IBM Delivers Super Fast IPS
February 22, 2011 Alex Woodie
IBM last week unveiled a new security appliance designed to thwart attempts to compromise networks, computers, and applications. Called the Security Network Intrusion Prevention System (IPS) GX7800, the key differentiator of the device is its purported capability to isolate threats at network speeds up to 20 gigabits per second, which IBM claims is almost twice as fast as competing IPSes.
The GX7800 is an all-purpose security device designed to protect customers from a variety of known attack methods, including SQL injection, cross-site scripting (XSS), denial of service, and drive-by downloads, as well as blended attacks and those that use obfuscation. And since the device’s database of attack definitions is continually updated by the experts in IBM’s X-Force security labs, customers can feel good about its capability to recognize and adapt to new or rapidly changing attack mechanisms.
The GX7800 ships with Security Network IPS Firmware version 4.2. Among the key technology enablers in this firmware is IBM’s Injection Logic Engine (ILE), which uses heuristics and behavior analysis to identify unusual Web request patterns that are typical of SQL injection and XSS attacks, including zero-day attacks.
Other powerful technologies include Data Loss Prevention (DLP), which is aimed at preventing the loss (or “leakage”) of personally identifiable information (PII). IBM’s Shellcode Heuristics helps block the latest zero-day attacks that are leveraging maliciously coded MS Word and PDF documents. The device also includes IBM’s “virtual patch” technology, and works with IBM Rational AppScan technology to create customized protection templates for specific Web applications.
With the GX7800, IBM is claiming to bring all these security threat detection routines to bear on a huge amount of network traffic, without causing much of a slowdown in that traffic. The new device has been validated by a third party to provide throughput of up to 23 GB per second. That’s nearly three times faster than IBM’s previous fastest device, the GX6116, with a similar latency of less than 150 microseconds. Running this device on a well-utilized 10 gigabit Ethernet network should not pose a problem.
The GX7800 can handle up to 390,000 connections per second, and handle up to 12.5 million concurrent sessions. That’s nearly 100,000 connections per second more than the GX6116, and two-and-a-half times the number of concurrent sessions.