Switch Reseller-Extreme Switch Distributor- Extreme Switch
Supplier- Extreme Networks Switch Reseller
Sentriant Gigabit Ethernet Switches
American Tech Supply's Extreme Networks
Offerings- American Tech Supply is now an Extreme Networks
Gigabit switch reseller and as a supplier of Extreme Gigabit
Switches ATS now offers complete end to end carrier to desktop
gigabit ethernet switching solution.
The Extreme Networks® offering includes Summit®
fixed configuration switches, Alpine™
modular switches, wireless products, Sentriant™
security appliance, ExtremeWare®
operating systems and EPICenter®
management software. Our products can help you implement
the solution to meet your business needs.
Sentriant Gigabit Ethernet Switches
is a security appliance that secures the network interior
against rapidly propagating threats including Day-Zero attacks.
Sentriant is designed to work in conjunction with Extreme
Networks® Security Rules Engine—CLEAR-Flow.
Together, Sentriant and CLEAR-Flow provide:
monitoring of all end-points as threat sources launching
out of basic attacks, such as denial of service
(DoS) attacks, across multi-gigabit switched networks
analysis of suspicious traffic without impacting
the operation of live networks
of rapid security mitigation actions against specific
threat sources across the enterprise
uses behavior-based threat detection methods (no signatures,
no heuristics) to detect threats including new threats
for which no signatures exist at the time of attack. It
also includes a sophisticated early warning system that
employs unused IP space to identify threats. Sentriant is
not an in-line device, creates no performance impact to
networks, and cannot jeopardize network availability
even while the network is under attack.
incorporates a threat termination technology aggressive,
protocol-independent, automated threat termination capability.
This technology does not use software desktop agents, TCP
resets, or switch-dependent VLAN shunting to compartmentalize
an infected end-point.
and the CLEAR-Flow Security Rules Engine are part of the
Extreme Security Framework that is a comprehensive, scalable
and easy to use network-based security solution.
of Service (DoS) attacks such as Smurf, Ping of death,
Ping sweep, Ping flood, Port sweep, TCP Flood (Syn,
Syn-Ack, Ack, Fin, Xmas, Rst), and distributed DoS
and Worms such as Welchia, Slammer, Blaster, and MyDoom
viruses, Blended attacks, Day-Zero Threats (New attack
on same day as vulnerability announcement)
Detect and actively defend against
threats without interfering with network traffic. Unlike
firewalls and IDP systems that need to be in-line to mitigate
threats and therefore can be bottlenecks or points of failure,
Sentriant is “virtually” in-line
DETECTION & ACTIVE DECEPTION
Sentriant creates a network of “virtual
decoys” in the unused IP address space in a broadcast
domain. These virtual decoys create an “early warning
system” that fires an alert when a virtual target
mimicking basic responses to TCP, UDP, and ICMP requests,
Sentriant makes it difficult for a hacker to determine which
devices are real and which are not allowing valid
machines to hide in the white noise of virtual decoys.
This strategy, and the underlying
technology allows Sentriant to isolate attackers and prevent
them from communicating with the remainder of the network
while allowing missioncritical data to continue to flow
Sentriant is commonly deployed on a mirror port on a switch,
much like a network sniffer. However, unlike sniffers, Sentriant
can actively engage, deter and terminate malicious behavior.
This deployment model gives systems administrators strong
security control over the internal network without the latency
or single point of failure risks associated with in-line
On a typical network that uses private IP address space,
as much as 80% of IP address space is unassigned. Sentriant
uses this asset to identify threats.
most worms must conduct reconnaissance to spread, there
is a high probability that worm activity will hit the virtual
decoys in the unused IP address space. Therefore, administrators
have a much better chance of being alerted to malicious
activity quickly, giving them more time to respond.
Sentriant provides false data about the network topology
in order to deceive fingerprinting-malware designed to provide
precise data about operating systems (OS) and application
versions present on a network. This deception makes it difficult
for the malware to attack the network effectively.
can also actively engage an attacker during the network
reconnaissance that generally precedes a threat, dramatically
slowing the scanning process and giving administrators time
to understand and thwart the attack. During this time, Sentriant
will continue to provide false data to the scan itself,
slowing or even stopping the attack and providing misleading
information to the attacker.
Sentriant can logically insert itself inbetween one or more
attackers and one or more target devices by redirecting
communications streams from attackers to itself.
can then selectively pass or silently drop packets based
on their threat potential, thereby, isolating infected computers
while permitting all other communication to flow normally
on a network. This process occurs at both Layer 2 and Layer
3 of the Open System Interconnection (OSI) reference model.
defense can be invoked either manually by an administrator
or automatically by the product when a threat is detected.
It represents a departure from previous network security
systems by combining the best characteristics of an inline
protection system with the performance and reliability benefits
of a passive device.
Sentriant can be deployed in two modes of operation
Stand-alone mode and Integrated mode.
Sentriant can be connected to Extreme Networks core switches
(BlackDiamond® 8800 series) via span ports.
In this mode, Sentriant can monitor broadcast traffic from
across thirty-two VLANs.
Sentriant connected to the BlackDiamond 10808 (10K) switches
offers the most benefits and is the recommended deployment
mode. Benefits include:
performance: Since CLEAR- Flow detects and filters
out DoS attacks, Sentriant can focus its resources
on largely suspicious traffic, hence offering higher
performance under load
range: Sentriant can analyze mirrored and span-port
connected traffic. Access to all the mirrored traffic
from threat-sources enables a quicker response time
to potential attacks, as opposed to a narrower range
of traffic presented via span-ports
Mitigation Control: Sentriant can add/modify the BlackDiamond
10K switch’s CLEAR-Flow rules and ACLs to inspect
additional traffic or change inspection thresholds
thereby allowing an automated system to fine-
grain inspection rules in real-time
provides a unique and differentiated set of benefits in
the standalone and integrated deployment modes as summarized
Sentriant is designed to operate seamlessly with
perimeter and end-point security products in a stand-alone
deployment mode. However, Sentriant offers the greatest
benefits operating in an integrated mode within
the Extreme Security Framework (ESF) as shown in
the figure. Sentriant provides a unique and differentiated
set of benefits in the stand-alone and integrated
deployment modes as summarized below.
visibility into all the end-points
limited to all end-points in the same broadcast
effective use of Sentriant resources acting
on a reduced load filtered by the CLEAR-Flow
security rules engine
CLEAR-Flow, the Sentriant needs to process
the full load including DoS attacks
Sentriant can dynamically refine filtering
criteria using dynamic ACLs to the core switch
criteria are not coupled with the switch ACLs
by design; refinements can be made manually
potentially affecting the system response
times to attack
across a mirrored port at 1 Gbps, and across
a SPAN-port at 1 Gbps possible. Mirrored traffic
allows for a quicker detection and response.
across 4 Gigabit Ethernet span-ports allows
access to broadcast traffic resulting in potentially
slower response times
Management Structure and CLEAR-Flow
enable rich policy features (example: Role,
Port, VLAN, Quality of Service (QoS)-based
finer granularity for each detection or mitigation
device-level manager (Sentriant Console Manager)
and without CLEARFlow, limited mitigation
actions (example: No QoS-based throttling
of suspicious traffic possible)
here to help you solve your business challenges and increase
your ability to meet your own customers growing expectations
from their telecommunications service providers.