Combat  cyber  crimes  with  efficiency  and  scale  by  deploying  FireEye  Threat  Prevention  Platforms,  featuring  advanced  signature-­‐less  protection,  with  SDN-­‐based  Big  Tap  Monitoring  Fabric.  This  solution  achieves  new  levels  of  threat  protection,  while  offering  significant  operational  scale,  simplicity  and  cost  savings.  

1

THE  CHALLENGE  As  seen  by  security  breaches  on  some  of  the  world’s  biggest  brands  and  financial  entities,  today’s  data  centers  need  new  sophisticated  threat  protection  mechanisms.  These  modern  requirements  include:  

• Ubiquitous  network  monitoring:    Traditional  approaches  place  threat  protection  devices  in  locations  across  the  network  that  are  perceived  to  be  more  likely  to  witness  cyber  attacks,  leaving  a  majority  of  the  traffic  unchecked  and  the  network  exposed.  With  the  rise  of  virtualized  networks,  a  broader  approach  to  monitoring  is  needed.    

• Multi-­‐team  coordination:  The  same  strategic  spots  that  demand  high  scrutiny  by  security  administrators  need  to  be  monitored  by  network  administrators  as  well  for  trouble  shooting  and  performance  characterization.  This  requires  multi-­‐team  coordination  for  tap  or  SPAN  port  sharing,  which  can  add  significant  cost  and  operational  complexity.  

• Lower  cost  of  monitoring:  With  constrained  IT  budgets,  ubiquitous  traffic  monitoring  needs  to  be  achieved  at  the  lowest  possible  CAPEX  and  OPEX  costs.  

THE  SOLUTION  FireEye  Threat  Prevention  Platforms  and  the  Big  Tap  Monitoring  Fabric  work  together  to  deliver  an  efficient,  cost-­‐optimized,  datacenter-­‐wide  threat  prevention  system.  The  joint  solution  combines  the  FireEye  signature-­‐less  protection,  which  creates  real-­‐time  threat  intelligence,  along  with  an  SDN-­‐managed  bare-­‐metal  switching  fabric  to  combat  cyber  attacks  with  unmatched  efficiency  and  at  an  unprecedented  scale.  The  scale-­‐out  architecture  of  Big  Tap  monitoring  fabric  enables  centrally  deployed  FireEye  platforms  to  access  network  traffic  from  any  tap  at  any  time  based  on  policies.    Customers  can  realize  the  full  potential  of  datacenter-­‐wide  threat  protection  while  enjoying  the  benefits  of  simplified  management  due  to  co-­‐location  of  the  FireEye  platforms.  

2

THE  SOLUTION  COMPONENTS  FireEye  Threat  Prevention  Platform  FireEye  helps  organizations  combat  sophisticated  attacks  that  easily  bypass  conventional  signature-­‐based  defenses  such  as  next-­‐generation  firewalls,  IPS,  anti-­‐virus,  and  gateways.  FireEye  Threat  Prevention  Platforms  do  not  rely  solely  on  signatures,  so  they  can  identify  and  block  these  threats  in  real  time.  The  core  of  the  FireEye  platform  is  a  virtual  execution  engine,  complemented  by  dynamic  threat  intelligence,  that  empowers  security  teams  to  prevent,  detect,  analyze,  and  respond  to  today’s  advanced  attacks.  The  FireEye  platforms  supplement  traditional  security  defenses,  such  as  traditional  and  next-­‐generation  firewalls,  IPS,  AV,  and  gateways,  in  containing  advanced  malware  from  impacting  the  majority  of  corporate  networks.  

The  Big  Tap  Monitoring  Fabric  The  Big  Tap  Monitoring  Fabric  is  a  next-­‐generation,  multi-­‐tier,  scale-­‐out  solution  that  leverages  commodity  bare-­‐metal  switches  and  software  defined  networking  (SDN)  design  principles.  The  Big  Tap  Controller  fully  manages  multi-­‐tenant  monitoring  policies,  provisions  the  fabric,  programs  the  forwarding  paths  of  monitored  flows,  and  centrally  controls  all  switches  and  their  interconnections.  This  enables  data  center  wide  monitoring  with  the  ability  to  tap  every  rack  and  send  it  to  any  tool.  With  the  ability  to  tunnel  monitoring  traffic,  this  capability  is  being  extended  to  every  location  across  the  enterprise.  In  addition  to  supporting  TAP/SPAN  aggregation,  flow  filtering,  replication,  load  balancing,  and  deep  packet  matching  upto  128  bytes,  Big  Tap  can  also  leverage  Network  Packet  Brokers  (NPBs),  attached  as  service  nodes,  for  packet  modification  functions  such  as  deduplication  and  packet  slicing.  Big  Tap  will  redirect  designated  flows  to  one  or  more  NPB  service  nodes  in  a  service  chain,  as  defined  in  the  associated  monitoring  policy,  prior  to  delivering  these  flows  to  the  FireEye  platform.    

