Curveball Networks is here to provide guidance in developing truly scalable cybersecurity solutions based on the packet-based approach we call ‘contextual forwarding’Read More Welcome to Curveball Networks!
It’s been a while since I’ve posted something new here. I have been admittedly been busy with consulting commitments, and in most cases under NDA. This unfortunately leaves anyone visiting my site with the idea that I’m on a crusade against security appliances, which the IETF calls ‘middleboxes’. The truth is not opposition to middleboxes […]Read More Scaling Security To The Architectural Limit
In the first two parts, we discussed both the resource limitations of middlebox architecture, and the difficulties associated with maintaining symmetric traffic flow through them for proper stateful operation. In this third part, we turn our attention towards operational challenges and costs associated with middleboxes that can serious impair their potential value in deployment. As […]Read More The Trouble With Middleboxes – Part 3
In the first part of this series, we looked at how the CPU/RAM resource limitations of security middleboxes severely restrict their ability to scale and migrate from perimeter defense to datacenter-based architectures. When aggregating large numbers of networked assets and/or the traffic from large numbers of endpoints into the cloud, even the most basic stateful […]Read More The Trouble With Middleboxes – Part 2
According to RFC-3234, “A middlebox is defined as any intermediary device performing functions other than the normal, standard functions of an IP router on the datagram path between a source host and destination host”. The overwhelming number of network security appliances such as firewalls (FW) and intrusion prevention systems (IPS) are middleboxes. Unlike routers and switches […]Read More The Trouble With Middleboxes – Part 1