x
Optical/IP

Radware's 3-Gig Lock Box

Radware Ltd. (Nasdaq: RDWR), a big player in the Layer 4-7 switching market, today moved aggressively into the security appliance market with a high-end intrusion detection system called DefensePro.

DefensePro is being marketed for large companies and telecom operators demanding high-throughput intrusion detection and virus-protection systems. It will start at 1 Gbit/s line rate and scale as high as 3 Gbit/s, simultaneously supporting as many as one 10-Gigabit Ethernet port, seven Gigabit Ethernet ports, and 16 Fast Ethernet Ports.

The system will manage and switch ports, while inspecting packets for an array of application-layer attacks, including denial of service attacks and worms. It can perform these scans of incoming and outgoing traffic and connect to multiple LAN segments.

The move into the security appliance market is big for Radware, which previously focused exclusively on the Layer 4-7 switching market, where it chips away at a market once dominated by Cisco Systems Inc. (Nasdaq: CSCO) and Nortel Networks Corp. (NYSE/Toronto: NT). Radware’s stock has been on a tear this year, primarily because of the perception that the company is gaining market share in the Layer 4-7 market.

Many security companies are starting to focus on application-layer inspection, because many modern security threats operate at that level. This has sent all the major security players scrambling to come up with an application-layer inspection story (see Security God in the Making?).

Security specialists NetScreen Technologies Inc. (Nasdaq: NSCN) and Check Point Software Technologies Ltd. (Nasdaq: CHKP) focus on firewalls and have recently moved into application-layer security – or so-called "deep packet inspection" (see NetScreen Adds Deep Inspection, Check Point Protects Applications, and NetScreen Firewall Gets Smart. But those initial offerings appear to have performance limitations, compared to what Radware has announced. Internet Security Systems Inc. (Nasdaq: ISSX) and startup Fortinet Inc. have also announced plans for application-layer security products (see Fortinet Score $30M Funding Round.

Radware is touting its product as high-performance, even while it lacks a VPN and SSL management offering, something its competitors have. The system is built with a large array of ASICs and merchant silicon (as many as 16 ASICs and two network processors in each box), which divide up the tasks of session management, data forwarding and blocking, deep packet inspection, and switching.

Radware officials say the box will start at $25,000 and will be marketed as a mixture of enterprise and service provider customers. The company's early customers include Korean service provider Dacom Corp..

Radware shares today closed down $0.19 (0.70 percent) at $26.91 -- nearly quadruple the 52-week low of $7.

— R. Scott Raynovich, US Editor, Light Reading

mr zippy 12/4/2012 | 11:12:28 PM
re: Radware's 3-Gig Lock Box A few technologies are coming

(a) IPv6 with IPsec built in
(b) DNSsec
(c) opportunistic, end-to-end encryption a.k.a. IPsec transport mode

When all the traffic between the ultimate source and ultimate destination is encrypted, and is therefore confidential, what value will these types of boxes have ?

I don't know if, even if the above technolies exists, whether the "market" ie. corporates will use them. However, with network security becoming more and more prominant, there is a chance these technologies will be adopted, making network based application inspection / IDS etc useless.

As long as you check to ensure they are not performing a man-in-the-middle attack, you can already bypass these sorts of devices by using HTTP+SSL.
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE