Software enhancements address high-performance security

Wind River has debuted new performance benchmarks for its high-speed pattern matching software, Wind River Content Inspection Engine that can meet these challenges.

According to recent benchmarks, Content Inspection Engine, also sold as Hyperscan, now delivers pattern matching throughput of over 36 Gbps on the Intel Atom processor C2000 series, using tier-1 original equipment manufacturer (OEM) IPS patterns to scan real-world HTTP traffic.

It is a pattern matching library designed to drop into a vendor’s system software release and be used for an entire product line, without requiring any additional software or hardware resources. With scanning performance on high-end Intel Xeon–based platforms exceeding 280 Gbps, these benchmarks demonstrate Content Inspection Engine’s ability to deliver scalable performance, making it an ideal pattern matching technology for low-end to high-end security platforms and NFV-based solutions.

Using the software, vendors can now significantly improve scanning performance and scalability and enrich their overall network security performance.

“These latest benchmarks validate how software can transform processor real estate into scalable security performance,” said Paul Senyshyn, vice president of communication platforms at Wind River.

The software extends the benefits of pattern matching as vendors move toward virtual appliances and applications. NFV in the cloud must rapidly scale to meet the high growth and demands of the network without modifying software design. 

It is well suited for the challenge of scaling rapidly as increased performance is achieved by simply allocating more resources without the need for software modifications. Additionally, appliances that use the software can easily live-migrate to another server in less than 300 milliseconds when run on carrier grade Wind River Linux. This capability is critical in scenarios when downtime must be minimised, such as during failover or migration to new equipment when data-center hardware is refreshed.

Content Inspection Engine is a high-speed embedded software pattern matching solution that can match large groups of regular expressions against blocks or streams of data. The engine can also search for multiple patterns simultaneously, even when the streams of data are scattered in different memory locations. Content Inspection Engine is a scalable, cost-effective approach that runs entirely in software. It is ideal for applications that need to scan large amounts of data, such as intrusion prevention, antivirus applications, and unified threat management.