Overview

The Telesoft PCIe Gen 3.0 x8 IDS accelerator card speeds up Intrusion Detection System (IDS) CPU intensive signature scanning by looking for rule based byte patterns in any packet location, giving significant system performance gains.

Data streams are terminated on up to 4 x 10GbE, pre-processed for signature matches and load balanced across multiple CPU cores for processing by the host IDS application. Using this architecture, a single accelerator card in a commodity server can deliver speeds beyond 20Gbit/s with zero packet loss.

Why accelerate IDS?

Many cyber intelligence and security solutions have failed to keep up with data growth and network speeds, particularly inside the network where rates can be significantly higher than at the border. Device stacking is one solution, but this complicates network architecture and management, increases points of failure, and increases overall CAPEX and OPEX.

A signature based IDS, such as Suricata, monitors packets on the network and compares them against a database of signatures or attributes from known malicious threats. Multi-threading and load balancing across CPU cores provides performance gains, however, one of the largest CPU consumers is signature scanning, which can consume up to 80% of CPU load. By offloading signature scanning to an accelerator card, cost effective IDS systems can be built for breach detection and forensics in the network core.

Key Features

PF_RING Open API

For other IDS implementations, a PF_RING API is provided to interface the acceleration capabilities

100% Capture

PCIe Gen 3.0 allows full line rate capture into host memory for all packets 64 to 9600 bytes

Loadshare up to 64 cores

Loadshares across up to 64 cores for maximum utilisation of multi-core CPU architectures

Signature match acceleration

Pre-process and accelerate keyword rule matches from tens of thousands of rules in dynamically programmable hardware filters

Suricata Plug and play

Operation is unobtrusive and transparent through use of Telesoft code within Suricata

Dynamic flow shunting

Accelerate any PF_RING compatible application with programmable signature match pre-processing

Contact Us