The use by enterprises of network technology to transact business, commercial management, academic research, institutional governance, and like missions is pervasive. Network technology—particularly digital packet-switched network technologies—enables the extensive sharing and communication of information (such as documents, numerical data, images, video, audio, and multimedia information), resources (such as servers, personal computers, data storage, and security devices), and applications (such as word processing, accounting, financial, database, spreadsheet, presentation, email, communication, network management, and security applications), within and beyond local and wide-area enterprise networks.
While packet-switched networks vary considerably in topology, size, and configuration, fundamentally all such networks invariably comprise at least two “nodes” communicably-linked (by wired or wireless connections) to enable the transmission of digital packet-encapsulated data therebetween. Nodes—as known to those skilled in the art—includes desktop computers, laptop computers, work stations, user terminals, mainframe computers, servers, network attached storage, network printers, and other destinations, origins or termination points for said digital packet-encapsulated data.
Networking devices—sometimes referred to in the art as “intermediate systems” or “interworking units”—are also commonly, if not invariably, present in packet-switched networks. These, in contrast to nodes, function principally to manage, regulate, shape, or otherwise mediate data traffic between network nodes. Switches, gateways, and routers, for example, direct packet traffic between nodes within a network, as well as traffic into and out of the network. Likewise, certain network security devices—functioning as so-called “hybrid” networking devices—mediate packet traffic entering into or within a network, by filtering, isolating, tagging, and/or otherwise regulating data packets or data packet flows.
In common intrusion prevention system (IPS) deployments, multiple IPS units may be distributed throughout a network to protect and segment the network based on several factors including an organizations network topology and critical asset locations. For example, it is typical for an IPS to be placed at the WAN access point(s) as well as in front of the data center and between different segments of the network to create independent security zones. As such, a flow may pass through multiple IPSs as it traverses the network. At each IPS the same flow may be inspected by the same set or subset of filters incurring duplicative processing cycles with no added value.
Therefore, there is a need for techniques to for avoiding redundant packet inspection in packet-switched networks.