Big Switch Beefs Up Big Mon


By: R. Scott Raynovich

Confirming a trend that Futuriom highlighted in our recent SDN 2.0: Monitoring, Analytics, and Automation report, Big Switch has added significant telemetry, monitoring, and analytics functionality to its Big Monitoring Fabric ("Big Mon"), which will give network managers more insight into application-specific traffic as well as potential security threats.

The software-defined networking (SDN) company has added two add-on feature products to Big Mon: Big Mon Recorder Node, which enables high-performance packet recording, querying, and replay functions, and the Big Mon Analytics Node, which provides network visibility to monitor, discover, and troubleshoot network and application performance issues as well as tools for security breach discovery.

Going After NPBs

Service providers and enterprises are looking for increased integration of monitoring and analytics tools with networking software and equipment. Big Switch is clearly on top of this trend, targeting a software-based approach to increase tools to give managers visibility into the network.

F40 2022 Website Webinar Ad 2

Big Switch estimates that nearly 8.5 billion devices are connected to the Internet today. It says the rise of cloud-native applications is boosting so-called "East-West" network traffic in cloud datacenters, which opens up new attack vectors. Big Switch is integrating the functionality of a product set known as network packet brokers (NPBs), which monitor network and applications traffic, into its SDN architecture. By integrating the functionality of NPBs, Big Switch hopes to take advantage of a multi-billion dollar opportunity of products that today are often sold as discrete, hardware-based appliances.

One of the new features of Big Mon Recorder and Analytics Nodes will be enhanced telemetry that can be recorded, played back, and analyzed. For example, telemetry information can be stored and played back so that managers can examine past network activity among users and applications to troubleshoot problems. This can be done with a single click and can be engineered to look at traffic across public and hybrid cloud environments.

Both of these add-on software products will be sold as software-as-a-service (SaaS) licenses that run on commodity X86-based server. Big Switch has partners with value-added resellers, including Dell, which sell its software.

Big Mon Recorder Node will be integrated and managed by Big Switch's SDN controller. Multiple Recorder Nodes can be strung together. Big Mon Analytics Node provides scale-out analytics with time-series-based dashboards for performance, hosts, and security. It can collect Netflow and Sflow packet information.

Customer: University of Oklahoma

In announcing the new products, Big Switch provided University of Oklahoma as a customer reference. The university deployed Big Mon two years ago, replacing a legacy NPB product. The university says that by deploying an SDN product, it's realized 50% savings in capital expense (capex) while increasing network visibility.

University of Oklahoma recently added deployments of Big Mon Analytics Node and Recorder Node in order to address the following challenges: Unauthorized Application and Device Sprawl, Capacity Planning and Threat Mitigation. It's adding these capabilities to exising security tools, using Analytics Node to optimize the security framework.

In one example, Big Mon Analytics Node and Recorder Node can be used to protect users against phishing attacks, whereby attackers send deceiving emails in attempts to get users to click on malicious links. Big Mon Recorder Node can enable a full packet capture device that matches users to IP addresses on a network to determine who has submitted credentials. This helps to recognize when credentials are being used for malicious activity and monitor accounts for possible login from external IP addresses.

“As a leading public University, which serves a very large number of users, Analytics Node and Recorder Node have provided us with an efficient, cost-effective and scalable way to address multiple challenges that we faced due to having an open network,” said Aaron Baillio, Managing Director, Security Operations and Architecture, University of Oklahoma, in a release from Big Switch. “Analytics Node together with the packet capture capability of the Recorder Node has allowed us to reinforce security posture by rapid impact analysis and mitigation of compromised user credentials.”

As concluded in the Futuriom SDN 2.0 report, SDN fabrics such as those from Big Switch, as well as other SDN vendors including Cisco Systems and Pluribus Networks, are adding analytics and packet visibility features into their SDN platforms. This will continue to boost the functionality of SDN products and reduce the need for discrete network appliances.

This is an interesting move by Big Switch that is likely to take market share from NBPs, who have seen some of their revenue cannibalized by SDN vendors. It also makes sense for network operators, who are looking to consolidate the number of tools they use to monitor and manage networks. Packet-broker, analytics, and playback features are likely to become part of the desired feature set over time.