As a child, it’s hard to handle the concept of “too much of a good thing”. It seems counter intuitive. There’s no child thinks just a little more ice cream is a bad idea. Yet, if given their druthers, the child quickly learns the effects of a excessive volume of dairy on even the most enthusiastic of digestive systems. This is where adult supervision has to step in and be the responsible one. Big Switch Networks has a product called BigSecure, and it wants to be the responsible adult for your network.
Of course, your network isn’t worried about an excess of frozen dairy deliciousness, but it can suffer from other surfeits. A distributed denial-of-service attack can quickly cause massive disruption. The recent Mirai botnet made this evident. BigSecure is designed specifically to meet these challenges.
The big problem with a DDoS, especially one like Mirai, is how to discern real users in all that volume. If you simply “cut the hardline” and shut the network off, the DDoS was effectively successful, bringing you offline and disrupting business. Mirai made this particularly difficult, with it’s glut of IoT devices directed at the target. An effective solution needs to be able to keep your network running, and identify legitimate traffic from the noise.
BigSecure does this in a number of ways. It begins with their SDN-based solution for leveraging open network switches, their Big Monitoring Fabric (Big Mon if you’re being casual). This sits either on the edge of the data center, or the DMZ, depending on your configuration. This can be used to create security tool service chains, with support for RESTful APIs to allow for multi-tiered interactions. It’s the controller layer upon which their other mitigation tools operate. Additionally, it can also control the fabric switches over which your traffic is flowing, with support for up to 100G.
The actual analysis falls on the Service Nodes, which are controlled and managed by Big Mon. These do deep packet inspection and can do list-based filtering to help mitigate attacks. These nodes scale-out, with Big Switch claiming to have terabit filtering deployments. In normal network conditions, Big Mon takes in this analysis to create traffic baselines, off of which a profile of a standard network is compared.
The overall model is intended to change the linear chain from the Internet to the data center, which generally goes through a firewall, security protocols and antivirus. The BigSecure architecture wants to modify this chain, so that at any given point, when malformed traffic comes in, it has opportunities to mitigate the threat.
Once the DDoS is detected, the BigSecure architecture can work with DDoS mitigation tools, as well as send network telemetry to possibly do tracebacks on the DDoS traffic. The end result is for only your valid traffic to come through.
I got a demo of this in action when Big Switch presented at Networking Field Day last week. In fact, they DDoS’d themselves live during the presentation, just to show off BigSecure, it was pretty cool. Their presentation got into more details of their overall architecture, and the videos are well worth a watch. But DDoS detection seems like it’s only going to be more important for the enterprise as time goes on. With the BigSecure Architecture, Big Switch Networks seems well prepared for the demand.