As a child, it’s hard to handle the concept of “too much of a good thing”. It seems counter intuitive. There’s no child thinks just a little more ice cream is a bad idea. Yet, if given their druthers, the child quickly learns the effects of a excessive volume of dairy on even the most enthusiastic of digestive systems. This is where adult supervision has to step in and be the responsible one. Big Switch Networks has a product called BigSecure, and it wants to be the responsible adult for your network.
Of course, your network isn’t worried about an excess of frozen dairy deliciousness, but it can suffer from other surfeits. A distributed denial-of-service attack can quickly cause massive disruption. The recent Mirai botnet made this evident. BigSecure is designed specifically to meet these challenges.
The big problem with a DDoS, especially one like Mirai, is how to discern real users in all that volume. If you simply “cut the hardline” and shut the network off, the DDoS was effectively successful, bringing you offline and disrupting business. Mirai made this particularly difficult, with it’s glut of IoT devices directed at the target. An effective solution needs to be able to keep your network running, and identify legitimate traffic from the noise.
BigSecure does this in a number of ways. It begins with their SDN-based solution for leveraging open network switches, their Big Monitoring Fabric (Big Mon if you’re being casual). This sits either on the edge of the data center, or the DMZ, depending on your configuration. This can be used to create security tool service chains, with support for RESTful APIs to allow for multi-tiered interactions. It’s the controller layer upon which their other mitigation tools operate. Additionally, it can also control the fabric switches over which your traffic is flowing, with support for up to 100G.
The actual analysis falls on the Service Nodes, which are controlled and managed by Big Mon. These do deep packet inspection and can do list-based filtering to help mitigate attacks. These nodes scale-out, with Big Switch claiming to have terabit filtering deployments. In normal network conditions, Big Mon takes in this analysis to create traffic baselines, off of which a profile of a standard network is compared.
The overall model is intended to change the linear chain from the Internet to the data center, which generally goes through a firewall, security protocols and antivirus. The BigSecure architecture wants to modify this chain, so that at any given point, when malformed traffic comes in, it has opportunities to mitigate the threat.
Once the DDoS is detected, the BigSecure architecture can work with DDoS mitigation tools, as well as send network telemetry to possibly do tracebacks on the DDoS traffic. The end result is for only your valid traffic to come through.
I got a demo of this in action when Big Switch presented at Networking Field Day last week. In fact, they DDoS’d themselves live during the presentation, just to show off BigSecure, it was pretty cool. Their presentation got into more details of their overall architecture, and the videos are well worth a watch. But DDoS detection seems like it’s only going to be more important for the enterprise as time goes on. With the BigSecure Architecture, Big Switch Networks seems well prepared for the demand.
- Microsoft Edge and the Great Virtual Machine Escape - March 24, 2017
- Five MacBook Pro Dongles That Make Me Sad - March 24, 2017
- A simple command allows the CIA to commandeer 318 models of Cisco switches - March 23, 2017
- FreeNAS Corral Notes & First Impressions - March 23, 2017
- Elastifile: How Bizur - March 23, 2017
- StarWind Gives You a Gateway to the Cloud - March 21, 2017
- Tech Field Day Gets Containerized at DockerCon and Cloud Field Day - March 20, 2017
- Intel Optane Enters the Market - March 20, 2017
- From Windows to Azure – A Change in Focus - March 17, 2017
- AppliedMicro’s X-Gene 3 SoC Begins Sampling: A Step in ARM’s 2017 Server Ambitions - March 17, 2017