In the conventional art, network security devices, such as Intrusion Prevention Systems (“IPS”) are used to detect and prevent intrusion events from infiltrating a computer network. These existing network security devices can respond to unwanted network traffic, such as viruses and hacker attacks, by blocking packets or terminating connections between a source and a destination for network traffic.
The core of most large corporate networks typically operates at 100+ gigabit per second (GBPS) speeds. Therefore, in order to operate in these environments at the core, a network IPS must be able to scale or operate at comparable speeds. However, in the conventional art, it is technically very difficult to offer network intrusion protection at multi-ten-GBPS or 100-GBPS speeds with conventional hardware and software. As a matter of fact, conventional hardware capabilities of intrusion prevention make it impossible to provide protection capabilities at these speeds.
In the conventional art, IPS technologies can only offer protection at a small fraction of those speeds, typically less than 10 GBPS, causing corporations to have to create a diffuse protection architecture with a large number of IPS devices deployed outside the core of their network. This type of architecture is both complicated and costly, and typically results in a security sacrifice. The ability to provide protection directly in the network core allows both better and more cost-effective protection.
Accordingly, there remains a need for a method or system that can utilize IPS technology to protect internal networks at high speeds by enabling the IPS technology to be implemented and managed at a central point in the network core.