Combating the increasingly sophisticated threats to your network's security is challenging, especially with such a wide range of security features and solutions available on the market. When considering available technologies and strategies, consider these three areas of focus:
Protect the platform: Establish a hardware-based root-of-trust.
- Intel® Trusted Execution Technology (Intel® TXT) is a hardware solution that validates the behavior of key components within a server or PC at startup. Known as the “root of trust,” the system checks the consistency in behaviors and launch time configurations against a “known good” sequence. Using this verified benchmark, Intel® TXT can quickly assess whether any attempts to alter or tamper with the launch time environment have been made.
Secure the data, including data in-flight, in-use, and at rest. Examples include:
- Intel® AES New Instructions (Intel® AES NI) is an encryption instruction set that accelerates the Advanced Encryption Standard (AES) algorithm and removes the data encryption overhead in the Intel® Xeon® processor family and the Intel® Core™ processor family. Comprised of seven instructions, Intel® AES-NI gives your IT environment faster, more affordable data protection and greater security; making pervasive encryption feasible in areas where previously it was not.
- Intel® QuickAssist Technology provides even more security and compression acceleration capabilities used to improve performance and efficiency across the data center. Server, networking, big data, and storage applications use Intel QuickAssist Technology to offload servers from handling compute-intensive operations, such as:
- Symmetric cryptography functions including cipher operations and authentication operations.
- Public key functions including RSA, Diffie-Hellman, and elliptic curve cryptography.
- Compression and decompression functions including DEFLATE, (zlib format), that is abundant in web traffic.
Ultimately, Intel QuickAssist Technology enables users to meet the demands of ever-increasing amounts of data, especially data with the need for encryption and compression without compromising application performance and usability. This helps users to ensure applications are fast, secure and available.
Addressing the evolving nature of network security and facilitating a smooth transition to Network Functions Virtualization (NFV) can be challenging. Advances in technology make it possible to create a network ecosystem capable of managing a wide range of security threats. It is vital to explore the range of hardware, software and cloud solutions available to help ensure security while also maintaining consistent service and platform delivery to your customers.
Intel® Cloud Integrity Technology (CIT) leverages Intel® TXT to provide a root of trust in the datacenter, enabling software-controlled visibility and policy enforcement of hardware-secured asset tags and launch-time measurements of the BIOS, Operating System (OS), and hypervisor. The trust and asset tag attestation information can then be used to provide workload verification, remediation, reporting, and compliance in both public and private cloud environments. Leveraging Intel® CIT, vSwitch and security virtual network functions (VNFs) can be attested and verified to secure NFV solutions.
Watch the final episode in our eight-part Network Transformation video podcast series, hosted by Jim St. Leger, Data Plane Software Product Line Manager at Intel. This episode covers the latest in network security software and hardware technology advancements and considerations for securing your network.
You can view all the episodes in the Network Transformation series on our YouTube channel.