Broadcom has introduced new network-level encryption devices with post-quantum cryptography that eliminate the weaknesses that leave application-level encryption practices susceptible to most ransomware attacks.
The company’s Emulex Secure Fibre Channel Host Bus Adapters (HBA) encrypt all data as it moves between servers and storage devices, providing network-level security rather than incorporating encryption of applications on an individual basis. Significantly, this translates to real-time detection of ransomware attacks, that application-level encryption does not provide.
Broadcom’s new HBAs comply with the recent post-quantum cryptography standards from the National Institute of Standards and Technology, as well as mandates such as the US Commercial National Security Algorithm (CNSA) 2.0, the European Union’s Network and Information Security (NIS) 2, Digital Operational Resilience Act (DORA), and others that have been developed to bring enterprises into the age of post-quantum encryption and zero trust security architectures.
Jeff Hoogenboom, vice president and general manager, Emulex Connectivity Division, Broadcom, told Fierce Electronics, “Zero trust principles, and specifically network-based encryption, are key to protecting against the collection and exfiltration of critical business data. The most sensitive business data often has value that extends well into the future. It is widely assumed that well-funded malicious actors are storing some of that data for decryption in the future, when new Gen AI or quantum methods enable that capability. Post-quantum encryption is designed to be resistant to both current and future decryption methods.”
The post-quantum protections provided by the Emulex Secure Fibre Channel HBAs include silicon-root-of-trust, digital signing and key encryption, as well as in-flight encryption, Hoogenboom said.
He added that “a majority of Emulex customers will have capability of using in-flight encryption in 2025, regardless of segment. The reason is that all of the multinational server OEMs have decided to make the Emulex Secure HBA their standard offering starting with the new Intel platform launches that will happen this spring. Further, many of the storage array OEMs have decided to offer the Emulex Secure HBA starting as early as the second half of 2025.”
That rollout should be welcomed by enterprises that continue to be inundated with weekly reports of new ransomware attacks capable of gouging their financial resources. Broadcom referred to a Ponemon Institute study that put the average cost of a single ransomware attack last year at about $5.37 million, and these attacks are only expected to become larger and more sophisticated with growing use of generative AI and near-future deployment of more quantum computers.
Broadcom’s HBAs may offer a practical way of fighting back against this trend, as they leverage existing Fibre Channel infrastructure widely deployed in many data centers, and at less cost and complexity that application encryption, Hoogenboom said.
“From a business perspective, until today, customers have only had one option to protect their data via encryption, which is to encrypt one application at a time,” he stated. “The application-based encryption approach introduces complex and costly key management, it eliminates the ability to compress and dedupe storage, and most importantly, it destroys the ability to recognize a ransomware attack in real-time. Emulex Secure HBAs encrypt all data without introducing any of these restrictions.”
The company’s 32G and 64G Secure HBAs are available now in one-port, two-port, and four-port configurations.