News Stay informed about the latest enterprise technology news and product updates.

Extreme puts threat mitigation in the core

Extreme Networks says its new security paradigm -- namely placing threat mitigation in the core switch -- can keep 10 GigE links moving swiftly and eliminate inefficient in-line security devices.

With a pair of new releases this week, Extreme Networks Inc. is advancing its belief that there's no need to slow down 10 Gigabit Ethernet links with in-line security appliances.

The Santa Clara, Calif.-based vendor Monday re-released its Clear-Flow packet inspection software and introduced the Sentriant Virtual Security Resource appliance, part of its two-fold effort to convince businesses to reexamine their network security strategies and gain ground in the security appliance market.

The Clear-Flow engine is software designed for the vendor's Black Diamond 10K core switch. It performs Layer 2 and Layer 3 packet inspections, isolating and responding to suspicious network traffic.

The updated version of Clear-Flow now contains a security rules engine, which a company can use to enforce network security policy from the core and enact threat mitigation, such as stopping malicious traffic or throttling the bandwidth for suspicious traffic.

When Clear-Flow detects suspicious traffic, it is mirrored to the Sentriant appliance. Sentriant then determines whether the packets are malicious, and if so, it takes any one of a number of possible actions, including denying the packets access to the network.

Together, the two products are intended to mitigate the threat posed by malicious worms and other fast-moving security threats or "zero-day exploits." Because the Clear-Flow engine can handle packets at 10 GigE speed, the company says its appliance can reside behind the core switch and still replace numerous expensive in-line security appliances.

Suresh Gopalakrishnan, Extreme's vice president of marketing, said it's not only difficult for a company to secure all its end points by spreading security appliances around, it's also expensive. "[Companies] don't have enough money in their budgets to protect every uplink," Gopalakrishnan said.

He added that in-line security devices create another possible point of failure on the network, and typically can't adequately protect 10 GigE links without preventing the full capacity from being utilized.

Joel Conover, principal analyst with Sterling Va.-based research firm Current Analysis, said this release transforms Clear-Flow from a marketing effort into a viable security application, but it still must prove that its architecture can react quickly enough to threats.

For more information

Read our exclusive: Extreme's new switch aims to cut out the middleman.

Check out our Topic on choosing routers and switches.

Read more articles written by News Editor Eric B. Parizo.

"If it takes too long, then the threat has already passed through and moved on to its next target," Conover said. "That's the real danger here, but they're trying to get people to think about their switches as in-line defense mechanisms when everyone else is putting out blades or stand-alone appliances."

Additionally, Conover said even though Extreme's paradigm is intended to keep performance levels high, some of the conditions that it creates may cause issues down the road. For instance, its reliance on built-in packet counters and considerable mirroring could result in drops, depending on how Extreme leverages the technology in future releases.

"The concept of providing mitigation in the core switch is a great idea because it removes points of failure and results in a more efficient design," Conover said, "but I think they need customer testimonials to prove it."

The new version of Clear-Flow is now available with Extreme's Black Diamond 10K switch, and the Sentriant appliance will be available this summer for $41,995.

Dig Deeper on Network Design

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.