Extreme
Switch Reseller-Extreme Switch Distributor- Extreme Switch
Supplier- Extreme Networks Switch Reseller
Extreme
Sentriant Gigabit Ethernet Switches
American Tech Supply's Extreme Networks
Offerings- American Tech Supply is now an Extreme Networks
Gigabit switch reseller and as a supplier of Extreme Gigabit
Switches ATS now offers complete end to end carrier to desktop
gigabit ethernet switching solution.
The Extreme Networks® offering includes Summit®
fixed configuration switches, Alpine™
and BlackDiamond®
modular switches, wireless products, Sentriant™
security appliance, ExtremeWare®
operating systems and EPICenter®
management software. Our products can help you implement
the solution to meet your business needs.
Extreme
Sentriant Gigabit Ethernet Switches
Sentriant
is a security appliance that secures the network interior
against rapidly propagating threats including Day-Zero attacks.
Sentriant is designed to work in conjunction with Extreme
Networks® Security Rules Engine—CLEAR-Flow.
Together, Sentriant and CLEAR-Flow provide:
Continuous
monitoring of all end-points as threat sources launching
internal attacks |
Filtering
out of basic attacks, such as denial of service
(DoS) attacks, across multi-gigabit switched networks |
Deeper
analysis of suspicious traffic without impacting
the operation of live networks |
Enforcement
of rapid security mitigation actions against specific
threat sources across the enterprise |
Sentriant
uses behavior-based threat detection methods (no signatures,
no heuristics) to detect threats including new threats
for which no signatures exist at the time of attack. It
also includes a sophisticated early warning system that
employs unused IP space to identify threats. Sentriant is
not an in-line device, creates no performance impact to
networks, and cannot jeopardize network availability
even while the network is under attack.
Sentriant
incorporates a threat termination technology aggressive,
protocol-independent, automated threat termination capability.
This technology does not use software desktop agents, TCP
resets, or switch-dependent VLAN shunting to compartmentalize
an infected end-point.
Sentriant
and the CLEAR-Flow Security Rules Engine are part of the
Extreme Security Framework that is a comprehensive, scalable
and easy to use network-based security solution.
TYPES
OF THREATS |
| |
Denial
of Service (DoS) attacks such as Smurf, Ping of death,
Ping sweep, Ping flood, Port sweep, TCP Flood (Syn,
Syn-Ack, Ack, Fin, Xmas, Rst), and distributed DoS
(DDoS) |
| |
Viruses
and Worms such as Welchia, Slammer, Blaster, and MyDoom |
| |
Polymorphic
viruses, Blended attacks, Day-Zero Threats (New attack
on same day as vulnerability announcement) |
VIRTUALLY
IN-LINE OPERATION
Detect and actively defend against
threats without interfering with network traffic. Unlike
firewalls and IDP systems that need to be in-line to mitigate
threats and therefore can be bottlenecks or points of failure,
Sentriant is “virtually” in-line
HYPER
DETECTION & ACTIVE DECEPTION
Sentriant creates a network of “virtual
decoys” in the unused IP address space in a broadcast
domain. These virtual decoys create an “early warning
system” that fires an alert when a virtual target
is contacted.
By
mimicking basic responses to TCP, UDP, and ICMP requests,
Sentriant makes it difficult for a hacker to determine which
devices are real and which are not allowing valid
machines to hide in the white noise of virtual decoys.
SURGICAL
DEFENSE
This strategy, and the underlying
technology allows Sentriant to isolate attackers and prevent
them from communicating with the remainder of the network
while allowing missioncritical data to continue to flow
normally.
Virtually
In-line Operation
Sentriant is commonly deployed on a mirror port on a switch,
much like a network sniffer. However, unlike sniffers, Sentriant
can actively engage, deter and terminate malicious behavior.
This deployment model gives systems administrators strong
security control over the internal network without the latency
or single point of failure risks associated with in-line
devices.
Hyper
Detection
On a typical network that uses private IP address space,
as much as 80% of IP address space is unassigned. Sentriant
uses this asset to identify threats.
Since
most worms must conduct reconnaissance to spread, there
is a high probability that worm activity will hit the virtual
decoys in the unused IP address space. Therefore, administrators
have a much better chance of being alerted to malicious
activity quickly, giving them more time to respond.
