More Related Content
Similar to Visibility and Automation for Enhanced Security (20)
Visibility and Automation for Enhanced Security
- 2. 3©2015 Gigamon. All rights reserved.
Pervasive Monitoring for Pervasive Visibility
WHAT IS DRIVING THIS EMERGING NEED?
• Increasing Security Threats
• “Zero Trust” Security model: network traffic monitoring
• Distributed applications create east-west traffic patterns
• Dynamically changing traffic patterns demand better visibility
• Maintain visibility through emerging network architecture changes
• E.g. White Box, SDN, VMware NSX, Cisco ACI, OpenFlow
• Eliminate blind spots due to new encapsulations, encryption*
• E.g. VXLAN, SSL traffic
Security, Distributed Apps, SDN, New Blind Spots Driving Pervasive Monitoring
* ‘Avoid These "Dirty Dozen" Network Security Worst Practices’, Andrew Lerner and Jeremy D'Hoinne, Gartner, January 2015
- 3. 4©2015 Gigamon. All rights reserved.
Gaps in Traditional Security Model
Perimeter or
Endpoint Based
Simple
Trust Model
Static
Environment
• Inside vs. outside
• Focus on prevention
• Trusted vs
Un-trusted
• Corporate vs.
personal asset
• Fixed locations,
zones, perimeters
• Rule based
• Signature based
• Insider-outsider
boundary dissolved
• BYOD
• Mobility of users,
devices and
applications
- 4. 5©2015 Gigamon. All rights reserved.
©2015 Gigamon. All rights reserved.
Gaps in Traditional Security Model
Perimeter or
Endpoint Based
Simple
Trust Model
Static
Environment
• Inside vs. outside
• Focus on prevention
• Trusted vs
Un-trusted
• Corporate vs.
personal asset
• Fixed locations,
zones, perimeters
• Rule based
• Signature based
• Insider-outsider
boundary dissolved
• BYOD
• Mobility of users,
devices and
applications
More importantly …
THE VERY NATURE
OF CYBER THREATS
HAS CHANGED!
- 5. 6©2015 Gigamon. All rights reserved.
Source: RSA
Anatomy of an Advanced Persistent Threat (APT)
65432
In Many Cases the System Stays Breached After Exfiltration!
Phishing & zero
day attack
Back door
Lateral
movement
Data
gathering
Exfiltrate
1
Reconnaissance
- 6. 7©2015 Gigamon. All rights reserved.
*Trustwave 2014 global security report
**FireEye: Maginot revisited
Current State of Global Security
The mean number of days from
initial intrusion to detection*
The average lifespan of a zero-day
before it is discovered or
disclosed*
of organizations had active Command
& Control (C&C) communications**
of organizations in the study were
breached during the test period**
- 7. 8©2015 Gigamon. All rights reserved.
Internet
Firewall DMZ
IPS
Spine
Leaf
IDS
Server Farm
Core
Switch
What Else Has Changed That Impacts Security?
FUNDAMENTAL SHIFT IN TRAFFIC PATTERNS
No visibility into lateral
propagation of threats!
- 8. 9©2015 Gigamon. All rights reserved.
What Else Has Changed That Impacts Security?
DISSOLVING BOUNDARIES BETWEEN THE EDGE AND THE DATA CENTER
Internet
Firewall DMZ
IPS
Spine
Leaf
IDS
Server Farm
Core
Switch
Virtual
Desktop
- 9. 10©2015 Gigamon. All rights reserved.
What Else Has Changed That Impacts Security?
MOBILITY
Internet
Firewall DMZ
IPS
Spine
Leaf
IDS
Server Farm
Core
Switch
Virtual
Desktop
- 10. 11©2015 Gigamon. All rights reserved.
Visibility: Catalyst for the Right
Security Architecture
WHAT IS NEEDED?
Deliver network
wide view, regardless
of mobility
Take the guesswork
out of where to
place security tools!
Condense large
volumes of data into
manageable data
Peek into
encrypted traffic
- 11. 12©2015 Gigamon. All rights reserved.
