An In-Depth Look at Processors for Network-Security Applications

The network-security market remains as dynamic as the threats that are driving its growth. Security-equipment vendors must scale the performance of their VPN/firewall products while adding application-level features. To satisfy enterprise customers, security-software vendors are turning to hardware-accelerated appliances for intrusion prevention (IDS/IPS), antivirus, antispam, and content filtering. The convergence of these hardware and software products is creating Unified Threat Management (UTM) platforms, which have the most demanding processing requirements.

For anything above SOHO-class equipment, standard processors cannot deliver the required performance in a cost-effective and power-efficient manner. As a result, security-equipment and -software vendors have turned to a new breed of processors that integrate one or more CPUs, memory and I/O controllers, and special-purpose engines for security functions. For mid-range designs, these integrated security processors often replace a standard processor. For the most demanding designs, these integrated processors can also offload data-plane processing, working alongside a standard x86 processor.

Get Up to Speed Quickly

This report covers processors that integrate hardware acceleration for security functions, including high-throughput encryption, content inspection, compression, and/or packet processing. Such integrated processors include Cavium's Octeon II family, NetLogic's XLP family, Freescale’s QorIQ P3 and P4 families, LSI’s Axxia, Netronome’s NFP, and Tilera’s Tile-Gx. We also cover separate content-inspection accelerators where offered by these processor vendors: Cavium Nitrox DPI, LSI Tarari, NetLogic NETL7. Finally, we cover Intel’s newest embedded Xeon processors, which include specialized instructions for encryption and other security-related functions. With one report, you can quickly compare the key vendors and their products and accelerate your selection process.

This report analyzes each vendor and each product, probing their strengths and weaknesses and presenting key details in a consistent, easy to compare fashion. We focus on network-security applications, examining hardware-acceleration features, performance, and system design. Because selecting a processor architecture has long-term implications, we also look at the vendors’ roadmap where possible.

Make Informed Decisions

As the leading vendor of technology analysis for networking silicon, The Linley Group has the expertise to deliver a comprehensive look at these technologies. Authors Joseph Byrne and Tom Halfhill use their broad experience to deliver the technical and strategic information you need to make informed business decisions. And in case you are not familiar with all of the concepts involved in this combination of security technology and networking, the report includes several introductory chapters that define and describe terms such as Diffie-Hellman, SHA-2, and FIPS 140-2.

This report is written for

• Engineers who are designing network-security equipment and need to select a processor
• Marketing and engineering staff at companies that sell networking chips that connect to security processors
• Technology professionals who wish an introduction to network-security processors
• Financial analysts who desire a detailed analysis and comparison of security-processor companies and their chances of success
• Government researchers who need up to date information on commercial network-security technology

Don’t wait! Get your copy now to track the latest developments in this fast-paced market!

What's New in this Edition

Updates to the Ninth Edition of “A Guide to Processors for Network Security”. Formerly “A Guide to Security Processors and Accelerators”

Reflecting the integration trend in security processing, we have structured this report to focus on processors that integrate hardware acceleration for security functions. Where a processor vendor also offers its content-inspection technology as a standalone accelerator, we cover those accelerator chips as well. We have dropped coverage of standalone encryption accelerators, which have been replaced for most new designs by processors with integrated encryption engines.

Changes in this edition include:

• New coverage of Intel’s Xeon E3 (Sandy Bridge) platforms
• Coverage of Cavium’s new Octeon II CN66xx multicore processors
• Coverage of NetLogic’s new XLP II multicore processors
• Coverage of Freescale’s new QorIQ P5020 processor
• Coverage of vendors’ intelligent network interface cards based on their multicore processors
• Market forecast through 2015 for security processors and accelerators
• 2010 market-size and vendor-share data for security accelerators