Big Switch Networks debuts BigSecure Architecture to offer cyber-defense at terabit performance
Big Switch Networks announced Monday updates to its SDN-based Big Monitoring Fabric (Big Mon) product line. The company is introducing BigSecure Architecture, a dynamic, high-performance cyber-defense platform that enables terabit attack mitigation, and is extending pervasive visibility use cases for cloud-native application traffic, which includes dynamic monitoring of virtual machines, containers and public cloud environments.
With Big Switch’s BigSecure Architecture organizations are able to deploy a dynamic, high-performance cyber-defense solution, at affordable price points. The solution enables existing security tools to leverage an externalized elastic attack mitigation infrastructure consisting of the underlying network and a pool of x86-based compute resources.
The BigSecure Architecture includes an SDN-based inline fabric deployed at the data center edge or in the DMZ for connecting security tools and creating service chains; the Big Monitoring Fabric SDN controller supports programmatic operations through RESTful APIs for dynamic multi-system interactions, dynamic load balancing of tools and dynamic reconfiguration of security service chain.
The Big Monitoring Fabric Service Node, which is a high performance (40G to 160G) Intel x86 DPDK-based service node, centrally controlled and managed by the Big Mon SDN Controller, for deep-packet and flow inspection and filtering based on whitelist/blacklist of signatures for the purpose of attack mitigation. With the aid of the Big Mon Controller, it can be dynamically inserted into security service chains to guarantee front-line attack mitigation. Multiple service nodes can be deployed in a scale-out manner for Terabit filtering and mitigation.
The NFV Tool Farm includes a pool of x86 compute resources available for hosting security tools in the form of virtual network functions (VNFs) in order to elastically scale them for Terabit attack mitigation. Big Monitoring Fabric programmatically augments service chains as well as load balances across a large set of tool VNFs.
Third party security tools such as A10 Networks’ Threat Protection System that detect and mitigate sophisticated attacks, leverage L2-L7 attack mitigation capabilities of the high-speed SDN fabric, service nodes and NFV tool farm, and interact programmatically with the Big Mon controller for dynamic attack mitigation.
Open Hardware using industry-standard 10G/40G/100G Ethernet switches from Dell EMC and Edgecore Networks operating at multi-terabit bandwidth, centrally controlled and managed by the Big Monitoring Fabric controller; industry-standard x86 servers for SDN controllers, service nodes and NFV tool farm.
Once BigSecure Architecture is instantiated, a security tool detects high-bandwidth attack and interacts with the Big Monitoring Fabric Controller via programmatic APIs to redirect incoming traffic for elastic mitigation. Depending on the type of attack, the Big Mon Controller activates SDN fabric and compute resources for attack mitigation, reconfigures the service chain to redirect traffic to mitigation infrastructure, and load-balances traffic across a cluster of Big Mon service nodes and NFV tool farm for scale-out performance.
The combination of SDN fabric, Big Mon service nodes and NFV tool farm performs Layer-7 scans of network traffic and blocks those packets/flows that contain attack signatures. With BigSecure, security teams are able to deploy dynamic cyber-defense architecture that provides elastic, Terabit-scale attack mitigation capability at an affordable price while continuing to leverage best-of-breed security tools.
In addition to Terabit-scale mitigation, BigSecure Architecture also exports flow telemetry (NetFlow, sFlow) of network traffic to anomaly-detection/traffic visibility systems, which provide the ability to detect, classify, and traceback a variety of attacks.
Big Monitoring Fabric is a next-generation network packet broker (NPB) that leverages SDN principles, Open Networking switches and a high-performance x86-based DPDK service node to provide feature-rich, scale-out data center monitoring at up to 50 perent lower cost than traditional NPBs.
Big Monitoring Fabric supports 1G, 10G, 40G and 100G for demanding and high volume network monitoring and security environments. Customer use cases for Big Monitoring Fabric include: monitor every rack, monitor every location, monitor mobile/LTE networks and DMZ/Extranet Inline security.
The rise of cloud-native applications, in the form of virtual machines (VMs) and containers has driven up east-west traffic within the data center, leading to tremendous visibility and security challenges. When applications are deployed in public clouds, consistent architecture for application traffic visibility becomes necessary.
Big Switch launched the “monitor every rack” use case for comprehensive east-west traffic monitoring of bare-metal and VM traffic at affordable price points. With this release, Big Switch introduces new capabilities in Big Monitoring Fabric, leveraging programmatic interactions, to enable pervasive visibility and security of any workload, anywhere.
The offering will deliver dynamic VM monitoring with VM-to-VM traffic visibility in VMware environments leveraging programmatic interactions between Big Monitoring Fabric controller and VMware vSphere VMs; this alleviates the need for a special monitoring VM in every vSphere host which introduces operational complexities across virtualization and security teams, adds cost and reduces server performance.
It also includes container monitoring to enable container-to-container traffic visibility when deployed on bare-metal hosts or within VMware vSphere VMs; apart from public cloud monitoring to deliver traffic visibility for workloads deployed in public cloud, such as Amazon Web Services (AWS).
Big Monitoring Fabric Release 6.0 is currently in beta and will be generally available in the first quarter of next year.