• Proliferation of tools
• Contention for access to traffic
• Extraordinary costs
• Inconsistent view of traffic
• Model breaks down during a
network upgrade
The Spaghetti of Today’s Monitoring Infrastructure
WHY HAS IT NOT BEEN DONE YET?
Core
Switches
Access
Switches
Internet
Internet
Distribution
Switches
ANTI-
MALWARE
SIEM
DLP
IDS
IPS
FORENSICS
APT ANALYTIC
S
- 12. 13©2015 Gigamon. All rights reserved.
Example Security Delivery Architecture
OFFERED BY GIGAMON TODAY
Leaf switch
Spine
switch
Spine
switch
Core
switch
Core
switch
Leaf switch
APM
IPS (Inline)
Anti-Malware (Inline)
Network Forensics
Web Analytics
SIEM
DLP
IDS
APT Detection
Security
Tool Rack
GigaVUE-VM
Inline
Bypass
SSL
Decryption
NetFlow
Generation
GigaVUE-FM
- 13. 14©2015 Gigamon. All rights reserved.
Third Party Applications,
SDN Controller Integration, etc…
Applications & Tools Infrastructure,
User Community
Unified Visibility Fabric™
FOR PERVASIVE VISIBILITY INTO BUSINESS INFRASTRUCTURE
Traffic
Intelligence
Visibility
Fabric Nodes
(Pervasive visibility across
physical, virtual, remote
sites, and future SDN/NFV
production networks)
Fabric
Services Flow Mapping®
Fabric Control
(Management)
Applications
Inline Bypass
GigaVUE-HD8 GigaVUE-HD4 GigaVUE-HB1
GigaVUE-HC2
HSeries
TASeries
GigaVUE-TA1
GigaVUE-OS
on white box*
VirtualVisibility
GigaVUE-VM
TAPs
G-TAP
G-TAP A Series
G-TAP BiDi
Embedded TAPs
GSeries
GigaVUE-2404
GigaVUE-420
G-SECURE-0216
Deduplication
Packet Slicing
FlowVUE™
Masking
GTP Correlation
Header Stripping
NetFlow Generation
Tunneling
SSL Decryption
Adaptive Packet Filtering
GigaVUE-FM
Clustering
API
API
API
API
API
- 14. 15©2015 Gigamon. All rights reserved.
Physical
• Service chain GigaSMART®
applications
• Leverage hybrid port capability • Create flexible service chains
Advanced Traffic Intelligence Using GigaSMART
MULTIPLE APPLICATIONS CAN BE SERVICE CHAINED TOGETHER
Flow
Mapping®
Tunnel
Termination
SSL
Decryption
Adaptive
Packet Filtering
Virtual
GigaVUE-VM
GigaVUE-VM
Remote site
traffic to DLP
Web Server
Connect Requests
to NPM / CEM
East-West traffic
between virtual
workloads to IDS
- 16. 17©2015 Gigamon. All rights reserved.
The Customer Journey
Visibility Enables
Consolidation & Optimization
Cost, Network & Tool Efficiency,
Traffic Productivity
Visibility Fabric:
Physical & Virtual Nodes
Ability to Manage
Fabric Clusters
Themes
Pain Point/
Value
Business
Value
Gigamon
Solutions
Best
Practices
Visibility Assures
Security & Compliance
Risk Management: Compliance,
Security, Privacy, Data Integrity
Visibility
Platform
Ability to Tie
IT Teams Together
Visibility Delivers
Insight & Action
Business Agility to Anticipate,
React, and Respond
Active Visibility:
Detect & Respond
Ability to Have the Platform
Act as a Real-time Sensor
CAPEX
OPEX
ASSURANCE
CAPEX
OPEX
ASSURANCE
CAPEX
OPEX
AGILITY
+ +
Stages of Customer Adoption and Maturity
- 17. 18©2015 Gigamon. All rights reserved.
DAY 1 ROI ASSURED!
