Will faster network speeds outrun essential security controls? It’s a question that should be top of mind for security professionals today. Traffic volumes are growing exponentially across every segment, with the fastest growth rates closest to the network core. Global IP traffic has increased more than fivefold in the past five years and will nearly triple over the next five, with total volume surpassing the zettabyte (1,000 exabytes) threshold this year, and doubling again by 2019.
The majority of this traffic will soon move on ever-faster Ethernet links, with 10 Gb/s Ethernet becoming common at the access layer, 40 Gb/s Ethernet at the distribution layer, and 100 Gb/s Ethernet at the core. Key stakeholders in the Ethernet ecosystem are racing to complete new specifications and deliver compliant interconnects, but there is no equivalent effort to accelerate network security. This is especially true of those solutions that do the heavy lifting of deep packet inspection for intrusion detection and prevention. It’s a gap that will only become more urgent as interconnect speeds continue to outpace the capabilities of available security devices.
Traffic Drivers: New Content and Endpoints
One of the factors driving network throughput, is video. By one estimate, video in all forms (TV, video on demand, Internet, and P2P) will account for up to 90 percent of global consumer traffic by 2019, with nearly a million minutes of video crossing global IP networks every second. Another contributor is the flood of new devices requesting that video content and other services. The number of devices connecting to IP networks is expected to be three times as large as the global human population by 2019, and mobile devices will account for 66 percent of all IP traffic.
Traffic Drivers: Virtualization and Cloud
In the data center, server and storage virtualization is changing both traffic volume and distribution, vastly increasing the amount of east-west traffic between virtual machines. Much of that increase is normal communication between application tiers—web, application, and storage—which now run on different virtual machines, plus a significant additional increase related to backup, replication, and migration. Network virtualization raises the traffic ante farther and faster, making flows both dynamic and unpredictable. Network links must now be sized to allow much greater elasticity than in traditional architectures with more stable and predictable traffic patterns.
Another factor driving network traffic growth is cloud service adoption. More than four-fifths (86 percent) of all workloads will be processed in cloud data centers by 2019, with annual global cloud IP traffic reaching 8.6 ZB (719 EB per month). That can’t happen unless networks have the bandwidth to deliver satisfactory user experiences.
Traffic Drivers: The Internet of Things
The Internet of Things (IoT) will also have a powerful influence on network and data center evolution. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. This implies massive volumes of sensor messages sent to data centers for processing, requiring much greater inbound bandwidth than was previously needed for application access by human end users.
Rapid Change and Rising Risks
This partial list of bandwidth-driving changes promises a steady unveiling of new vulnerabilities and security risks. Any change in a well-understood domain creates a learning curve for administrators, with blind spots ripe for exploitation. By raising network transport speeds, we multiply the hiding places for covert attacks. By moving applications and data onto public cloud services, we expose them to compromise between our perimeter and the cloud. By connecting remote devices by the hundreds of thousands, we may raise penetration risks by orders of magnitude.
All of these considerations make it essential that network intrusion prevention to be extended to provide visibility into the swelling volumes of faster-moving traffic. Without deep inspection, malicious payloads may stream into the network, concealed in legitimate traffic. Successful attacks can persist on compromised hosts, propagate undetected, and exfiltrate stolen data directly to the black market. Security teams urgently need IPS solutions built for tomorrow’s data center environments; solutions that won’t throttle high-speed links, that will find and stop zero-day threats when first detected, that deploy easily into physical and virtual architectures, and that will scale to accommodate future speed bumps without a rip and replace upgrade.