Big Switch Networks has announced significant updates to its SDN-based Big Monitoring Fabric (Big Mon) product line. The update includes the introduction of BigSecure Architecture – a dynamic, high-performance cyber-defense platform that enables Terabit attack mitigation.
“Our mission is to provide next-generation data center networking solutions so that our customers can experience the true benefits of a software-defined data center,” said Douglas Murray, CEO of Big Switch Networks. “With our introduction of BigSecure Architecture and cloud-native application monitoring, we are arming customers with next-generation data center security and visibility solutions they need to defend their networks and monitor their cloud-based applications.”
The company is also extending Pervasive Visibility use cases for cloud-native application traffic, which includes dynamic monitoring of VM, Containers and Public Cloud environments.
With Big Switch’s BigSecure Architecture organizations would be able to deploy a dynamic, high-performance cyber-defense solution. The solution enables existing security tools to leverage an externalized elastic attack mitigation infrastructure consisting of the underlying network and a pool of x86-based compute resources.
Specifically, Big Switch Networks’ BigSecure Architecture includes:
- Big Monitoring Fabric – an SDN-based inline fabric deployed at the data center edge or in the DMZ for connecting security tools and creating service chains; the Big Monitoring Fabric SDN controller supports programmatic operations through RESTful APIs for dynamic multi-system interactions, dynamic load balancing of tools and dynamic reconfiguration of security service chain.
- Big Monitoring Fabric Service Node – a high performance (40G to 160G) Intel x86 DPDK-based service node, centrally controlled and managed by the Big Mon SDN Controller, for deep-packet and flow inspection and filtering based on whitelist/blacklist of signatures for the purpose of attack mitigation. With the aid of the Big Mon Controller, it can be dynamically inserted into security service chains to guarantee front-line attack mitigation. Multiple service nodes can be deployed in a scale-out manner for Terabit filtering and mitigation.
- NFV Tool Farm – a pool of x86 compute resources available for hosting security tools in the form of virtual network functions (VNFs) in order to elastically scale them for Terabit attack mitigation. Big Monitoring Fabric programmatically augments service chains as well as load balances across a large set of tool VNFs.
- Security Tools – 3rd party security tools (such as A10 Networks’ Threat Protection System) that detect and mitigate sophisticated attacks, leverage L2-L7 attack mitigation capabilities of the high-speed SDN fabric, service nodes and NFV tool farm, and interact programmatically with the Big Mon controller for dynamic attack mitigation.
- Open Hardware – industry-standard 10G/40G/100G Ethernet switches from Dell EMC and Edgecore Networks operating at multi-terabit bandwidth, centrally controlled and managed by the Big Monitoring Fabric controller; industry-standard x86 servers for SDN controllers, service nodes and NFV tool farm.
Once BigSecure Architecture is instantiated, a security tool detects high-bandwidth attack and interacts with the Big Monitoring Fabric Controller via programmatic APIs to redirect incoming traffic for elastic mitigation. Depending on the type of attack, the Big Mon Controller activates SDN fabric and compute resources for attack mitigation, reconfigures the service chain to redirect traffic to mitigation infrastructure, and load-balances traffic across a cluster of Big Mon service nodes and NFV tool farm for scale-out performance.
The combination of SDN fabric, Big Mon service nodes and NFV tool farm performs Layer-7 scans of network traffic and blocks those packets/flows that contain attack signatures. In addition to Terabit-scale mitigation, BigSecure Architecture also exports flow telemetry (NetFlow, sFlow) of network traffic to anomaly-detection/traffic visibility systems, which provide the ability to detect, classify, and traceback a variety of attacks.
With this release, Big Switch would introduce new capabilities in Big Monitoring Fabric, leveraging programmatic interactions, to enable pervasive visibility and security of any workload, anywhere. Specifically:
- Dynamic VM Monitoring – VM-to-VM traffic visibility in VMware environments by leveraging programmatic interactions between Big Monitoring Fabric controller and VMware vSphere VMs; this alleviates the need for a special monitoring VM in every vSphere host which introduces operational complexities across virtualization and security teams, adds cost and reduces server performance.
- Container Monitoring – Container-to-container traffic visibility when deployed on bare-metal hosts or within VMware vSphere VMs.
- Public Cloud Monitoring – Traffic visibility for workloads deployed in public cloud, such as Amazon Web Services (AWS Cloud).