Big Switch Networks today unraveled a wide-ranging group of products aimed at mitigating security attacks, scrutinizing cloud and container environments and improving its existing SDN-based monitoring software.
In the security realm Big Switch rolled out its BigSecure Architecture, a high-performance cyber-defense platform that the company says will help enterprises protect against Terabit-speed attack.
+More on Network World: 20 years ago: Hot sci/tech images from 1996+
“What we are seeing is network attack by thousands of IoT devices [like the recent Dyn DNS attack that hit 1.2Tbps] using massive speed and bandwidth to take down resources. To mitigate against that kind of attack can be cost prohibitive but what we have implemented in BigSecure can help mitigate those attacks,” said Prashant Gandhi, vice president and chief product officer.
Specifically, the BigSecure Architecture implements an SDN-based inline fabric that would be deployed at the data center edge for connecting security tools and the company’s Big Monitoring Fabric Service Node. That device would be a 40G to 160G Intel x86 DPDK-based node, which could be inserted into the fabric with the security service tools. Multiple service nodes can be deployed in a scale-out manner for Terabit filtering and mitigation.
That node would be centrally controlled and managed by the company’s Big Monitoring SDN Controller, for deep-packet and flow inspection and filtering based on whitelist/blacklist of signatures for the purpose of attack mitigation.
Once an attack was detected the traffic would be dumped into what the company called and NFV Tool Farm made up of a pool of x86 compute resources available for hosting security tools in the form of virtual network functions (VNF) in order to elastically scale for Terabit attack traffic.
“Once BigSecure Architecture is instantiated, a security tool detects high-bandwidth attack and interacts with the Big Monitoring Fabric Controller via APIs to redirect incoming traffic for mitigation. Depending on the type of attack, the Big Mon Controller activates SDN fabric and compute resources for attack mitigation, reconfigures the service chain to redirect traffic to mitigation infrastructure, and load-balances traffic across a cluster of Big Mon service nodes and NFV tool farm for scale-out performance. The combination of SDN fabric, Big Monitoring Fabric service nodes and NFV tool farm performs Layer-7 scans of network traffic and blocks those packets/flows that contain attack signatures.”
Big Switch works with a number of third party security tools such as A10 Networks’ Threat Protection System and FireEye Threat Prevention Platform to aid in handling the threat.
For the cloud, container world the company bolstered its Big Monitoring Fabric with a new release of the network packet broker software, 6.0, and adding support for VM-to-VM traffic visibility in VMware environments. The feature eliminates the need for a special monitoring VM in every vSphere host which introduces complexities across virtualization and security teams, adds cost and reduces server performance, the company said.
Big Monitoring Fabric is the company’s flagship monitoring software that lets network operators ensure high-performance delivery of services and applications. Big Monitoring’s controller-based SDN architecture allows remote, centralized control of tool policies and configurations, with management performed through a single interface.
The system now also can monitor container-to-container traffic when deployed on bare-metal hosts or within VMware vSphere VMs. In addition, workloads deployed in public cloud, such as Amazon Web Services (AWS) can also now be monitored.
Big Monitoring Fabric Release 6.0 includes support for a 160G Service Node as well as an Analytics 2.0 to help monitor network resources.
Jim Duffy, a senior analyst with 451 Research, said the Big Switch announcements seem to be targeting competitor Gigamon. “The security architecture will compete with GigaSecure, and the enhancements are an attempt to reach feature parity with Gigamon packet brokers, but in a programmable SDN architecture vs. hardware.”