Data Sheets
Enabling Visibility to Secure and Monitor Cloud Environments
Organizations are migrating workloads to the cloud because it offers scale, agility and flexibility. These organizations require visibility to adhere to their security, compliance and monitoring policies in the public, private and hybrid cloud.
Highlights
• Capture and forward Full Packets and/or Netflow from Virtual Machine (VM), containers or inter-Pod network traffic and forward it to tools, or physical and/or virtual packet brokers for aggregation, advanced filtering, and deduplication
• Virtual packet processing and aggregation in your cloud which traditionally relies on physical packet brokers
• Aggregate and deduplicate packet data; originate and terminate tunnels without the need for physical hardware
• Virtual packet processing with AppStack capabilities leverages Keysight’s advanced application intelligence with signature-based application detection, geolocation, NetFlow and IxFlow (enhanced NetFlow)
• Management UI that can be deployed in any cloud, for better control and security
• Multi-platform capable, cloud service provider and platform agnostic
• Auto-scales elastically, on-demand with cloud instances
• Handles cloud scale (thousands of instances). Auto-scales elastically, on-demand with cloud instances
• Easy-to-use, drag-and-drop interface with a network to tools layout
The Cloud Visibility Challenge
All networks are inevitably exposed to increasingly complex and advanced security risks and threats. The key is to identify the risks and threats as quickly as possible and take effective action. The goal of a total visibility architecture is to give you access to all the data that crosses your networks, so you can.
There are two main aspects to every network visibility solution:
1. Capturing all network traffic, and
Aggregating, filtering, de-duplicating and modifying the collected network traffic prior to it being forwarded to performance, monitoring and security tools
For collecting the network traffic, traditionally the best method to capture all traffic on a network link is by using a network tap. Taps provide continuous, non-disruptive network access and have these characteristics:
• Receive all traffic on a network link
• Require little to no configuration and can be installed at any time
• Are not IP addressable so they aren’t vulnerable to remote attacker access
• Do not introduce delay or alter the content of the data
For aggregating, filtering, de-duplicating and modifying network traffic the traditional approach is a physical network packet broker (NPB). NPBs are used to process packets and send select packets to specific tools, based on what they are designed to monitor and inspect. NPBs aggregate raw or filtered traffic from multiple monitoring points across your network and filter and de-duplicate packets so your tools receive only relevant traffic. This reduces data congestion, minimizes false positives, and allows you to handle traffic with fewer monitoring devices.
However, in today’s virtualized deployments, both aspects are a challenge:
1. Collecting virtualized network traffic, between virtual workloads or east-west (inter-VM or inter- container/Pod), where a traditional physical tap has no visibility.
2. Ensuring that the visibility solution scales with the dynamic nature of the private and public cloud. If virtualized network traffic must be processed by a physical network packet broker, then manual intervention is required to add new resources, and complexities increase.
CloudLens addresses both problems with two main components, a virtual tapping (vTap) capability which gathers, filters and forwards virtual workload traffic, and a virtual packet processing capability which aggregates, filters, deduplicates and forwards traffic to both virtual and physical datacenter tools. Additionally, CloudLens offers the ability to dynamically detect specific applications, and threats, not just application types or categories, filtering and forwarding real-time network traffic to appropriate tools for further security, performance, or forensic analysis.
What are you looking for?