BreachBytes

If you have the money ($75K+) and a big data center moving a lot of data, Cisco’s Nexus 7000 series switch offers wickedly fast processing power and a lot of compelling security features. Hopefully this signals an increased interest in network security by the switch vendors.

Running NX-OS version 4.0, the Nexus 7000 switch supports a wide variety of useful security features you’d expect from a high-end switch: 802.1x, RADIUS, MAC-based ACLs for policy enforcement, etc. More important to us at BreachBytes is the native hardware support for NetFlow. I commented Monday on the fact that sFlow is generally more prevalent in switches than NetFlow, however Cisco seems to be challenging this assertion with their OS upgrade and supporting products like the Nexus 7000.

Integrating NetFlow (or another flow technology) at the switch layer really helps network security analysts by providing increased network visibility. Most enterprises have traditionally put their resources behind monitoring data coming in and out of the firewall. While important, this provides a very limited view of the network. Collecting flow data from routers (NetFlow, sFlow, JFlow, etc) is a step in the right direction. Moving data collection all the way to the switch layer is almost as good as it gets (beyond host log collection which can be a crippling amount of noisy data). Switches supporting sFlow and NetFlow push network visibility to the point of providing near-complete network visibility. By deploying collection technology all the way to the switch enterprises and security analysts have a stronger assurance that they know what is going on within the network.

This entry was posted on Wednesday, January 30th, 2008 at 3:08 pm and is filed under NetFlow for Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.