Imagine: Massively scalable multi-core security

Desktops and servers are being transformed by virtualization and multi-core CPUs, but that effect is a bit harder to see in security. Multi-core CPUs especially hold the possibility of completely transforming how and where we do security. One of the effects is to shift more of the security functions into the network. Another may be to radically change the software architecture within and across security appliances.

MORE ON SECURITY: US military learning cybersecurity lessons from businesses

To really grasp the implications we have to think a few generations of hardware ahead: not about a security appliance with four cores, but about one with 256, 1,024 or even 32,768 cores. It's a whole different ballgame.

A common feature promoted by vendors of certain security appliances is about "cracking the packet only once," then applying lots of security functions in parallel. The idea is that you can reduce latency by reducing the number of times the packet has to be copied and decoded by a protocol analyzer. This type of thinking reflects the training developers receive to operate in a CPU-constrained world. But multi-core changes all that, as eloquently described by Intel's James Reinders in a recent interview.

Programming in a multi-core environment forces developers to rethink traditional programming practices and optimize for data location rather than CPU cycles. In a multi-core world, "cracking the packet" and redoing all the protocol analysis, on each core in parallel, is more efficient than doing it once and then sharing the results among cores. That's because CPU cycles become abundant and the bottleneck shifts from computation to data replication between cores. In other words, if you need the results of a calculation, it is "cheaper" to recalculate it in every core than to shuttle a variable around.

Now, imagine a security appliance with thousands of cores and how it could be used to do computationally intensive security such as protocol analysis, pattern matching, heuristics, modeling, sandboxing (emulation), etc. Many of these functions have relied on ASICs or FPGAs and enormous R&D cost to customize hardware to the needs of specific security functions. But multi-core systems offer a different approach: simple commodity hardware with sophisticated parallel-processing software instead of simple software on custom hardware.

As in many other areas of security, the bad guys figured this out first. Using graphics chips (GPUs) instead of CPUs, hackers are able to crunch thousands of passwords, for example, by taking advantage of the GPUs' ability to do matrix and vector manipulation at extreme speeds. Turns out that the mathematics of ray-tracing or perspective-shifting that are used in games are remarkably similar to the math used in cryptography and hash functions like AES and SHA. So the bad guys use graphics chips to make password-cracking supercomputers.

A network of multi-core security appliances would not only have abundant processing capability to do computationally expensive tasks, but it would also leave a lot of spare capacity "out of hours" that will go to waste. That is, unless we take a page from cloud computing, virtualization and spare-cycle scavenging projects like SETI@Home. The security appliance of the future could be switching workloads (security VMotion, anyone?), acting as a pool of resources for security. Pattern matching IDS sigs in the daytime, then crunching logs and doing correlation perhaps during the night.

A massively scalable multi-core future is coming and it will transform security just like it has data centers, desktops and business intelligence/analytics. What would you do with a 32k-core security device?

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitymulti-coreintel

More about AES EnvironmentalETIIntelLANMotionSETI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andreas M. Antonopoulos

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts