Disaggregated Scalable Firewall Framework Released

Three major US companies have joined forces to develop a Disaggregated Scalable Firewall (DSFW) framework.

The collaboration between AT&T, Palo Alto Networks, and Broadcom was announced earlier today as an expansion to the Distributed Disaggregated Chassis (DDC) that was recently contributed to the Open Compute Project (OCP). 

The new DSFW will enable network operators to deploy firewalls as software-based platforms rather than as hardware appliances. The initiative focuses on using AI and machine learning embedded in the network fabric to prevent attacks using actionable events. 

The DSFW expansion will deliver the first dynamically programmable fabric with embedded security functions and services at the edge of the network. The new firewall framework could also pave the way for future Scalable Disaggregated Application Services. 

The trio behind the new framework each brought something unique to the collaboration process. 

Broadcom’s Jericho 2 chip, which was fundamental in the OCP contribution of the DDC, formed an essential part of the DSFW solution. To make the framework happen, Broadcom provided expertise for the J2 functionality, coupled with a new development on the chip to retain Layer 4 session information.

These advances improved the scalability of the solution by ensuring the hardware offload.

“This approach enables pervasive security at terabit scale economically,” said Oozie Parizer, senior director of product marketing, Core Switching Group, Broadcom. 

“Through our close technical collaboration, we have leveraged the extensive capabilities in Jericho 2 and look forward to delivering additional solutions in the very near future, to secure and scale the network infrastructure.”

Palo Alto Networks weighed in with technology that supports security capabilities directly on the network edge, allowing continuous security, automation, and analytics to occur. Their input made it possible for the DSFW to function at scale, even during periods of increased traffic caused by peak demand. 

Michael Satterlee, vice president, Network Infrastructure and Services, AT&T, said the new framework would offer better protection from threats.

"Traditionally, we have had to rely on centralized security platforms or co-located appliances which are either not directly in the path of the network or are not cost effective to meet the scaling requirements of a carrier. We now carry more than 335 petabytes of data traffic on our global network on an average day, with 5G poised to push that number even higher," said Satterlee.

"Securing that cargo using traditional methods just won’t work. This new design embeds security on the fabric of our network edge that allows control, visibility, and advanced threat protection.”

What’s Hot on Infosecurity Magazine?