Ixia released intelligent network packet broker - Vision ONE
Ixia, a provider of network testing, monitoring and security solutions, launched Vision ONE, a high-performance intelligent network packet broker.
Vision ONE has 48 1 / 10GbE SFP + ports and 4 40GbE QSFP + ports.
Further description under the cut.
')
Vision ONE acts as a first step to security, providing reliable in-line connectivity for connecting security tools such as IPS, DLP and firewalls. It simultaneously connects monitoring tools, intrusion detection systems (IDS) and data recording / storage systems.
In this solution, Ixia has concentrated the most advanced features of transparency and traffic control, including the capabilities of the Ixia ATI (Application and Threat Intelligence) processor. These include decrypting SSL traffic and deep packet analysis (DPI), which goes far beyond simple regular expression matching and provides accurate identification of application traffic. Vision ONE also performs various packet processing functions (for example, their deduplication, trimming, timestamps ...) and load balancing on inline IB devices (firewalls, IPS, etc.). This device can work with both inlin and out-of-band devices simultaneously.
The solution is quickly deployed and quickly incorporated into the workflow through an intuitive graphical user interface. This allows the company's IT staff to focus on improving security without wasting time on configuration.
A little more detail about the functions of smart packet processing Vision ONE
Advanced Packet Processing (AFM) features:
Deduplication - only one copy of the packet is sent to the analyzer.
Where do duplicate packages come from?
Several tapes are aggregated into the same analyzer.
One SPAN port usually generates duplicate packets.
Header Removal - Detects and removes tunneling protocols from the header, for analysis by tools that do not support these protocols.
Examples of using:
• Translation: Removes protocol headers that the analyzer does not understand and sends the packet in a supported format.
- MPLS, VNTag, FabricPath, etc.
• vTap Termination: Terminates traffic from Phantom vTap
• ERSPAN termination: Terminates traffic from remote offices / branches
Truncation (Packet Trimming) - truncation of packets to a certain size and optionally inserts a “trailer” to achieve the original packet size before sending it to the analyzer.
Examples of using
• Analyzer Efficiency: Reducing the size of the packet to send to the analyzer.
- Delete SSL-encrypted payloads before analysis
- Remove payloads for analyzers that study only headers
• Security: If a payload package is not needed for analysis, then this function can be used to protect against disclosure of confidential information, such as personal information (Personally Identifiable Information (PII)) in accordance with the requirements of many mandates, such as PCI.
Masking data x - Allows you to hide certain data, while maintaining the overall frame size, so that personal information (Personally Identifiable Information - PII) is not transmitted to the analyzer.
Examples of using
• Protecting PII: Businesses often have recommendations / obligations that oblige them not to store, transfer, or otherwise disclose PII to internal or external users. Examples of such mandates are PCI (Payment Card Industry) or HIPAA in the field of health care in the United States. Violations often lead to multi-million dollar fines.
Timestamps (Packet Timestamping) - Adds a section containing a timestamp to each packet, for a detailed study of the delay analyzers.
Vision ONE uses PTP or NTP to get reference time.
Examples of using
• Delay: The analyzer can determine the delay between any tapes on the network by comparing time stamps in the same packet from different places on the network.
Burst Protection — Adds an extra buffer to 1G interfaces to protect against events such as microburst and avoids data loss.
Examples of using
• Aggregation: When traffic is aggregated from different parts of the network into one 1G analyzer, a short-term increase in 1Gbps traffic is possible.
• Broadcast speed: When filtering 1G data from a 10G link / interface, this functionality can protect against a short-term “surge” an analyzer with a 1G performance.
Ixia ATI (Application and Threat Intelligence) - accurate intellectual processing of application traffic based on deep packet analysis (DPI) and decryption of SSL traffic.
(applications and their activity, geolocation, OS devices, browser, etc.)
Application filtering
RegEx search and data masking
Flexible traffic handling
ATIP - Understanding SSL
• Passive decryption - does not affect application performance
• Easy setup - only import certificates / keys
• All popular ciphers:
3DES, RC4, AES, SHA1 / 521/384/256/224, MD5.
• Support SSL / TLS decryption:
- SSL / TLS versions: SSL3.0, TLS1.0, TLS1.1 and TLS1.2.
- Exchange of asymmetric keys: RSA and ECDH.
- Symmetric keys: AES, 3DES and RC4.
- Hash Algorithms: SHA and MD5.
- Maximum number of simultaneous sessions: more than 1,000,000.
- Private key storage: encrypted with the write only attribute.
• Report encryption details - Netflow
Work with inline-devices
• Supports parallel (for load balancing) and serial connection of inline-devices, as well as any combination of these types of connections.
• To identify failed inline devices, one-level (single-stage) and multilevel (multi-stage) heartbeat packets are used to automatically overcome the failures.
• Two modes of overcoming failure:
- Redistribute sessions from a failed inline device to all active inline devices.
- Switching all active sessions from a failed inline device to a backup inline device.
Fast Failure Detection - Heartbeats
Failure Detection
• Heartbeats between bypass switch and NPB
• Heartbeats between NPB and device
• Absence of heartbeats indicates failure
Key features
• Pre-installed heartbeats for checking different devices
• Customizable heartbeats for tricky situations
• Support single-stage (blue) or multistage (red) heartbeats
As a result, we have a scalable, high-performance device with a wide range of functions and operating on line-rate.
For questions about IXIA decisions contact: dcs@muk.ua.
