SOLARFLARE OPENS MARKET FOR 10 MILLION FIREWALLS PER YEAR WITH WORLD’S FIRST NIC-BASED HARDWARE SERVER FIREWALL
SolarSecure: a platform for security micro segmentation and machine learning
BLACK HAT USA, LAS VEGAS—July 25, 2017 —Solarflare, a pioneer in the development of neural-class networks, today introduced a NIC-based platform for security “inside” the data center where 90% of all IP traffic exists. Proven by hyperscale cloud service providers with millions of servers, Solarflare is transforming the enterprise server security market based on appliances and FPGAs and NPUs costing thousands of dollars, into a 10 million server per year market leveraging security that is “just there” on every standard NIC costing less than $300. Available September 1, 2017, SolarSecure® can be enabled concurrently with ethernet NIC, acceleration, monitoring and capture solutions in a Solarflare XtremeScale™ Smart NIC fabric.
The foundation of SolarSecure is innovative Solarflare chip hardware with the power to inspect packets at line-speed, and which cannot be breached with root access to a software application or operating platform.
Deployed as a fully featured firewall platform, SolarSecure provides integrated packet surveillance, filtering, and server cloaking. The high-speed chip hardware solution is tamper-resistant, scales-out with every server, and allows micro segmentation down to virtual machines or microservice workloads for fine-grain security policy management.
SolarSecure is also a platform for machine learning. The software defined SolarSecure NIC hardware and applications maintain surveillance of every packet which allows SolarSecure to provide network flow analytics with application granularity, and to feed data lakes with the massive volumes of the right traffic data needed for effective big data security analytics.
Trading Technologies and CDL are two managed service providers integrating SolarSecure hardware technology into their service platforms.
Trading Technologies makes the tools which the world’s premier traders trust to maintain their edge, and their TT® Platform is a next-generation trading framework that allows trading anywhere—on virtually any device.
“The whole challenge in providing a low-latency trading platform is to make the infrastructure as thin as possible, said Dan Feldman, vice president of systems and network engineering at Trading Technologies. “Adding firewall appliances adds hops and latency. By placing a Smart NIC with SolarSecure in line with the transactions, we eliminate hops and deliver a similar security narrative.”
CDL provides a managed security solution scaled for the enterprise providing server cloaking and packet capture everywhere solutions for compliance, risk mitigation, security and forensic preservation by securing packets within data lakes in the cloud.
“Our business is modernizing data security for scale-out environments,” said Mark Schreiber, General Manager at CDL. “With software defined network processing on every server, SolarSecure provides both the granularity and scalability we need in a security platform to cloak data lakes from prying eyes.”
SolarSecure: A platform for security micro segmentation and machine learning
SolarSecure represents a trend which will soon be a best practice for Enterprise IT: micro segmentation of security policies down to a VM or container microservice workload, combined with NIC-based security services which can be delivered on a per-VM or per-microservice basis.
SolarSecure solutions are made possible by the XtremePacket™ Engine inside of every plug-and-play Solarflare XtremeScale™ 8000 Series NIC, which can inspect every packet at line-speed and with no loss of performance. Solarflare has also published a rich set of traffic engineering APIs for Solarflare and third-party security application developers.
The portfolio of SolarSecure security services is shipped with every XtremeScale™ 8000 Series Solarflare NIC. Using the SolarSecure Manager, security policies can be micro segmented, packet surveillance can be initiated, and firewalls can be configured for each local TCP/IP address including learn and enforce modes, white listing or black listing; alerts, and cloaking a server by dropping packets.
With extensive information about traffic flows provided by the XtremePacket Engine, Solarflare provides a software defined machine learning platform for Solarflare and third-party security analytics applications. SolarSecure offers the unique ability to supply a security data lake with a rich set of data about 100% of the packet traffic in a data center using a low-power, low-cost, standard form-factor NIC. Security data scientists have access to the data and traffic engineering tools through open APIs.
According to Ahmet Houssein, Vice President of Marketing at Solarflare, “A new class of standard NICs which can inspect packets at line speed is making it possible for security to follow in the footsteps of networking, storage and databases--all of which migrated to distributed architectures that scale with each server, and all of which will incorporate machine learning for self-driving capabilities in the future.”
Hyperscale Model for Granular, Scalable Security Inside Every Server
With millions of servers inside their data centers, hyperscale cloud service providers need a security solution they can trust, that is affordable, and which can scale. The answer for major cloud service providers like Google is to instrument thousands of servers with their own security chips delivering line-speed packet inspection, that cannot be hacked with root access to the server OS, and which allow network engineers to define application-specific firewall policies down to a single server.
Google is publishing information about how they are instrumenting servers with security chips to offload servers from a variety of applications such as performance acceleration and security. In the Google Infrastructure Security Design Overview, the company says that both the server boards and the networking equipment are custom-designed by Google. Google also discloses they design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals. These chips allow Google to securely identify and authenticate legitimate Google devices at the hardware level.
Solarflare XtremeScale Architecture, Smart NIC Fabric and Software Defined NICs
The Smart NIC hardware and software deployed by hyperscale cloud service providers is proprietary. Solarflare has developed an XtremeScale Smart NIC platform which provides server-level granularity and scalability and is now commercially available. The platform consists of the: 1) XtremeScale Architecture—All new Solarflare chips, adapters and software are designed under an architecture designed for scalable and granular Ethernet traffic engineering, 2) XtremeScale Software Defined NICs—Join FPGAs and NPUs in the Smart NIC class of server adapters. The powerful, software defined products are the industry’s first Smart NICs with FPGA-like capabilities at the cost of a NIC, and 3) XtremeScale Smart NIC Fabric—Once XtremeScale NICs are installed, XtremeScale Fabric applications are available to provision performance, security and visibility applications tailored for specific workloads running on physical servers, VMs and container microservices.
Solarflare is pioneering server connectivity for neural-class networks. From silicon to firmware to software, Solarflare provides a comprehensive, integrated set of technologies for distributed, ultra-scale, software-defined datacenters.
The Solarflare XtremeScale Architecture is a design framework which includes a comprehensive suite of features for ultra-scale environments: High-bandwidth, ultra-low-latency, ultra-scale connectivity, software defined, secure with hardware firewalls, and instrumented for line-speed telemetry.
Solarflare solutions have earned a sterling reputation in financial services and are used by virtually every major global exchange, commercial bank and hedge fund. This exacting, regulated performance uniquely qualifies our solutions for use in ultra-scale applications in IoT, big data and artificial intelligence where low latency, robust security and insightful telemetrics are critical.
Solarflare solutions are available from leading distributors and value-added resellers, as well as from major global manufacturers. Solarflare is headquartered in Irvine, California, and operates R&D facilities in Cambridge, UK and New Delhi, India.
All product and company names herein may be trademarks of their registered owners.
Security Inside the Data Center Infographic
This infographic demonstrates the difference between the old ways of securing data centers with an emphasis on perimeter security, versus the new model with a firewall on every server.
Smart NIC Fabric Infographic
The infographic illustrates how an XtremeScale Smart NIC Fabric can be deployed to tailor acceleration, security, monitoring and packet capture for thousands of virtual NICs in a single server.
The image shows a topology of a data center environment with a firewall on every server.