The Cisco UCS virtualization platform, and many similar blade-server chassis, are becoming more popular with many companies. One limitation of these platforms is that they cannot take port mirror traffic directly to support a Network Intrusion Detection System (NIDS). This includes not being able to handle span or Rspan traffic. All incoming traffic to the platform's network interfaces must have a destination IP that exists on a VM in the system. This is where ERspan comes in: it is span traffic (port mirror) encapsulated in a tunnel and directed at a specific IP. Unfortunately AlienVault USM Appliance, along with other systems with NIDS functionality, do not support ERspan natively. Castra Consulting has found a way to receive an ERspan tunnel and unpack the real mirrored traffic inside it for the AlienVault NIDS. This allows you to leverage the excellent visibility that NIDS provides on your network, while still using your USM Appliance system in a virtualized infrastructure.
Do you need this functionality? Contract Castra Consulting today and we can get started!