November 04, 2019 By BlueAlly
By Ken Xie | November 04, 2019
The Universal Quest for Speed
Business innovation has always been key to the success of organizations, especially for those willing to adopt new solutions. From the first abacus and the invention of double entry bookkeeping to the introduction of the ticker tape to copy machine, technology has one thing in common – it has always enable the business to function faster and more efficiently, saving money and increasing productivity.
Today’s digital innovation is no different. Applications and device functionality continue to accelerate business. And underlying those functions is the need for performance. Organizations literally spend trillions of dollars upgrading their networks and devices to generate more computing capacity to accommodate evolving business solutions. As a result, a single end user device today has more processing power, generates more data, and requires access to more digital resources than existed in the entire world just a handful of decades ago.
The majority of technology spend in an organization is dedicated to finding and replacing devices that create system bottlenecks. For example, WAN routers and MPLS connections, once the hallmark of high-performance branch connectivity just a few years ago, are now being replaced with new SD-WAN solutions that can adapt to today’s more dynamic and distributed networks while supporting high-performance business-critical applications.
Security is Becoming a Business Bottleneck
As networks demand more performance, one of the most critical areas lagging behind is network security. Unless organizations are willing to pay outrageous costs, security devices function at a fraction of the speed as the rest of the network. The limited ability to purchase and deploy adequate security solutions impacts network design, business growth, and user access to critical data. Part of the challenge is that a firewall, for example, requires massive amounts of computing power to inspect data looking for malicious content – far more than any router or switch. And according to a recent report by Fortinet, 87% of all web traffic at the start of 2019 was encrypted, with the volume growing daily, which has an even greater impact on security performance.
The fact is, inspecting encrypted data takes such a significant toll on firewall performance that most manufacturers won’t even publish their performance numbers. And the reason is easy to see once you pop open a box and look inside. Even the most expensive firewalls are filled with off-the-shelf CPUs that were never designed to perform the security tasks they are assigned. Instead, software engineers have to write complex code to accommodate hardware limitations, looking for ways to overcome the physical limitations of the processors they have to work with. And because decrypting traffic is so labor-intensive, it’s simply not possible to compensate for the performance impact using software design tricks.
All Performance Innovation Starts with the CPU. Why Not for Security?
We wouldn’t put up with this in any other technology. Smartphone manufacturers develop their own processors, like Apple’s new A13 Bionic chip that was purpose-built to generate more performance to deliver the best graphics and user experience to consumers. And Tesla’s new self-driving chip is a 260 square millimeter piece of silicon, with 6 billion transistors, that offers 21 times the performance of the Nvidia chips it was using before. Other organizations committed to providing cutting-edge performance, such as Google, Amazon, and Facebook, also build their own silicon chips for their data centers and other infrastructures.
Of all the places that could benefit from custom-designed processors, security certainly seems to be at the top of the list. However, Fortinet is still the only security manufacturer to have developed our own security processors (SPUs), engineered from the ground up to perform those specific tasks required to inspect and secure traffic. And the results speak for themselves. We recently calculated the average performance across security devices from leading manufacturers to then calculate something we call a Security Compute Rating that compares the performance of our new SOC4 security ASIC with devices that rely on traditional chips to process security data.
The Power of Custom Security Processing
Across the board, the use of these purpose-built chips dwarfs that of solutions that rely on off-the-shelf technology, and at a fraction of the cost. Here is a small data sample comparing our desktop SD-WAN NGFW solution with similar solutions from other manufacturers that utilize generic CPUs for networking and security capabilities, all positioned to address the same business requirement:
Go back to previous posts