To enable the growing digital business, expectations for IT organizations to lead and deliver value, responsiveness and security has reached an all-time high. Innovative services plus increased data and capacity requirements compel IT leaders to address new operational challenges through data center modernization. That means the scaling of firewall processing that adapts to increasing threat traffic is also necessary as IT is continually challenged to balance network security and performance. However, a traditional scale-up approach leveraging high availability (HA) firewall deployment (1+1) is not a sustainable solution to meet today’s performance demand.
This executive brief explores the limitations of current scaling approaches, identifies requirements needed to overcome them and recommends a viable alternative.
Growing threat-analysis demands
Demands for faster firewall inspection speed have increased due to the growing amount of encrypted traffic that requires deeper analysis. To prevent unauthorized data access and user privacy, organizations are increasingly using encrypted traffic with SSL/TLS and HTTPS to establish secure communication over the internet. Roughly 15 to 25 percent of total internet traffic1 and 35 percent of enterprise traffic2 is encrypted with SSL/TLS. SonicWall threat research analysts have observed HTTPS as total hits reach nearly 65 percent.3 Furthermore, each month throughout 2015 saw an average of a 53 percent increase over the corresponding month in 2014.
The irony of encrypting traffic is that criminals use it to hide malware as well. Half of all inbound and outbound attacks will be encrypted and therefore obfuscated by SSL/TLS by 2017.1
Yet only about 20 percent of enterprises have deployed next-generation firewalls (NGFWs) that can inspect inbound and outbound SSL/TLS traffic.1 A recent high-profile attack distributed malware hidden inside HTTPS at a rate of 27,000 visited users per hour, yet most firewalls were unable to see the attack.4
Obviously, today’s firewalls need to scan encrypted traffic and perform other deep packet inspection (DPI) functions. However, decrypting, analyzing and reencrypting traffic takes a significant toll on firewall performance.