 

Scalable  and  Advanced  Threat  Prevention  with  FireEye  and  Big  Switch    

and  Big  Tap  Monitoring  Fabric              

 

 

Copyright 2014 Big Switch Networks, inc. All rights reserved. Big Switch Networks, Big Cloud Fabric, Big Tap, Switch light oS, and Switch light vSwitch are trademarks or registered trademarks of Big Switch Networks, inc. All other trademarks, service marks, registered marks or registered service marks are the property of their respective owners.Big Switch Net- works assumes no responsibility for any inaccuracies in this document. Big Switch Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice. BSN FireEye At a glance V1 Jan 2015.

 

   

1

KEY  SOLUTION  BENEFITS  • Flexible,  scale-­‐out  deployment:  Thousands  of  1G/10G/40G  ports  

can  be  connected  to  the  Big  Tap  Monitoring  Fabric,  and  tapped  traffic  from  any  port  can  be  automatically  directed  to  any  of  the  FireEye  deployments  for  analysis,  thus  providing  optimal  threat  detection.  This  also  allows  for  all  the  tools  to  be  co-­‐located  in  a  single  administrative  domain  thus  accelerating  deployment  and  enabling  rapid  change  management.  

• Multi-­‐tenant  tool  and  tap  sharing:  The  solution  provides  the  ability  for  multiple  administrators  (SecOps,  NetOps,  DevOps)  to  monitor  the  same  traffic  by  having  it  delivered  simultaneously  to  multiple  devices.  Each  of  these  administrators  act  as  a  tenant  in  the  system  with  ownership  of  their  respective  tools,  and  can  securely  define  policies  through  Big  Tap  Controller’s  role-­‐based  access  control  (RBAC)  capability.  

• Operational  agility  with  Centralized  Programmability:  Monitored  traffic  is  steered  from  a  single,  centralized  management  pane  (GUI,  CLI  or  REST  APIs).  Even  when  more  switches  or  policies  or  tenants  are  added  to  the  fabric,  operational  overhead  of  managing  the  fabric  is  negligible.  Due  to  comprehensive  support  for  REST  APIs,  policies  can  also  be  changed  programmatically  in  real-­‐time  in  response  to  a  specific  trigger  event  on  the  FireEye  platform.  

• Tremendous  cost  savings:  Big  Tap  solution  has  Big  Switch’s  Switch  Light  OS  running  on  bare  metal  switches,  which  are  managed  by  an  SDN  controller  to  form  a  scale-­‐out  fabric  for  monitoring.  This  disaggregation  of  hardware  and  software  allows  significant  cost  reduction  and  hardware  vendor  choice  compared  to  proprietary  NPB  solutions.  Consequently,  for  the  same  budget,  customers  are  able  to  significantly  broaden  FireEye  deployments  across  multiple  vectors.  

 

 

 

2

ABOUT  FIREEYE  FireEye  protects  the  most  valuable  assets  in  the  world  from  those  who  have  them  in  their  sights.  Our  combination  of  technology,  intelligence,  and  expertise  reinforced  with  the  most  aggressive  incident  response  team  helps  eliminate  the  impact  of  security  breaches.  We  find  and  stop  attackers  at  every  stage  of  an  incursion.  With  FireEye,  you’ll  detect  attacks  as  they  happen.  You’ll  understand  the  risk  these  attacks  pose  to  your  most  valued  assets.  And  you’ll  have  the  resources  to  quickly  respond  and  resolve  security  incidents.  The  FireEye  Global  Defense  Community  includes  more  than  2,700  customers  across  67  countries,  including  over  157  of  the  Fortune  500.      

Figure  1:  FireEye  Threat  Prevention  Platforms  deployed  along  with  the  Big  Tap  Monitoring  Fabric