Industry Trends

Innovation Insights: Why Content Processing Matters

By Bill McGee | April 25, 2016

Fortinet just announced the new tightly integrated Security Fabric, and the ninth generation of their content security processing ASIC, the CP9. The environment that spurs this sort of unprecedented innovation is focused on the following driving factors:

  • Anticipating the network, data, and user trends that demand more sophisticated threat protection, including cloud and virtualization, IoT, and the expanding attack surface.
  • Closely monitoring attack vectors and threat actors in order to continually close the gap between threat and response.
  • Providing security solutions designed to interoperate, collaborate, and adapt to threats as an integrated system across the entire distributed network environment, from IoT to the cloud.

An emerging security challenge is the proliferation of distributed endpoint devices that need to securely connect to critical business applications and data. It is estimated that nearly half all data moving into and out of today’s networks, whether it is web traffic, secure transactions, or VPN connections, is encrypted using SSL.

These encrypted tunnels often contain business-sensitive data, customer information, intellectual property, and financial transactions. Unfortunately, they also increasingly contain malware. In addition to being encrypted, this malware can also be hidden deep in the unstructured content of data, including inside web pages, attachments, video clips, photographs, or other materials.

According to a recent Gartner report, however, less than half of encrypted web traffic, and less than 20% of SSL traffic in general, is ever opened for inspection. The reason is simple. The CPUs installed in virtually every security device on the market today were never designed to for this sort of processing overhead.

In fact, according to NSS Labs test results, SSL decryption generally results in a 74% loss of throughput and a nearly 88% reduction in transactions per second. This sort of degradation increases cost, latency, and administrative overhead, and is one reason why many organizations simply often avoid SSL decryption. And deep content inspection looking for hidden malware can add an additional 30% to 80% of overhead load on traditional security device processors. So even when security devices use multiple CPUs to process traffic, this sort of inspection cripples standard off-the-shelf hardware.

And this problem isn’t going away. Gartner also advises organizations to anticipate an annual 20% increase in SSL traffic inside their networks for the foreseeable future.

Fortunately, Fortinet’s innovative engineering team has developed a new generation of content processing ASICs that have been designed specifically to decrypt and inspect complex, resource-intensive data. The Fortinet CP9 security ASIC provides the fastest full SSL decryption and SSL connections per second in the industry. It also provides for high-speed deep content inspection, and increases the performance of IPS full-signature matching, and advanced VPN (including support for the NSA’s “Suite B” elliptical curve cryptography algorithms.)

There is literally nothing else like it. And with organizations standing at the edge of a tsunami of data headed their way driven by BYOD, billions of IoT devices, and an estimated 26 IP-enabled devices per person that all requires access control, content inspection, and secure processing, the timing couldn’t be better.