Cybercrime cost the American public more than $4 billion in reported losses over the course of 2020, according to the FBI. To stay ahead of emerging threats, Palo Alto Networks has developed the first virtual next-generation firewall (NGFW) designed to be accelerated by NVIDIA’s BlueField data processing unit (DPU).
The DPU accelerates packet filtering and forwarding by offloading traffic from the host processor to dedicated hardware that is separate from the server CPU. The solution delivers the intrusion prevention and advanced security capabilities of Palo Alto Networks’ virtual NGFWs to every server without sacrificing network performance. It also allows network flows that were previously impossible or impractical to inspect by intelligently screening the relevant parts of the flow and offloading the rest to the DPU.
This hardware-accelerated software NGFW is a milestone in boosting software firewall performance and maximizing data center security coverage and efficiency by being first to market to be accelerated by a DPU.
The recently announced DPU-enabled Palo Alto Networks VM-Series NGFW uses zero trust network security principles. The DPU operates as an intelligent network filter to parse, classify and steer traffic flows with zero ReCPU overhead, which enables the NGFW to support close to 100Gb/s throughput for typical use cases. This is a 5x performance boost versus running the VM-Series firewall on a CPU alone — and up to 150 percent capex savings compared to legacy hardware.
“As enterprises and telcos build cloud-like data centers, they need the agility and automation of the cloud without compromising performance. Together with NVIDIA, we are turbocharging our VM-Series virtual ML-powered NGFWs,” said Muninder Singh Sambi, senior vice president of Products at Palo Alto Networks. “The industry-leading NVIDIA BlueField DPU is ideal for cybersecurity solutions operating in cloud-like environments.”
The first BlueField-enabled NGFW to market, the VM-Series enables application-aware segmentation, prevents malware, detects new threats and stops data exfiltration with the BlueField DPU offloading the host processor to accelerate packet filtering and forwarding functionality.