Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
The performance of PT NGFW is comparable to the leading foreign analogues.
Positive Technologies has announced that its new generation firewall (NGFW) product has been added to the unified register of Russian programs for electronic computers and databases.
"We are developing a Russian information security product, so we must go through all the essential stages of entering the market: getting into the register of Russian software, FSTEC certification, and much more. But no less important are the steps that the PT NGFW team is taking to develop a new generation of high-performance firewall, because our goals are ambitious — by 2026, according to our forecasts, which are supported by the CSR report , the NGFW market volume will amount to 120 billion rubles. And we plan to occupy at least half of this market, " said Denis Korablev, Managing Director, Product Director at Positive Technologies.
The company has laid a solid technological foundation in its product, based on the rich experience of leading network engineers and developers. From the very beginning of the development process, the PT NGFW team eliminates artificial limitations of functionality and takes into account the mistakes of competitors, so that the next-generation ot firewall can consistently filter all traffic.
According to the company, the performance of PT NGFW is comparable to the leading foreign analogues, which indicates the potential demand for the product in the international market. This conclusion is made on the basis of an analysis of the official documentation of manufacturers of such solutions.1 Two platforms were selected to demonstrate performance under load: the lower-end model running on a 4 - core Intel Atom and the higher-end model running on two 24-core Intel Xeon 2s. At the same time, the testing conditions were tougher than those usually created by Russian developers, and corresponded to the world standard for testing firewalls RFC 9411 . As a result, the performance of PT NGFW with IPS and TLS inspection enabled on the younger model was 800 Mbit/s, and on the older model – more than 20 Gbit/s. In application-controlled firewall mode, PT NGFW demonstrates throughput of over 100 Gbit/s. In application-controlled firewall mode, PT NGFW shows more than 100 Gbit/s. Such performance indicators were
previously considered unattainable on the x86 platform and are comparable to the figures of foreign solutions on specialized platforms with hardware acceleration.
In the second early version of PT NGFW, built-in IPS rules appeared, based on the accumulated expertise of the PT Expert Security Center (Positive Technologies security Expert Center), which has already proven itself in the PT Network Attack Discovery (PT NAD) product. IPS is deeply embedded in the traffic processing pipeline and allows you to check threats in encrypted traffic after it is decrypted.
In addition to the IPS system, the product already supports virtual contexts that allow you to divide one physical device into several independent logical ones with their own administration policies and security rules. Using this feature, you can create multiple firewalls from a single NGFW, configure the product to meet business requirements, and in some cases reduce hardware costs.
Positive Technologies has announced that its new generation firewall (NGFW) product has been added to the unified register of Russian programs for electronic computers and databases.
"We are developing a Russian information security product, so we must go through all the essential stages of entering the market: getting into the register of Russian software, FSTEC certification, and much more. But no less important are the steps that the PT NGFW team is taking to develop a new generation of high-performance firewall, because our goals are ambitious — by 2026, according to our forecasts, which are supported by the CSR report , the NGFW market volume will amount to 120 billion rubles. And we plan to occupy at least half of this market, " said Denis Korablev, Managing Director, Product Director at Positive Technologies.
The company has laid a solid technological foundation in its product, based on the rich experience of leading network engineers and developers. From the very beginning of the development process, the PT NGFW team eliminates artificial limitations of functionality and takes into account the mistakes of competitors, so that the next-generation ot firewall can consistently filter all traffic.
According to the company, the performance of PT NGFW is comparable to the leading foreign analogues, which indicates the potential demand for the product in the international market. This conclusion is made on the basis of an analysis of the official documentation of manufacturers of such solutions.1 Two platforms were selected to demonstrate performance under load: the lower-end model running on a 4 - core Intel Atom and the higher-end model running on two 24-core Intel Xeon 2s. At the same time, the testing conditions were tougher than those usually created by Russian developers, and corresponded to the world standard for testing firewalls RFC 9411 . As a result, the performance of PT NGFW with IPS and TLS inspection enabled on the younger model was 800 Mbit/s, and on the older model – more than 20 Gbit/s. In application-controlled firewall mode, PT NGFW demonstrates throughput of over 100 Gbit/s. In application-controlled firewall mode, PT NGFW shows more than 100 Gbit/s. Such performance indicators were
previously considered unattainable on the x86 platform and are comparable to the figures of foreign solutions on specialized platforms with hardware acceleration.
In the second early version of PT NGFW, built-in IPS rules appeared, based on the accumulated expertise of the PT Expert Security Center (Positive Technologies security Expert Center), which has already proven itself in the PT Network Attack Discovery (PT NAD) product. IPS is deeply embedded in the traffic processing pipeline and allows you to check threats in encrypted traffic after it is decrypted.
In addition to the IPS system, the product already supports virtual contexts that allow you to divide one physical device into several independent logical ones with their own administration policies and security rules. Using this feature, you can create multiple firewalls from a single NGFW, configure the product to meet business requirements, and in some cases reduce hardware costs.
