Purpose-built ASIC Enables Platform for Integrating Multiple LAN Security Functions at Wire Speed
MOUNTAIN VIEW, Calif. – November 14, 2005 – Today, Nevis Networks announced its LANenforcer™ architecture, the heart of Nevis’ comprehensive LANenforcer™ product family. The LANsecure architecture enables enterprises to solve LAN security challenges with Nevis’ patent-pending, massively parallel LANsecure ASIC, which integrates enterprise networking and comprehensive access control with multiple threat detection methodologies, all at multi-gigabit wire speeds. (Editor’s Note: For more information about the LANenforcer product family, please see the press release titled “Nevis Networks Locks Down Enterprise LAN with Comprehensive, ASIC-Based LANenforcer Appliances”, also released today.) “With this announcement, Nevis has significantly raised the bar for complete LAN security,” said Rodney Thayer, security analyst, Canola & Jones (www.canola-jones.com). “The new Nevis ASIC-based architecture not only incorporates multiple security functions that previously required separate devices, but it also performs these functions at previously unavailable performance levels.
The LANsecure architecture delivers the power required to cost-effectively deploy defense-in-depth, protecting each user and making powerful per-port LAN security a reality for the first time.” Massively Parallel Architecture Redefines Threat Control The LANsecure architecture is massively parallel and has an integrated software stack, enabling it to accelerate multiple security functions simultaneously, including stateful firewall; threat signature matching; traffic, protocol, and behavior anomaly detection; and endpoint quarantine. Each packet passes through the ASIC at wire speed while it is examined for anomalous traffic patterns, individual security violations, and threat and malware signatures.
The LANSecure architecture delivers six threat control methodologies that operate in parallel for the most accurate threat detection available:
- The policy-driven stateful firewall provides user-based Network Access Control (NAC) and protects against Denial of Service Attacks (DoS and DDoS), packet buffer exhaustion attacks, SYN flood attacks, and connection highjacking.
- Threat signature matching identifies known threats and speeds up incident resolution. Hardware acceleration and parallel pattern matching eliminate the performance degradation usually associated with signature-based security devices.
- Hardware acceleration enables ultra-fast detection of traffic anomalies for which signatures are not yet available and blocks them in microseconds.
- Protocol anomaly detection utilizes stateful pattern matching which looks for conditions that violate normal behavior in protocols including IP, TCP, UDP, ICMP, and HTTP.
- Behavior anomaly detection builds individual behavior profiles, based on user behavior and IP addresses, that increase the accuracy of threat containment and reduce false positives.
- Automatic endpoint quarantine is initiated by the detection methods above in response to threats.
Response is policy-controlled and includes redirection for remediation and blocking of network access. Wire-Speed Performance Required for LAN Security The LANsecure architecture performs all its security processing in parallel and at speeds of up to 10 Gbps – as much as ten times faster than conventional security solutions. Because the LANsecure ASIC operates at wireline speeds, Nevis’ LANenforcer products can perform deep packet inspection and contain threats in microseconds, without affecting packet latency. With a packet latency of only 47 microseconds, Nevis’ ASIC can detect and block worms in about 150 microseconds – fast enough to contain even zero-day worms. Solutions with latencies in the milliseconds typically allow 100 or more packets into the network – enough to cause significant damage and financial loss. “Security is only valuable if it can be delivered without impairing the function that is being secured,” said Peter Christy, principal at Internet Research Group. “The LANsecure architecture provides a high level of security, and its wireline speed allows it to do so transparently so that even latency-sensitive applications such as VoIP continue to operate normally.” Scalable, Easy-to-Deploy Architecture The LANsecure architecture is the first to truly integrate LAN security and networking in a fundamental approach that is highly scalable and flexible.
Nevis’ architecture enables customers to expand their LANenforcer deployment to meet their evolving security needs. The scalable architecture also enables Nevis to enhance product functionality and address new security threats as they emerge. Nevis’ flexible architecture enables two deployment models, depending upon the desired level of threat containment. In transparent mode, the LANenforcer Series 2000 is installed behind the access layer and aggregates user traffic from multiple switches. Transparent deployment is a cost-effective way to protect many users and can be quickly deployed, requiring no change to user desktops or to the existing network. Deployed at the access layer and connecting directly to each user, the LANenforcer Series 1000 provides the highest level of protection for every user on the network, containing threats to the individual user. In both modes, the LANenforcer deploys seamlessly into the LAN and requires no client software. “Until now, IT has had to make a tradeoff between deep packet inspection and high-speed LAN performance because today’s LAN security solutions typically introduce significant packet latency,” said Bill Scull, senior vice president of marketing at Nevis. “The LANsecure ASIC enables our LANenforcer security appliances to perform deep packet inspection at network speeds, thus eliminating this tradeoff and providing comprehensive LAN security from a single integrated platform.” Disruptive Price/Performance Nevis purpose-built the LANsecure ASIC to deliver LAN security appliances with greater flexibility in design and higher performance than available in off-the-shelf chip sets. The patent-pending ASIC design uniquely enables the company to address key LAN security issues facing enterprises today plus ensure extensibility for the future. The LANsecure ASIC thus enables disruptive price/performance while giving users the ability to fully secure every user on the LAN without degrading network performance or deploying client-side software.
About Nevis Networks
Nevis Networks develops and markets ASIC-based LAN security appliances designed to help corporations protect information privacy and integrity, ensure network availability, and maintain regulatory compliance. With its patent-pending LANsecure architecture, the Nevis LANenforcer product family combines the most comprehensive access control, deepest threat defense, and fastest threat response to create a “Personal DMZ™” around every user on the LAN. Nevis was founded in 2002 by seasoned executives with strong track records in security, semiconductor, and networking technologies, and has raised over $40 million from veteran Silicon Valley investors New Enterprise Associates, BlueRun Ventures, and New Path Ventures. The company is headquartered in Mountain View, California, with an R&D center in Pune, India. For more information, visit the Nevis Networks web site at https://nevisnetworks.com, or contact the company at (650) 254-2500.