NPM
NPM
NPM
NPM
Edge
Switches
Internet
Routers
Core
Switches
Distribution
Switches
Case Study: Large Utility
18
$6.25M
$3.1M
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
New data center with NPM deployment
Original Quote for NPM: $6.25M
Rejected by Utility’s Budget Approvers
NPM + Gigamon: $3.1M
Results:
1. Better deployment
2. Improved 4-5 additional tools
3. Visibility Fabric architecture now in place
4. 50% savings in CAPEX
- 19. 20©2015 Gigamon. All rights reserved.
The Case for a Programmable Visibility Fabric
USE CASE: SECURITY (PROVISIONING AND NOTIFICATIONS)
‘Suspicious’ Pattern
• Generate NetFlow
• Change Flow Map
• Decrypt SSL
APIs
Software Defined
Data Center
Virtual
Workloads
Production Network
Internet
Security
Tools and Analytics
GigaVUE-FM
APIs to Provision
Visibility Fabric™
- 20. 21©2015 Gigamon. All rights reserved.
The Case for a Programmable Visibility Fabric
USE CASE – INVENTORY, ANALYTICS, PROVISIONING AND ADMINISTRATION
Customer / Partner Applications
(Auto Provisioning)
GigaVUE-FM
Production Network Tools and Analytics
Application
Performance
Network
Management
• Configure Network Port
• Create / Update Flow Map
APIsAPIs
Customer Application
(CMDB)
Vendor APIs
(Inventory, Stats)
Use Case 2 (Inventory/Stats):
• Heterogeneous monitoring
• Reporting
• Capacity Planning
Use Case 3 (Ticketing/Provisioning):
• Configure network port
• Monitor new IP subnet / VLANs
• Upgrade SW image
• Get Inventory / Status
• Get Statistics
Security
APIs to Provision
Visibility Fabric
- 21. 22©2015 Gigamon. All rights reserved.
The Case for a Programmable Visibility Fabric
USE CASE – PRIVATE CLOUD PROVISIONING
Software Defined
Data Center
Virtual
Workloads
Internet
Use Case 4 (Private Cloud Orchestration):
1. Create new Workloads / VMs
2. Enable Virtual Visibility
vCenter
APIs
vCenter APIs
APIs
• Deploy GigaVUE-VM
• Create Traffic Policies
GigaVUE-FM
Production Network Tools and Analytics
Application
Performance
Network
Management
Security
APIs to Provision
Visibility Fabric™
- 22. 23©2015 Gigamon. All rights reserved.
The Programmable Fabric
AGILE VISIBILITY FABRIC
Inventory Provisioning Analytics Notifications Administration
Inventory / Orchestration
(OSS, Homegrown)
SDN Controllers
(OpenStack, NSX, ODL)
Monitoring Tools
(NPM, APM, SEIM)
North Bound Integration (NBI) APIs
. . . . . .
GigaVUE-FM
- 24. 25©2015 Gigamon. All rights reserved.
As of Q4 2014
Gigamon Customers Today
A BROAD SPECTRUM OF BRAND-NAME CUSTOMERS
Enterprise
TECHNOLOGY INDUSTRIAL RETAIL
FINANCE HEALTHCARE & INSURANCE GOVERNMENT
50 of the Top 100 Global SPs
Service Providers
1600+ End Customers 67 of the Fortune-100
- 25. 26©2015 Gigamon. All rights reserved.
The Complete Visibility Ecosystem
INTEROPERABILITY WITH ANY TOOL AND ANY NETWORK
- 26. 27©2015 Gigamon. All rights reserved.
• One architecture, One Software, One Management Platform for all visibility
• Holistic Physical + Virtual Visibility
• Zero packet loss through patented hardware filtering and asymmetric reassembly
• Clustering: Extend scale beyond a single node
• GigaSMART: Common platform for advanced traffic intelligence, service chaining
• Best De-duplication in the market: 100x better
• Only vendor with advanced visibility: SSL Decryption, Adaptive Packet Filtering, …
• High fidelity NetFlow for advanced traffic insight
• Advanced Traffic Visualization and Automation with GigaVUE-FM
• Multi-tiered security architecture vs. standalone bypass
Why Gigamon?
PROVEN ACROSS MORE THAN 1600 CUSTOMERS INCLUDING 67 FORTUNE 100