Big Switch Networks added new network visibility and security features to its data center monitoring fabric. The updates give Big Monitoring Fabric (Big Mon) network time-machine powers to replay past conversations across users and applications with one click, the company says.
Big Mon Recorder Node, the new packet recorder software, allows data recording, querying and replay. This gives IT teams a historical record of the exact moment a service anomaly occurred, enabling them to determine root cause and predict future trends.
Big Mon Analytics Node provides deep network visibility so administrators can monitor and troubleshoot network and application performance issues and speed up discovery of the root cause of security breaches. It also acts as a collector for Netflow and Sflow packets. It has customizable GUI dashboards that support Google-like searches, and it provides various reporting and alerting functions.
“By putting these capabilities together, integrated through our SDN controller, customers are able to automate these workloads and create that network time machine that many networking people have been asking for,” said Prashant Gandhi, chief product officer at Big Switch Networks.
Big Mon uses software-defined networking (SDN) controls, a scale-out fabric architecture based on open networking switches, and DPDK-powered x86 servers. The company’s SDN-based controller manages the components, including the new Recorder Node and Analytics Node.
Later this year, the data center monitoring fabric will add support for public cloud environments, Gandhi said. He declined to provide a more specific timeframe.
“We see the journey continuing to extend to cloud environments — Amazon, Azure — as well as bringing machine learning so that additional AI-driven anomaly detection can take place and workloads can be even further automated without manual intervention,” Gandhi said.
University of Oklahoma Deployment
The University of Oklahoma deployed Big Mon nearly two years ago, and more recently deployed Big Mon Analytics Node and Recorder Node to address challenges including unauthorized application and device sprawl, capacity planning, and threat mitigation.
It uses Analytics Node to make its other security tools more efficient, according to university administrators. When it gets a phishing email, administrators try to find out how many users replied or visited the website in the email or submitted their credentials to a website. Additionally, the university uses Recorder Node to enable a full packet capture device to match users to IP’s on its network in order to determine who submitted credentials.
While phished user passwords are immediately reset, Big Mon allows the university to determine if credentials were used for malicious activity and to monitor accounts for possible login from external IPs.
The new analytics and recording tools “provided us with an efficient, cost-effective, and scalable way to address multiple challenges that we faced due to having an open network,” said Aaron Baillio, managing director, security operations and architecture at the University of Oklahoma, in a statement. “Analytics Node together with the packet capture capability of the Recorder Node has allowed us to reinforce security posture by rapid impact analysis and mitigation of compromised user credentials.”