detailed packet analysis is required, supporting both shallow and deep packet inspection.
Deep Packet and Deep Flow Inspection (DPI/DFI) for 5G is used within the context of MEC to understand the IP traffic content (from 5G nodes) in order to:
- identify legitimate mobile users and devices,
- recognize applications and manage IP traffic flow based on QoS requirements (low latency, high or privileged bandwidth, etc.) of applications, such as voice/video services, streaming services, online gaming etc.
- protect MEC from external attacks, such as DDoS, network intrusions and traffic with malicious or unwanted content
Standard regular expression notation is already in use within the wider industry to define rules for IP traffic content inspection, decoupling security rules and polices from physical platforms. Now with the advent of DPI/DFI for 5G, RXP can be used to execute most of the widely used standard regular expression based rules sets for traffic management and network security related traffic signatures, enabling companies to take advantage of the processor’s massive performance while using well-established and legacy rule-sets.
In the fight against cybercrime worldwide, many countries engage in the lawful interception of network communications for the detection of criminal, terrorist or other malicious activity.
RXP is a key element in many Lawful Intercept solutions for Government intelligence agencies worldwide, enabling the hardware-accelerated search and analytics of high-speed data. RXP’s ability to perform massively parallel complex pattern matching at wire speed and beyond makes it an ideal accelerator for lawful interception solution development.
Another key weapon in the fight against the increasing number and sophistication of cyberattacks is the use of security analytics. By accelerating logfile and security analytics, RXP enables much faster detection of threats. Logfiles can be processed at up to 90TB/hour providing a key competitive advantage to your cybersecurity solution, be it an appliance, processor or other.