Active
Deception
Sentriant provides false data about the network topology
in order to deceive fingerprinting-malware designed to provide
precise data about operating systems (OS) and application
versions present on a network. This deception makes it difficult
for the malware to attack the network effectively.
Sentriant
can also actively engage an attacker during the network
reconnaissance that generally precedes a threat, dramatically
slowing the scanning process and giving administrators time
to understand and thwart the attack. During this time, Sentriant
will continue to provide false data to the scan itself,
slowing or even stopping the attack and providing misleading
information to the attacker.
Surgical
Defense
Sentriant can logically insert itself inbetween one or more
attackers and one or more target devices by redirecting
communications streams from attackers to itself.
Sentriant
can then selectively pass or silently drop packets based
on their threat potential, thereby, isolating infected computers
while permitting all other communication to flow normally
on a network. This process occurs at both Layer 2 and Layer
3 of the Open System Interconnection (OSI) reference model.
Surgical
defense can be invoked either manually by an administrator
or automatically by the product when a threat is detected.
It represents a departure from previous network security
systems by combining the best characteristics of an inline
protection system with the performance and reliability benefits
of a passive device.
Deployment
Modes
Sentriant can be deployed in two modes of operation
Stand-alone mode and Integrated mode.
Stand-alone
mode
Sentriant can be connected to Extreme Networks core switches
(BlackDiamond® 8800 series) via span ports.
In this mode, Sentriant can monitor broadcast traffic from
across thirty-two VLANs.
Integrated
mode
Sentriant connected to the BlackDiamond 10808 (10K) switches
offers the most benefits and is the recommended deployment
mode. Benefits include:
| Greater
performance: Since CLEAR- Flow detects and filters
out DoS attacks, Sentriant can focus its resources
on largely suspicious traffic, hence offering higher
performance under load |
| Broader
range: Sentriant can analyze mirrored and span-port
connected traffic. Access to all the mirrored traffic
from threat-sources enables a quicker response time
to potential attacks, as opposed to a narrower range
of traffic presented via span-ports |
| Dynamic
Mitigation Control: Sentriant can add/modify the BlackDiamond
10K switch’s CLEAR-Flow rules and ACLs to inspect
additional traffic or change inspection thresholds
thereby allowing an automated system to fine-
grain inspection rules in real-time |
Sentriant
provides a unique and differentiated set of benefits in
the standalone and integrated deployment modes as summarized
below.
|
Sentriant is designed to operate seamlessly with
perimeter and end-point security products in a stand-alone
deployment mode. However, Sentriant offers the greatest
benefits operating in an integrated mode within
the Extreme Security Framework (ESF) as shown in
the figure. Sentriant provides a unique and differentiated
set of benefits in the stand-alone and integrated
deployment modes as summarized below.
| INTEGRATED
DEPLOYMENT |
STAND-ALONE
DEPLOYMENT |
| Virtual
visibility into all the end-points |
Visibility
limited to all end-points in the same broadcast
domain. |
| More
effective use of Sentriant resources acting
on a reduced load filtered by the CLEAR-Flow
security rules engine |
Without
CLEAR-Flow, the Sentriant needs to process
the full load including DoS attacks |
| The
Sentriant can dynamically refine filtering
criteria using dynamic ACLs to the core switch |
Sentriant
criteria are not coupled with the switch ACLs
by design; refinements can be made manually
potentially affecting the system response
times to attack |
| Inspection
across a mirrored port at 1 Gbps, and across
a SPAN-port at 1 Gbps possible. Mirrored traffic
allows for a quicker detection and response. |
Inspection
across 4 Gigabit Ethernet span-ports allows
access to broadcast traffic resulting in potentially
slower response times |
Unified
Management Structure and CLEAR-Flow
enable rich policy features (example: Role,
Port, VLAN, Quality of Service (QoS)-based
finer granularity for each detection or mitigation
action) |
Distinct
device-level manager (Sentriant Console Manager)
and without CLEARFlow, limited mitigation
actions (example: No QoS-based throttling
of suspicious traffic possible) |
|
We’re
here to help you solve your business challenges and increase
your ability to meet your own customers’ growing expectations
from their telecommunications service providers.
