Big Switch Unveils Advanced Network Telemetry for Pervasive Security and Deeper Visibility

Big Mon Recorder and Analytics Nodes Enable Traffic Capture and App-aware Analytics for Cloud-Native Network Defense & Rapid Remediation at Scale


SANTA CLARA, Calif., April 26, 2018 (GLOBE NEWSWIRE) -- Big Switch Networks®, The Next-Generation Data Center Networking Company, today unveiled new innovations for Big Monitoring FabricTM (Big Mon) that enable network and security operations teams to capture cloud-native data center network traffic at scale, and provide deep application-level analytics. Big MonTM Recorder Node allows high-performance packet recording, querying and replay functions, and Big MonTM Analytics Node provides unprecedented network visibility to monitor, discover and troubleshoot network and application performance issues as well as accelerate root cause of security breach discovery.

With Big Mon Recorder and Analytics Nodes, customers can now achieve deep network telemetry for both cloud-based and traditional data center environments and have the ability to replay past conversations across users and applications with a single-click.  Architecture flexibility allows Big Mon to easily extend to multi-cloud environments, including hybrid cloud and public cloud deployments.

“Big Switch has pioneered the use of cloud-native networking architectures to achieve pervasive network visibility and enhanced network security,” said Prashant Gandhi, Chief Product Officer, Big Switch Networks. “With the launch of Analytics Node and Recorder Node, Big Switch further distances itself from legacy box-based solutions, offering unmatched network telemetry to achieve root cause analysis, breach mitigation, and faster mean time to resolution.”

It is estimated that nearly 8.5 billion devices are connected to the Internet today. In order to support the digital economy, cloud-native applications are being developed and deployed at increasing rates to collect and optimize the vast amounts of data being generated. The nature of cloud-native applications generates a significant increase in East-West network traffic, providing new attack vectors beyond the hardened DMZ-protected North-South traffic. Unfortunately, the volume, velocity and sophistication of cyber attacks are also intensifying, resulting in the need for pervasive network security and visibility solutions. To mitigate against cyber attacks, network packet brokers (NPBs) are required as part of a holistic network security strategy. Traditional box-based, hardware-centric NPBs are architecturally constrained to meet emerging security and visibility demands of cloud-native data centers.

The University of Oklahoma deployed Big Monitoring Fabric nearly two years ago. Initially the University made the decision to replace an incumbent legacy NPB solution with Big Mon, due to its ease-of-use, and the versatility of the product appealed to its innovative IT team. Additionally, the University has achieved twice the visibility at nearly 50% CAPEX savings. The University has since deployed both Big Mon Analytics Node and Recorder Node in order to address the following challenges: Unauthorized Application and Device Sprawl, Capacity Planning and Threat Mitigation. The University already used multiple security tools, Analytics Node is being leveraged to optimize tool usage and make them more efficient. According to The University, when it gets a Phish, they try to find out how many users replied or visited the website in the email or submitted their credentials to a website. Given BRO doesn’t capture the POST data by default, the University relies on Big Mon Recorder Node, to enable a full packet capture device to match users to IP’s on its network in order to easily determine who submitted credentials. While Phished user passwords are immediately reset, the University leverages Big Mon to determine if credentials were used for malicious activity, and to monitor accounts for possible login from external IP’s.

“As a leading public University, which serves a very large number of users, Analytics Node and Recorder Node have provided us with an efficient, cost-effective and scalable way to address multiple challenges that we faced due to having an open network,” said Aaron Baillio, Managing Director, Security Operations and Architecture, University of Oklahoma. “Analytics Node together with the packet capture capability of the Recorder Node has allowed us to reinforce security posture by rapid impact analysis and mitigation of compromised user credentials.”

Inspired by the design principles of hyperscale operators, Big Switch’s Big Mon leverages SDN controls, a fabric architecture based on open networking (britebox/whitebox) switches and DPDK-powered x86 servers to deploy highly scalable, agile, flexible and cost-effective network visibility and security solutions. This next-generation NPB architecture is highly flexible, with fabric switches providing L2-L4 filtering at line rate, while DPDK-based x86 nodes provide high-speed packet-level and flow-level services with Big Mon Service Node, recording and playback with Big Mon Recorder Node and deep application-level visibility with Big Mon Analytics Node. All of the components are fully controlled and managed by the Big Mon Controller, thus enabling organizations to deploy large scale monitoring fabrics within existing OpEx budget. Big Mon architecture is also inherently scale-out, allowing customers to start with a single monitoring switch, and grow the fabric on an as-needed basis. Big Mon Service Node, Recorder Node and Analytics Node can be deployed in clusters to enable independent scale-out.

"Big Switch is bringing cloud-scale analytics and integrated packet flow recording to multi-cloud software-defined infrastructure,” said Stephen Collins, Principal Analyst, ACG Research Network Visibility and Analytics. “The Analytics Node and Recorder Node offer organizations a simple and more cost-effective solution for rapidly detecting performance anomalies, identifying security issues and conducting forensic analysis.”