Distribution of IXIA solutions in Ukraine , Belarus , CIS countries .
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Vision ONE has 48 1 / 10GbE SFP + ports and 4 40GbE QSFP + ports.
Further description under the cut.
')
Vision ONE acts as a first step to security, providing reliable in-line connectivity for connecting security tools such as IPS, DLP and firewalls. It simultaneously connects monitoring tools, intrusion detection systems (IDS) and data recording / storage systems.
In this solution, Ixia has concentrated the most advanced features of transparency and traffic control, including the capabilities of the Ixia ATI (Application and Threat Intelligence) processor. These include decrypting SSL traffic and deep packet analysis (DPI), which goes far beyond simple regular expression matching and provides accurate identification of application traffic. Vision ONE also performs various packet processing functions (for example, their deduplication, trimming, timestamps ...) and load balancing on inline IB devices (firewalls, IPS, etc.). This device can work with both inlin and out-of-band devices simultaneously.
The solution is quickly deployed and quickly incorporated into the workflow through an intuitive graphical user interface. This allows the company's IT staff to focus on improving security without wasting time on configuration.
A little more detail about the functions of smart packet processing Vision ONE
Advanced Packet Processing (AFM) features:
Deduplication - only one copy of the packet is sent to the analyzer.
Where do duplicate packages come from?
Several tapes are aggregated into the same analyzer.
One SPAN port usually generates duplicate packets.
Header Removal - Detects and removes tunneling protocols from the header, for analysis by tools that do not support these protocols.
Examples of using:
• Translation: Removes protocol headers that the analyzer does not understand and sends the packet in a supported format.
- MPLS, VNTag, FabricPath, etc.
• vTap Termination: Terminates traffic from Phantom vTap
• ERSPAN termination: Terminates traffic from remote offices / branches
Truncation (Packet Trimming) - truncation of packets to a certain size and optionally inserts a “trailer” to achieve the original packet size before sending it to the analyzer.
Examples of using
• Analyzer Efficiency: Reducing the size of the packet to send to the analyzer.
- Delete SSL-encrypted payloads before analysis
- Remove payloads for analyzers that study only headers
• Security: If a payload package is not needed for analysis, then this function can be used to protect against disclosure of confidential information, such as personal information (Personally Identifiable Information (PII)) in accordance with the requirements of many mandates, such as PCI.
Masking data x - Allows you to hide certain data, while maintaining the overall frame size, so that personal information (Personally Identifiable Information - PII) is not transmitted to the analyzer.
Examples of using
• Protecting PII: Businesses often have recommendations / obligations that oblige them not to store, transfer, or otherwise disclose PII to internal or external users. Examples of such mandates are PCI (Payment Card Industry) or HIPAA in the field of health care in the United States. Violations often lead to multi-million dollar fines.
Timestamps (Packet Timestamping) - Adds a section containing a timestamp to each packet, for a detailed study of the delay analyzers.
Vision ONE uses PTP or NTP to get reference time.
Examples of using
• Delay: The analyzer can determine the delay between any tapes on the network by comparing time stamps in the same packet from different places on the network.
Burst Protection — Adds an extra buffer to 1G interfaces to protect against events such as microburst and avoids data loss.
Examples of using
• Aggregation: When traffic is aggregated from different parts of the network into one 1G analyzer, a short-term increase in 1Gbps traffic is possible.
• Broadcast speed: When filtering 1G data from a 10G link / interface, this functionality can protect against a short-term “surge” an analyzer with a 1G performance.
Ixia ATI (Application and Threat Intelligence) - accurate intellectual processing of application traffic based on deep packet analysis (DPI) and decryption of SSL traffic.
(applications and their activity, geolocation, OS devices, browser, etc.)
Application filtering
RegEx search and data masking
Flexible traffic handling
ATIP - Understanding SSL
• Passive decryption - does not affect application performance
• Easy setup - only import certificates / keys
• All popular ciphers:
3DES, RC4, AES, SHA1 / 521/384/256/224, MD5.
• Support SSL / TLS decryption:
- SSL / TLS versions: SSL3.0, TLS1.0, TLS1.1 and TLS1.2.
- Exchange of asymmetric keys: RSA and ECDH.
- Symmetric keys: AES, 3DES and RC4.
- Hash Algorithms: SHA and MD5.
- Maximum number of simultaneous sessions: more than 1,000,000.
- Private key storage: encrypted with the write only attribute.
• Report encryption details - Netflow
Work with inline-devices
• Supports parallel (for load balancing) and serial connection of inline-devices, as well as any combination of these types of connections.
• To identify failed inline devices, one-level (single-stage) and multilevel (multi-stage) heartbeat packets are used to automatically overcome the failures.
• Two modes of overcoming failure:
- Redistribute sessions from a failed inline device to all active inline devices.
- Switching all active sessions from a failed inline device to a backup inline device.
Fast Failure Detection - Heartbeats
Failure Detection
• Heartbeats between bypass switch and NPB
• Heartbeats between NPB and device
• Absence of heartbeats indicates failure
Key features
• Pre-installed heartbeats for checking different devices
• Customizable heartbeats for tricky situations
• Support single-stage (blue) or multistage (red) heartbeats
As a result, we have a scalable, high-performance device with a wide range of functions and operating on line-rate.
For questions about IXIA decisions contact: dcs@muk.ua.
Distribution of IXIA solutions in Ukraine , Belarus , CIS countries .
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Source: https://habr.com/ru/post/279187/
All Articles