Cloud-minded enterprises face a number of challenges: From hybrid cloud architectures and infrastructure virtualization to multiple levels of attacks and a lack of visibility. Complex issues like these limit an enterprise’s ability to implement effective security strategies.
In his GPU Technology Conference keynote, NVIDIA founder and CEO Jensen Huang described how NVIDIA BlueField-2 data processing units (DPUs) secure and accelerate enterprise computing in one chip. Huang also introduced BlueField-2X, which combines all the features of BlueField-2 with NVIDIA Ampere GPU technology. This powerful DPU platform bolsters additional data-center security capabilities, enabling enterprises to harness the power of AI for performing real-time security analytics, out-of-band detection of malicious activity, and more.
NVIDIA also announced it is partnering with Check Point Software Technologies to protect the ever-growing IoT landscape by onboarding Check Point’s Infinity NEXT onto BlueField-2 DPUs.
Zero-Trust Security Emerges to Protect the Enterprise
Data-center security solutions can take many forms. The emergent zero-trust model — which aims to mitigate enterprise security challenges — guides enterprises to trust neither humans nor machines around their applications’ data. This approach, which calls for authentication and authorization of every connection attempt, is becoming pervasive across the market for securing enterprise cloud environments.
Traditionally, network firewalls have played a key role in establishing perimeter-level security, which are critical today to protect software-defined data centers. More recently, the zero-trust security model has created a new breed of software-defined perimeter solutions, which take a software-centric approach to establishing zero-trust network access to applications and data.
Challenges and Limitations of Software-Only Zero-Trust in the Data Center
In the age of hybrid cloud, AI and edge computing, the implementation of software-defined networking and security strategies creates a twofold challenge: the need to deliver security with maximum speed and efficiency, plus the need to gain visibility into and enforce security policies on every host via security agent provisioning.
The first need is driving the demand for accelerated security processing, offloaded from the host CPU. The second is particularly challenging, as software-defined security agents running on the host means the potential attacker and the protected data and security control agents now all share the same trust domain — the host CPU.
If a host is compromised, the attacker can exploit the security control mechanism breaches to move laterally across data center networks. This renders software-only zero-trust solutions ineffective to protect against the new wave of cyberattacks.
From Zero-Trust to Hero-Trust
NVIDIA DPUs are ideal for enabling best-in-class, zero-trust protection.
The BlueField-2 DPU’s built-in isolation creates a separate trust domain from the host system, where security agents are deployed. In the event a host is compromised, the isolation layer between the security control agents and the compromised host prevents the attack from spreading throughout the data center.
BlueField-2 DPUs also address scenarios in which enterprises are reluctant to deploy security agents directly on their computing platforms. Low-latency, performance-sensitive workloads, compliance regulation and DevOps processes often disallow the deployment of agents.
The lack of visibility into application workloads leaves enterprises with infrastructure silos where security policy enforcement cannot be applied. But the deployment of security agents onto NVIDIA DPUs, which are fully isolated from the application domain, enables enterprises to gain visibility and enforce a consistent security policy across their infrastructures.
BlueField-2 provides a range of security acceleration capabilities. From stateful packet filtering, load-balancing, and firewalls, to line speed encryption/decryption and key management, it lets enterprises reap the benefits of accelerated security at the edge of every server, unlocking traditional sequential as well as parallel application performance.
NVIDIA CEO Jensen Huang officially announced the BlueField-2 DPU and described its main features in the portion below of his GTC keynote.
Check Point Software, NVIDIA to Enable Future of Zero-Trust for IoT
As cloud computing continues to transform enterprise IT, cybersecurity will continue to be a top priority for business leaders. NVIDIA and its broad ecosystem of partners are leading the way toward a modern enterprise IT infrastructure that is secure and accelerated.
For the last three decades, global cybersecurity provider Check Point Software has protected thousands of organizations of all sizes and across all industries. NVIDIA and Check Point are bringing a secure, accelerated framework for IoT-connected networks and devices, protecting industrial, enterprise and healthcare environments.
The intersection of NVIDIA DPU and GPU technologies will allow Check Point to further advance the cybersecurity space, leveraging its Infinity NEXT architecture to address the most complex enterprise security challenges.
“Infinity NEXT is the only consolidated security platform that supports many types of assets across network, endpoint, mobile, cloud, workloads and IoT, providing the highest level of security,” said Oded Gonda, vice president of Technology & Innovation at Check Point Software Technologies. “Deploying a cloud-centric, lightweight, nano-agent technology onto the NVIDIA DPU, Check Point Infinity NEXT provides in-depth security within assets and workloads to ensure that the latest security is delivered anywhere without requiring any upgrades.”
Aligned with DevOps and R&D agile delivery, the Infinity NEXT platform is fully compliant with CI/CD processes and offers a full API for automation of deployment processes and configuration management.
Availability
NVIDIA BlueField-2 DPU is available now. BlueField-2X is expected in the first half of next year.
Learn more about NVIDIA BlueField-2 DPUs:
Watch NVIDIA’s Huang recap all the news at GTC in the video below.