Big Mon Recorder Node - Next-gen Packet Recorder
With vast amounts of data traversing the data center network, traditional packet capture solutions are unable to efficiently and affordably scale. The need for a next-gen packet capture solution for forensic analysis of events and inefficiencies is clear. Recorded data allows network IT teams to replay the specifics of an event and provides them with the necessary context to solve operational and security threats, by retrieving a historical record of the exact moment a service anomaly occurred, in order to derive root cause and predict future trends.

Big Mon Recorder Node is high-performance packet recorder software, deployed on a commodity x86-based server. The Big Mon SDN controller automatically discovers the Recorder Node, ensuring a single point of configuration and device lifecycle management. Multiple Recorder Nodes can be strung together, allowing end-users to store more network traffic for longer periods and retrieve them via the Big Mon Controller or Analytics Node with agility and simplicity.

Big Mon Recorder Node Benefits:

  • Feature-rich packet capture, query and replay functions
  • Programmable and scriptable via REST APIs
  • Supports PTP / NTP based timestamping of recorded packets
  • Works on an industry standard x86 server with 160TB storage and 10G NIC
  • Easy-to-use, Scale-out, High-Performance
  • Integrates with the Big Mon Controller to enable centralized configuration and operational workflows via Big Mon Controller
  • Supports Big Mon Analytics Node-powered event-triggered automated packet capture workflows
  • Integrates with Big Mon Service Node for applying advanced packet functions to filter or massage the traffic, prior to sending it to the recorder: de-duplication, packet slicing, packet masking, header stripping, regular expression matching (DPI) and netflow generation

Big Mon Analytics Node - Deeper Visibility and Alerting
Network visibility is the key to optimizing and securing production networks. But as the volume of data flowing through a data center continues to grow, packet flow becomes increasingly fragmented, making network visibility more opaque. No matter the size of a data center network, analysis is critical to identify high-bandwidth applications and flows, determine network traffic utilization trends, find hotspots in the network, identify possible security issues and to perform historical analysis.

Big Mon Analytics Node provides scale-out analytics with configurable, historical time-series based dashboards for performance, hosts and security. It also acts as a collector for Netflow and Sflow packets. The highly intuitive and customizable GUI dashboards support a Google-like search to quickly drill down and focus on the possible issues. It not only provides a variety of reporting and alerting functions, but also allows the user to easily share a custom dashboard view with other team members for collaborative analysis, troubleshooting and remediation.

Analytics Node Benefits:

  • Supports various Health / Capacity Planning / Troubleshooting dashboards
  • Supports Performance views like Top Talkers, Top Apps, TCP connection / latency tracking, etc
  • Supports Security views displaying Rogue DHCP/ DNS servers, identifies IP / MAC Spoofing, etc
  • Support various Host views like New Hosts seen, DHCP OS fingerprinting, etc
  • Supports Automatic alerting on exceeding various thresholds like link utilization, etc
  • Supports sFlow/NetFlow collection to provide real-time application level visibility, including tunneled or encapsulated traffic, enable detection of security attacks like DoS/DDoS and support sub-second triggering
  • Easy-to-use, Scale-out, High-Performance
  • Integrated / centralized configuration and operational workflows via Big Mon Controller
  • Works on an industry standard x86 server with 128G RAM, 2TB SSD storage and 10G NIC

Supporting Materials

About Big Switch Networks
Big Switch Networks is the Next-Generation Data Center Networking Company. We disrupt the status quo of networking by designing intelligent, automated, and flexible networks for our customers around the world. We do so by leveraging the principles of software-defined networking (SDN), coupled with a choice of industry-standard hardware. Big Switch Networks has two solutions: Big Monitoring Fabric, a next-generation network packet broker, which enables pervasive security and monitoring of data center and cloud traffic for inline or out-of-band deployments and Big Cloud Fabric, the industry's first next-generation switching fabric that allows for choice of switching hardware for OpenStack, VMware, Container, and Big Data use cases. Big Switch Networks is headquartered in Santa Clara, CA. For additional information, email info@bigswitch.com, visit www.bigswitch.com or follow us on Twitter @bigswitch, LinkedIn and YouTube.

Copyright 2018 Big Switch Networks, Inc. All rights reserved. Big Switch Networks, the Big Switch logo, Big Cloud Fabric, Big Mon, Big Monitoring Fabric, BMF, BigSecure, Big Switch Labs, Big Tap, BSN,  Switch Light, ONL Certified, and ONL Certified Gold, ONLX are trademarks or registered trademarks of Big Switch Networks, Inc. in the U.S. and other countries. All other trademarks, service marks, registered marks or registered service marks are the property of their respective owners. Big Switch Networks assumes no responsibility for any inaccuracies in this document. Big Switch Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.

Analyst & Media Contact
Kate Lehman
kate.lehman@gmail.com