CONFIGURABLE NETWORK SECURITY

摘要

According to an example, configurable network security may include receiving data flows directed to end node modules of a server, and selecting data flows from the received data flows based on an analysis of attributes of the received data flows. The selected data flows may be less than the received data flows. A number of IPS data plane modules of the server that are available for inspection of the selected data flows may be determined. The selected data flows may be distributed between the IPS data plane modules based on the determined number of the IPS data plane modules. The distributed data flows may be inspected using the IPS data plane modules to identify malicious and benign data flows, and to determine whether to drop the malicious data flows, direct the malicious data flows to a predetermined destination, or forward the benign data flows to the end node modules.

主权项

1. A non-transitory computer readable medium having stored thereon machine readable instructions to provide configurable network security, the machine readable instructions, when executed, cause at least one processor to:
receive data flows directed to end node modules of a server; select data flows from the received data flows based on an analysis of attributes of the received data flows, wherein the selected data flows are less than the received data flows; determine a number of intrusion prevention system (IPS) data plane modules of the server that are available for inspection of the selected data flows; distribute the selected data flows between the IPS data plane modules based on the determined number of the IPS data plane modules; and inspect the distributed data flows using the IPS data plane modules to identify malicious and benign data flows, and to determine whether to drop the malicious data flows, direct the malicious data flows to a predetermined destination, or forward the benign data flows to the end node modules of the server.