Blog

Get news about our products, which events we are attending plus industry insights and commentary

Network Visibility in the 100/25GbE High Density Data Centre Era

Written by Sarah Chandley on Thursday, 30 May 2019. Posted in Cyber

As the demand for bandwidth continues to grow, the migration from 100G to 400G will be the next developmental step in data centre architecture. Research from Crehan Research Inc. shows that shipments of 10GbE and 40GbE data centre switches each declined in 2018, while 25GbE and 100GbE continued to grow significantly, signalling that we are now solidly in the 100/25GbE era. The falling cost of 100GbE equipment is contributing to adoption but the primary driver is increasing bandwidth requirements fuelled by increasing global connectivity. GSMA predicts that by 2025 there will be 25 billion connected devices.  

As this immense growth unfolds for mobile operators, ISP’s, enterprises and the wider industry, new demands are forcing them to evolve their networks quickly, For example 100GbE technologies that started in the core are now migrating all the way to the multi-service edge routers and switches. This creates highly complex, multi-layer architectures, cyber security, or more specifically ‘network security’ is an important part of this infrastructure. Cyber criminals, hackers and state sponsored actors have all kept pace with these technical developments, at times out pacing defenders in NetOps and SecOp teams.

In order to protect mega scale data centres, defenders must have visibility of what is happening on their networks at all times. Which is much easier in theory than it is in practice. When facing massive amounts of essentially uncontrolled data, looking for threats can seem like looking for a needle in a needle stack, in a hay stack. Network security strategy at this scale is often broken down in to bitesize chucks, that can be solved using a number of different technologies, from a number of different vendors.

If you are reading this post then you have definitely heard the term ‘you can’t fight what you can't see’, you hear it so much because it is absolutely true. So, with this in mind the first chunk of the strategy should include network visibility and how to achieve a granular view of the network.  The most efficient way to do this at scale is to passively tap the backbone, ingest all network traffic and begin to build a blueprint of what looks normal for your network. By using sensors and/or probes which generate unsampled flow monitoring (NetFlow, IPFIX etc.) such as the Telesoft range of high rate multi 100GbE FlowProbes, defenders can achieve complete network visibility without sacrificing huge amount of processing and dealing with compliancy issues that are associated with other types of network monitoring such as DPI.

As the cyber threat landscape is in constant flux with ever evolving attack vectors, the next chunk of the strategy should be dedicated to anomaly and threat detection. Equipping SecOp and NetOp teams with actionable intelligence is key to detecting botnets, APTs, zero-day malware and other threats that bypass traditional solutions, this allows them to provide rapid incident response and forensic analysis. In a scaled down environment, this could be achieved by using an integrated SIEM architecture and the same can be and is deployed at scale. However, SIEM’s are expensive and at huge multi 100GbE scale the sheer number of alerts generated is going to quickly clog the system and create alert bottlenecks, potentially missing important incidents and events. 

A way around this is to off load some of the work before the data gets to the SIEM infrastructure. Tools like the Telesoft FlowProbe and FlowStash provide compact unsampled meta-data from multiple 100GbE, including advanced application layer visibility (L7), tagged by entity type and enriched with IP Reputation, threat intelligence, Geo IP and ASN. Real time threat and anomaly analysis reduces the influx of potentially millions of events every second to a manageable set of alerts. Which can then be fed into the SIEM, giving the cyber security team prioritised alerts and highly scalable network visibility of their 100GbE infrastructure.

Telesoft will be exhibiting our carrier scale products at Infosecurity Europe from the 4th -6th June in London, visit us on stand G290 to see a demo of our newly released 4 x 100GbE FlowProbe, or This email address is being protected from spambots. You need JavaScript enabled to view it. to find out more about our carrier scale network visibility products. 

About the Author

Sarah Chandley

Sarah Chandley

Sarah is an experienced B2B technology marketing professional, creating content for the Cyber Security, Telco and Government Infrastructure sectors. 

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.