How to achieve 10Gbps performance for integrated anti-virus and anti-spam network-based security systems
Jon Curnyn Detica
A growing trend within the anti-virus (AV) and anti-spam (AS) world is the use of specialist hardware that can accelerate
certain functions that, up until now, have been performed in software. The main application for this hardware is not
client PCs - where the processor is more than capable of supporting the AV and AS needs of a single user - but rather
networks, like those found in large Internet service providers, where the number of users may scale into the millions and
the volume of data to be scanned can be several gigabytes every second.
The first generation hardware approaches have relied on doing simple tasks, such as pattern matching, in silicon, leaving
the software still to do heuristics and more complex content processing. As a result, although the performance bar has
been raised, there is still a significant way to go to meet the demands of a truly real-time network-based AV and AS
system.
This paper presents the latest advances in integrated anti-virus, anti-spam and IDS systems that can operate on
10Gbps networks in real-time at very low latency. I will explain how a silicon-based content processing engine can
perform heuristics, message digests and other complex analysis techniques (as well as pattern matching and data
unpacking) in hardware without impacting detection accuracy or the flexibility of adding new detection methods.
I will also detail how the content processing engine techniques combine to form a truly integrated defense mechanism
against blended virus, worm and spam attacks, including the use of information learnt from monitoring network traffic
flows.
