Better Switch(es) to Fight

We wrapped up #CFD19 today in Santa Clara with a visit from our colleagues at Broadcom. If you thought (like I did going into our sessions) that networking components are boring, trivial, and/or unimportant, you'd be in for a serious surprise.

Just Like Roy Trent, Networking Is Here, It's There, It's [bleeping] Everywhere in the Cloud

As public, private, and hybrid clouds evolve to manage the workloads we're slamming against our compute nodes, software-defined storage, and everything in between, we often think of the network as an ever-present component that is just there. But Broadcom showed off some new technology that turns that conundrum on its head - because without efficient NICs and the chipsets that they use, nothing can talk to anything else.

Of all the components we reviewed, the most fascinating one was their Trident5-X12 chip that's at the heart of their networking strategy. As hackers and disrupters continue to grow more sophisticated in their attacks on our IT organizations' infrastructures, wouldn't it be great to catch a DDOS attack as it happens based on a well-known attack pattern - even one, say, that's unique to my systems' workloads and application access methods?

Trident5-X12: Built-In NLP Capabilities

So that's actually what Broadcom has built into its chip: The ability to inspect every incoming network packet to see if it matches a suspicious pattern of an attack vector. If it does discover it matches that pattern, the chip can automatically log or even block the packet from ever entering my network.

The neat thing about this is that of course evildoers will continue to evolve their attack strategies beyond just simple DDOS attacks. (Don't believe me? Think about how hackers have elevated their attacks against storage systems from encrypting whole volumes or drives to just encrypting parts of specific files when they're attempting to extort companies with ransomware.)

It's true that Trident5-X12 requires sysadmins and SREs to first train the chip with expected attack vector patterns specific to each system's architecture and network usage patterns. But that also means when those cagey b*stards try something new that none of us have yet foreseen, we'd be able to identify that new evildoing pattern, train up the network, and shunt the disruption to a honeypot, our security admin's inbox ... or even InterPol or [insert your country's preferred security apparatus here]. Chalk up one for the good guys!