Wind River® has debuted new performance benchmarks for its high-speed pattern matching software, Wind River Content Inspection Engine.
According to recent benchmarks, Content Inspection Engine, also sold as Hyperscan, now delivers pattern matching throughput of over 36 Gbps on the Intel® Atom™ processor C2000 series, using tier-1 original equipment manufacturer (OEM) IPS patterns to scan real-world HTTP traffic. It is a pattern matching library designed to drop into a vendor’s system software release and be used for an entire product line, without requiring any additional software or hardware resources. With scanning performance on high-end Intel Xeon®–based platforms exceeding 280 Gbps, these benchmarks demonstrate Content Inspection Engine’s ability to deliver scalable performance, making it an ideal pattern matching technology for low-end to high-end security platforms and NFV-based solutions.
Security appliance vendors are under growing pressure to better engineer for higher performance in order to meet market needs. Performance bottlenecks are often due to content scanning, including the respective challenges of keeping up with rising volumes of data and increasingly complex new patterns and rule sets. Using Content Inspection Engine, vendors can now significantly improve scanning performance and scalability and enrich their overall network security performance.
“The ability to linearly scale performance to throughput based on the cores allocated is critical for virtualization,” said Jeff Wilson, principal analyst for security at Infonetics Research. “These benchmarks from Wind River reinforce how software pattern matching can contribute to high levels of network and security performance and play a key role in NFV.”
“These latest benchmarks validate how software can transform processor real estate into scalable security performance,” said Paul Senyshyn, vice president of communication platforms at Wind River. “Wind River Content Inspection Engine delivers streamlined integration and scalability that is compelling for equipment manufacturers. We are encountering considerable traction from customers embracing the benefits of high speed pattern matching, including a steady stream of new evaluations worldwide.”
Content Inspection Engine extends the benefits of pattern matching as vendors move toward virtual appliances and applications. NFV in the cloud must rapidly scale to meet the high growth and demands of the network without modifying software design. Content Inspection Engine is well suited for this challenge of scaling rapidly as increased performance is achieved by simply allocating more resources without the need for software modifications. Additionally, appliances that use Content Inspection Engine can easily live-migrate to another server in less than 300 milliseconds when run on carrier grade Wind River Linux. This capability is critical in scenarios when downtime must be minimized, such as during failover or migration to new equipment when data-center hardware is refreshed.
Content Inspection Engine is a high-speed embedded software pattern matching solution that can match large groups of regular expressions against blocks or streams of data. The engine can also search for multiple patterns simultaneously, even when the streams of data are scattered in different memory locations. Content Inspection Engine is a scalable, cost-effective approach that runs entirely in software. It is ideal for applications that need to scan large amounts of data, such as intrusion prevention, antivirus applications, and unified threat management.