Today's networking components process numerous different flows (e.g. groups of packets originating from a common source) for implementing security and threat management. As time progresses, the speed at which networking components operate increases, and accordingly the rate at which security and threat management needs to operate also increases. In some cases, a security and threat management operation might be processed in batches (e.g. by storing the packets of a flow, and later processing the stored packets), and in other cases it is desirable to process the security and threat management operation at wire speed.
To increase the speed that security and threat management can be performed in a system, security processing is often handled in hardware by using dedicated security circuits. This permits faster operations by offloading security functions from a general processor to the specialized cores for the security-related functions. These specialized cores are hardcoded to perform defined sets of security functionality for defined sets of security protocols.
Accordingly, there is a need for an improved approach to implement security processing which possess the performance and speed of using a hardware-based security processing system, but which is flexible enough to be expandable in its scope of functionality.