Packet flow switches deliver cyber security capabilities

16th November 2016
Posted By : Alice Matthews
Packet flow switches deliver cyber security capabilities

Capabilities that deliver deeper packet visibility to NETSCOUT SYSTEMS' nGenius Packet Flow Switches (PFS) have been announced. nGenius PFS enable customers to continuously monitor and secure real-time traffic across all business services, regardless of underlying protocols, in both physical and virtual environments.

By integrating the nGenius PFS with the nGeniusONE Service Assurance platform, customers benefit from a solution that reveals additional packet details, thus extracting more intelligence from the traffic flow. With expanded security capabilities such as hybrid port mode, organisations gain additional flexibility that ease transitions from passive to active security deployments. nGenius PFS enable unified visibility for both service assurance and cyber security, as part of a business assurance solution that reduces performance and security risks.

“The ongoing innovations that NETSCOUT is building in their nGenius Packet Flow Switches address the needs for deeper packet visibility and security with our customers,” said John Carson, Managing Director, Phoenix Datacom. “With NETSCOUT, we can help customers see more in their networks, and secure their infrastructure to deliver a complete business assurance solution.”

“Unified packet visibility solves the problem of disparate monitoring infrastructures for service assurance and network security that lead to operational inefficiency and risk,” said Zeus Kerravala, Founder and Principal Analyst, ZK Research. “The steps that NETSCOUT has taken with the integration of its cybersecurity, service assurance and packet visibility capabilities are critical in helping organizations gain deeper packet visibility and obtain a holistic view of their infrastructure and services.”

According to the Network Monitoring Report (2016) from IHS Technology, NETSCOUT leads the service provider segment for network monitoring switches, complementing its position in the enterprise market. NETSCOUT packet flow switches fortify and advance such leadership with additional capabilities that create deep visibility into packet flows, so monitoring tools can see more from the network. These capabilities leverage internal development initiatives along with integration of key features and functionality acquired as part of the Company’s last year’s acquisition of the Danaher Communications Business. nGenius Packet Flow Switches provide service assurance through capabilities such as:

  • Flexibility in forwarded traffic: In virtualised environments, users can choose to either de-encapsulate packets, forward it on encapsulated, or do both. This flexibility allows monitoring tools to see more, as needed. Additionally, tight integration with NETSCOUT’s InfiniStream probes allow the probes to use the information in the encapsulation headers to provide deeper visibility into the packet data, such as port and time stamp information.
  • Traffic origination visibility: Through integration with the nGeniusONE Service Assurance platform, PFS mode on the packet flow switch allows monitoring tools to see from which links on the network a particular packet flow originates through customisable VLAN tagging. The packet flow switch can set custom VLAN Tag ID values, as traffic is forwarded to monitoring tools. This enables the tools to inspect traffic based on origin, which is critical in multi-tenant environments.
  • Visibility into tunneled packet flows: With generic stripping (de-encapsulation), nGenius Packet Flow Switches support network environments that utilise a variety of tunneling protocols (e.g. GRE, ERSPAN, GTP, MPLS) by giving monitoring tools the visibility into these packet flows. Packets can be de-encapsulated from tunnels and inspected, so monitoring tools can see things that were previously hidden within these protocols.

Business assurance solutions must also reduce risk and streamline operations. nGenius Packet Flow Switches help organisations deploy inline security without worry, through security-optimised capabilities such as:

  • Advanced inline aggregation: When aggregating traffic from multiple networks, VLAN tags are often utilised to identify the appropriate network source for returning inspected traffic. However, this creates issues for security systems that cannot process these tags. Additionally, in large-scale dynamic network environments with asymmetric routing, delivering packets back to the origination source is not possible. With nGenius Packet Flow Switches, discovery of the origination network by MAC address or Link Aggregation Group (LAG) alleviates the additional tagging requirement of other systems. So security systems can see all packet flows for inspection and analysis, and packets are returned to the source of origination on the network correctly.
  • High frequency advanced health checks: nGenius Packet Flow Switches go beyond a simple interface (port up/down) or 'heartbeat' ping to see if security systems are on. With L7 application-level functionality health checks, nGenius Packet Flow Switches ensure the security application or device is functioning as expected. Positive and negative health checks can be performed as frequently as every 100ms, ensuring that security systems function correctly; thus reducing time to detect security system failure. Used in combination in triggers, health checks enable automatic high-availability and fail over, to simplify operations and reduce security risk.
  • Hybrid port support: Both passive (copies of traffic) and active (production) traffic can be sent to the same monitoring tool port, allowing security systems with a hybrid capability to receive the traffic on the same port. Systems that provide both active and passive capabilities, such as intrusion prevention (IPS) and intrusion detection (IDS), are gaining ground. The hybrid mode on nGenius Packet Flow Switches leads to better port utilisation and efficient use of security systems, as now customers do not have to choose which mode to run the system in or run two systems (one active and one passive) in parallel.
  • Scalable security systems: With the large amount of traffic that needs to be inspected from high-speed links (e.g. 40G) or aggregated from multiple links, the processing capability of each security system needs to be considered to prevent overload and potential failure on any one system. nGenius Packet Flow Switches support high capacity (up to 32 instances) session-aware load balancing, providing security visibility and reducing risk by preventing over-subscription and potential failure on any one system.

The nGenius Packet Flow Switches capabilities provide deeper packet visibility while optimising packets from the network to the monitoring tools and security systems. Additional integration with the nGeniusONE Service Assurance platform means organisations can deploy a business assurance solution that mitigates performance and security risks. Learn more about how nGenius Packet Flow Switches enable unified visibility for service assurance and security here.


You must be logged in to comment

Write a comment

No comments

Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

Southern Manufacturing & Electronics 2019
5th February 2019
United Kingdom Farnborough
embedded world 2019
26th February 2019
Germany Nuremberg
Wearable Tech Show 2019
12th March 2019
United Kingdom London
AMPER 2019
19th March 2019
Czech Republic Brno Exhibition Centre