Combat cyber crimes with efficiency and scale by deploying FireEye Threat Prevention Platforms, featuring advanced signature-‐less protection, with SDN-‐based Big Tap Monitoring Fabric. This solution achieves new levels of threat protection, while offering significant operational scale, simplicity and cost savings.
1
THE CHALLENGE As seen by security breaches on some of the world’s biggest brands and financial entities, today’s data centers need new sophisticated threat protection mechanisms. These modern requirements include:
• Ubiquitous network monitoring: Traditional approaches place threat protection devices in locations across the network that are perceived to be more likely to witness cyber attacks, leaving a majority of the traffic unchecked and the network exposed. With the rise of virtualized networks, a broader approach to monitoring is needed.
• Multi-‐team coordination: The same strategic spots that demand high scrutiny by security administrators need to be monitored by network administrators as well for trouble shooting and performance characterization. This requires multi-‐team coordination for tap or SPAN port sharing, which can add significant cost and operational complexity.
• Lower cost of monitoring: With constrained IT budgets, ubiquitous traffic monitoring needs to be achieved at the lowest possible CAPEX and OPEX costs.
THE SOLUTION FireEye Threat Prevention Platforms and the Big Tap Monitoring Fabric work together to deliver an efficient, cost-‐optimized, datacenter-‐wide threat prevention system. The joint solution combines the FireEye signature-‐less protection, which creates real-‐time threat intelligence, along with an SDN-‐managed bare-‐metal switching fabric to combat cyber attacks with unmatched efficiency and at an unprecedented scale. The scale-‐out architecture of Big Tap monitoring fabric enables centrally deployed FireEye platforms to access network traffic from any tap at any time based on policies. Customers can realize the full potential of datacenter-‐wide threat protection while enjoying the benefits of simplified management due to co-‐location of the FireEye platforms.
2
THE SOLUTION COMPONENTS FireEye Threat Prevention Platform FireEye helps organizations combat sophisticated attacks that easily bypass conventional signature-‐based defenses such as next-‐generation firewalls, IPS, anti-‐virus, and gateways. FireEye Threat Prevention Platforms do not rely solely on signatures, so they can identify and block these threats in real time. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, that empowers security teams to prevent, detect, analyze, and respond to today’s advanced attacks. The FireEye platforms supplement traditional security defenses, such as traditional and next-‐generation firewalls, IPS, AV, and gateways, in containing advanced malware from impacting the majority of corporate networks.
The Big Tap Monitoring Fabric The Big Tap Monitoring Fabric is a next-‐generation, multi-‐tier, scale-‐out solution that leverages commodity bare-‐metal switches and software defined networking (SDN) design principles. The Big Tap Controller fully manages multi-‐tenant monitoring policies, provisions the fabric, programs the forwarding paths of monitored flows, and centrally controls all switches and their interconnections. This enables data center wide monitoring with the ability to tap every rack and send it to any tool. With the ability to tunnel monitoring traffic, this capability is being extended to every location across the enterprise. In addition to supporting TAP/SPAN aggregation, flow filtering, replication, load balancing, and deep packet matching upto 128 bytes, Big Tap can also leverage Network Packet Brokers (NPBs), attached as service nodes, for packet modification functions such as deduplication and packet slicing. Big Tap will redirect designated flows to one or more NPB service nodes in a service chain, as defined in the associated monitoring policy, prior to delivering these flows to the FireEye platform.
Scalable and Advanced Threat Prevention with FireEye and Big Switch
and Big Tap Monitoring Fabric
Copyright 2014 Big Switch Networks, inc. All rights reserved. Big Switch Networks, Big Cloud Fabric, Big Tap, Switch light oS, and Switch light vSwitch are trademarks or registered trademarks of Big Switch Networks, inc. All other trademarks, service marks, registered marks or registered service marks are the property of their respective owners.Big Switch Net- works assumes no responsibility for any inaccuracies in this document. Big Switch Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice. BSN FireEye At a glance V1 Jan 2015.
1
KEY SOLUTION BENEFITS • Flexible, scale-‐out deployment: Thousands of 1G/10G/40G ports
can be connected to the Big Tap Monitoring Fabric, and tapped traffic from any port can be automatically directed to any of the FireEye deployments for analysis, thus providing optimal threat detection. This also allows for all the tools to be co-‐located in a single administrative domain thus accelerating deployment and enabling rapid change management.
• Multi-‐tenant tool and tap sharing: The solution provides the ability for multiple administrators (SecOps, NetOps, DevOps) to monitor the same traffic by having it delivered simultaneously to multiple devices. Each of these administrators act as a tenant in the system with ownership of their respective tools, and can securely define policies through Big Tap Controller’s role-‐based access control (RBAC) capability.
• Operational agility with Centralized Programmability: Monitored traffic is steered from a single, centralized management pane (GUI, CLI or REST APIs). Even when more switches or policies or tenants are added to the fabric, operational overhead of managing the fabric is negligible. Due to comprehensive support for REST APIs, policies can also be changed programmatically in real-‐time in response to a specific trigger event on the FireEye platform.
• Tremendous cost savings: Big Tap solution has Big Switch’s Switch Light OS running on bare metal switches, which are managed by an SDN controller to form a scale-‐out fabric for monitoring. This disaggregation of hardware and software allows significant cost reduction and hardware vendor choice compared to proprietary NPB solutions. Consequently, for the same budget, customers are able to significantly broaden FireEye deployments across multiple vectors.
2
ABOUT FIREEYE FireEye protects the most valuable assets in the world from those who have them in their sights. Our combination of technology, intelligence, and expertise reinforced with the most aggressive incident response team helps eliminate the impact of security breaches. We find and stop attackers at every stage of an incursion. With FireEye, you’ll detect attacks as they happen. You’ll understand the risk these attacks pose to your most valued assets. And you’ll have the resources to quickly respond and resolve security incidents. The FireEye Global Defense Community includes more than 2,700 customers across 67 countries, including over 157 of the Fortune 500.
Figure 1: FireEye Threat Prevention Platforms deployed along with the Big Tap Monitoring Fabric