How to achieve 10Gbps performance for integrated anti-virus and anti-spam network-based security systems

Jon Curnyn Detica

A growing trend within the anti-virus (AV) and anti-spam (AS) world is the use of specialist hardware that can accelerate certain functions that, up until now, have been performed in software. The main application for this hardware is not client PCs - where the processor is more than capable of supporting the AV and AS needs of a single user - but rather networks, like those found in large Internet service providers, where the number of users may scale into the millions and the volume of data to be scanned can be several gigabytes every second.

The first generation hardware approaches have relied on doing simple tasks, such as pattern matching, in silicon, leaving the software still to do heuristics and more complex content processing. As a result, although the performance bar has been raised, there is still a significant way to go to meet the demands of a truly real-time network-based AV and AS system.

This paper presents the latest advances in integrated anti-virus, anti-spam and IDS systems that can operate on 10Gbps networks in real-time at very low latency. I will explain how a silicon-based content processing engine can perform heuristics, message digests and other complex analysis techniques (as well as pattern matching and data unpacking) in hardware without impacting detection accuracy or the flexibility of adding new detection methods. I will also detail how the content processing engine techniques combine to form a truly integrated defense mechanism against blended virus, worm and spam attacks, including the use of information learnt from monitoring network traffic flows.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘There is still nothing like a VB conference!’

Poll

Who in your company is responsible for installing software patches?

Leave a comment

VB100 certification

The final VB100 of the year sees a double whammy of potential pitfalls for our comparative participants - the Vista operating system, which still seems shiny and new as well as a little scary (to both developers and users), as well as the x64 architecture, whose ostensible compatibility with standard 32-bit software belies oddities and intricacies that developers ignore at their peril. The announcement of the test brought a few surprises, as several regulars opted to skip this one, but the majority of veteran competitors took part as usual, along with several newer faces, many of whom look set to join the ranks of our regulars.
See full results.

Virus Bulletin currently has 148,287 registered users.

Fighting malware and spam