Industry Trends

The Power of Custom Security Processing

By Ken Xie | November 04, 2019

The Universal Quest for Speed

Business innovation has always been key to the success of organizations, especially for those willing to adopt new solutions. From the first abacus and the invention of double entry bookkeeping to the introduction of the ticker tape to copy machine, technology has one thing in common – it has always enabled the business to function faster and more efficiently, saving money and increasing productivity.

Today’s digital innovation is no different. Applications and device functionality continue to accelerate business. And underlying those functions is the need for performance. Organizations literally spend trillions of dollars upgrading their networks and devices to generate more computing capacity to accommodate evolving business solutions. As a result, a single end user device today has more processing power, generates more data, and requires access to more digital resources than existed in the entire world just a handful of decades ago.

The majority of technology spent in an organization is dedicated to finding and replacing devices that create system bottlenecks. For example, WAN routers and MPLS connections, once the hallmark of high-performance branch connectivity just a few years ago, are now being replaced with new SD-WAN solutions that can adapt to today’s more dynamic and distributed networks while supporting high-performance business-critical applications.

Security is Becoming a Business Bottleneck

As networks demand more performance, one of the most critical areas lagging behind is network security. Unless organizations are willing to pay outrageous costs, security devices function at a fraction of the speed as the rest of the network. The limited ability to purchase and deploy adequate security solutions impacts network design, business growth, and user access to critical data. Part of the challenge is that a firewall, for example, requires massive amounts of computing power to inspect data looking for malicious content – far more than any router or switch. And according to a recent report by Fortinet, 87% of all web traffic at the start of 2019 was encrypted, with the volume growing daily, which has an even greater impact on security performance.

The fact is, inspecting encrypted data takes such a significant toll on firewall performance that most manufacturers won’t even publish their performance numbers. And the reason is easy to see once you pop open a box and look inside. Even the most expensive firewalls are filled with off-the-shelf CPUs that were never designed to perform the security tasks they are assigned. Instead, software engineers have to write complex code to accommodate hardware limitations, looking for ways to overcome the physical limitations of the processors they have to work with. And because decrypting traffic is so labor-intensive, it’s simply not possible to compensate for the performance impact using software design tricks.

All Performance Innovation Starts with the CPU. Why Not for Security?

We wouldn’t put up with this in any other technology. Smartphone manufacturers develop their own processors, like Apple’s new A13 Bionic chip that was purpose-built to generate more performance to deliver the best graphics and user experience to consumers. And Tesla’s new self-driving chip is a 260 square millimeter piece of silicon, with 6 billion transistors, that offers 21 times the performance of the Nvidia chips it was using before. Other organizations committed to providing cutting-edge performance, such as Google, Amazon, and Facebook, also build their own silicon chips for their data centers and other infrastructures.

Of all the places that could benefit from custom-designed processors, security certainly seems to be at the top of the list. However, Fortinet is still the only security manufacturer to have developed our own security processors (SPUs), engineered from the ground up to perform those specific tasks required to inspect and secure traffic. And the results speak for themselves. We recently calculated the average performance across security devices from leading manufacturers to then calculate something we call a Security Compute Rating that compares the performance of our new SOC4 security ASIC with devices that rely on traditional chips to process security data. 

The Power of Custom Security Processing

Across the board, the use of these purpose-built chips dwarfs that of solutions that rely on off-the-shelf technology, and at a fraction of the cost. Here is a small data sample comparing our desktop SD-WAN NGFW solution with similar solutions from other manufacturers that utilize generic CPUs for networking and security capabilities, all positioned to address the same business requirement: 

As you can see, using a purpose-built security processor enables 4 to 47 times better performance than the industry average. Interestingly, this performance advantage also translates to virtual environments that don’t rely on custom chips, while not quite as dramatic. That’s because engineers have the ability to build significantly more efficient code because they don’t have to work around the limitations of the hardware it runs on. But when other security solutions get ported to a virtual environment, all of the inefficiencies in their development due to their inherent hardware limitations go with them. And even if they should redesign their solution to take better advantage of the virtual systems it is being moved to, they then lose critical interoperability between the various versions of their solution. 

Security Manufacturers Need to Step Up

Digital innovation is essential to the ongoing acceleration of the growing digital marketplace and expanding digital economy. However, we have reached a point where security is likely to become a serious roadblock to that growth. And it is happening just when the security industry is also facing a serious and growing skills gap resulting in an inadequate pool of cybersecurity professionals to manage and secure the expanding attack surface of today’s businesses. 

If security manufacturers want to provide essential protections for digital innovation, while remaining affordable enough for organizations to deploy security devices everywhere they are needed, they will have to change their development strategy. Like every other major manufacturer in the world, they will have to invest in the creation of custom hardware that can keep pace with the exponentially growing performance requirements of today’s digital businesses. If they don’t, they run the same risk as those organizations that have failed to adopt an aggressive digital transformation strategy. They will get left behind.

Learn more about Fortinet's new FortiGate 60F, a full-featured SD-WAN and NGFW solution powered by the new SCO4 security processor to accelerate and enhance cloud and WAN connectivity.

Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.