Hyperscale data center
steps up security
Case Study
Challenge
A global hyperscale data center engaged ntop to help develop a 100G line-rate traffic monitoring solution. Their current solution only provided them a fractional overview of who had been on their network and what action they had taken.
Solution
ntop partnered with Napatech to develop a compact 100G capacity solution that would both deliver lossless packet capture while also providing a 1:1 overview of the NetFlow.
Benefits
The combined power of this packet and flow-centric solution helped the data center to attain complete network visibility and, consequently, realize a drastically stronger network security with a minimum strain on resources.
Industry pain points
The ability to detect threats at any speed is a challenge. In a world of software-defined everything, with trillions of endpoints, massive amounts of data and networks operating at speeds of 40G and 100G, these challenges become even more complex. To make matters worse, there is a severe lack of commercial, affordable offerings capable of addressing industry needs. Many enterprises and cloud service providers are therefore driven to build their own security monitoring solutions. But how do you build an efficient solution that provides complete traffic visibility, even at 100G?
Client challenges
This was the challenge faced by a global hyperscale data center as they engaged ntop and Napatech to help develop a 100G line rate traffic monitoring solution focusing both on network performance measurement and security traffic analysis. Their current solution was based on Random Sampled NetFlow, which only provided them a fractional overview of who had been on their network and what action they had taken.
The Cento 100 Gbit Capacity Solution
To reinforce their security posture, they needed to gain full traffic visibility. Losing even a single data packet could potentially expose their critical infrastructure and compromise the safety of assets and resources. What they needed was a solution that would guarantee lossless capture, even at 100G. To enhance efficiency, they also needed a 1:1 overview of the NetFlow statistics while only storing selected flows to disk. That way they could focus their further processing on any abnormal, suspicious activity, instead of committing resources to investigate each single data packet.
Our solution
ntop and Napatech partnered to develop a compact high-speed solution that would both ensure complete packet capture while also providing the needed 1:1 NetFlow overview.
Napatech’s FPGA-powered FPGA SmartNICs were integrated with the nProbe™ Cento software. This provided guaranteed lossless capture and enabled traffic analysis even at 100G. When captured, the data packets were classified by the Cento NetFlow probe and converted into flows. The n2disk™ network traffic recorder made it possible to write packets from suspicious flows to disk for extensive periods of time, enabling subsequent forensic investigation.
Benefits
By combining the high-speed Cento software with Napatech FPGA SmartNICs, we successfully developed a 100G capacity solution that would both ensure zero packet loss while also providing a fully reliable 1:1 overview of the NetFlow. The combined power of this packet and flow-centric solution helped the data center to realize a drastically stronger network security with a minimum strain on resources.
