Reg comments4

Big Switch takes big bet it can beat off big denial of service attacks

Yuge attacks. The best attacks. Terabit-scale attacks from internet things

Big Switch Networks is taking aim at the kinds of IoT-based attacks that have rocked the Internet this year.

Headlining its BigSecure Architecture release today is a service chaining solution the company's chief product officer Prashant Gandhi told Vulture South can scale up to deflect a terabit-scale attack in about ten minutes, but will also “give you the ability to survive for hours”.

For a purely volumetric attack, Gandhi said the software-defined networking (SDN) controller in the demilitarised zone (DMZ) can reconfigure the service chain “so the traffic is redirected to the [security] infrastructure for mitigation”.

The controller then uses flow-based policies and access control lists to tell switches to drop the attack traffic.

However, as we've seen in the attacks against Dyn's domain name services and Krebsonsecurity.com, Mirai-based botnet attacks may be volumetric but they're coming from a host of different source IP addresses – all those compromised Internet of Things devices.

“You can leverage a pool of x86 services,” Gandhi said. “The virtual machines can be scaled out, and the SDN allows the traffic to be distributed across the servers.”

Putting the defences in software on a bunch of x86 servers isn't expensive, making it affordable to activate the defences only when they're needed.

That's where the fast response comes from, Gandhi said: it should be possible to activate, program, and validate the infrastructure within ten minutes or so when an attack is detected.

BigSecure arrives as part of the latest round of updates to Big Switch Networks' Big Monitoring Fabric. A deployment comprises its Big Monitoring Fabric SDN controller; a BMF Service Node (a 40 Gbps to 150 Gbps Intel DPDK-based node that handles filtering, deep packet inspection, service flow inspection, and filtering); and a pool of x86 resources providing the network function virtualisation (NFV) tool farm.

Third party tools like A10 Networks threat protection are supported, and the whole lot's designed to run on white-box Ethernet from outfits like Dell EMC and Edgecore Networks.

Cloud monitoring

The company has also announced it's expanding its SDN monitoring capability to cover customers' cloud deployments, which it says “drives up east-west traffic in the data centre”.

The cloud capabilities in Big Monitoring Fabric include:

  • Dynamic VM monitoring – watching over traffic between virtual machines in VMware vSphere, so users don't need a monitoring VM in every host;
  • Container monitoring – watching traffic between containers either on bare metal hosts or in vSphere environments; and
  • Public cloud monitoring.

For public monitoring, Gandhi explained, Big Switch is extending the fabric into Amazon EC2 environments, so the cloud-side traffic can be replicated. Tools can reside either in Amazon, or what they capture can be backhauled to the enterprise's Big Monitoring Fabric.

The choice of deployment models, he said, lets customers maintain consistent policy even when some of its workloads reside in Amazon. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017