© 2012 Gigamon. All rights reserved. 1

The Dynamic World of Threat Detection, Containment & Response

© 2012 Gigamon. All rights reserved.

Devices IT owned

Data Contained

Opportunities and ChallengesThe World of IT continues to evolve

2

Dynamic Infrastructure

Static Management and Security Tools

Network Fixed Mobile

Servers Physical

Applications In house

Virtual

User owned

Cloud

Limitless

© 2012 Gigamon. All rights reserved.

Devices IT owned

Data Contained

Opportunities and ChallengesThe World of IT continues to evolve

3

Dynamic Infrastructure

Static Management and Security Tools

Network Fixed Mobile

Servers Physical

Applications In house

Virtual

User owned

Cloud

Limitless

© 2012 Gigamon. All rights reserved. 4

Visibility: The Enabler for SecurityAnatomy of an Attack

Window of Exposure

The “Golden Hour”

Attackidentified

Alert & notification

Early stage containment

Damage & scale assessment

Infrastructure wide response

Second-wave detection

Assessing the infrastructure

Identifying targets

Pilot probe attack

Intrusion commences

Cloaking starts

Anomaly detected

Information extraction

Cloning &‘go mobile’

Cloakingcomplete

Data extraction or manipulation

Securityestablished

Elimination

Attack commences

© 2012 Gigamon. All rights reserved. 5

Two Architectures; Two Approaches“Wall and Watch”

“Watch” – out of band“Wall” – in band

Limit the opportunities Block the known attacks Monitor traffic profiles Alert to anomalies

Broad-scale monitoring Signature behavior Leverage multiple measures The front-line against the unknown

Limitations

Single point of failure Potential bottleneck Dependent upon “Maintenance windows”

Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding

network scale

Limitations

Highly available architecture Line-rate performance Infrequent configuration changes

Requirements

Powerful filtering capability Multi-point triangulation The more pervasive, the greater the value

Requirements

© 2012 Gigamon. All rights reserved. 6

Two Architectures; Two Approaches“Wall and Watch”

“Watch” – out of band“Wall” – in band

Highly available architecture Line-rate performance Infrequent configuration changes

Requirements

Powerful filtering capability Multi-point triangulation The more pervasive the greater the

value

Requirements

Single point of failure Potential bottleneck Dependent upon “Maintenance windows”

Limitations

Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding

network scale

Limitations

© 2012 Gigamon. All rights reserved. 7

Two Architectures; Two Approaches“Wall and Watch”

“Watch” – out of band“Wall” – in band

Single point of failure Potential bottleneck Dependent upon “Maintenance windows”

Limitations

Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding

network scale

Limitations

© 2012 Gigamon. All rights reserved. 8

Networks were Static and SimpleT

OO

LS

Application Performance

Security

Network Management

© 2012 Gigamon. All rights reserved. 9

Networks are Dynamic and ComplexT

OO

LS

Application Performance

Security

Network Management

© 2012 Gigamon. All rights reserved. 10

Application Performance

Network Management

Security

TO

OLS

Networks demand a New Approach

CENTRALIZEDTOOLS

ApplicationPerformance

Network Management

Security

© 2012 Gigamon. All rights reserved.

Packet Modification, Manipulation and Transformation

GigaSMART

The Fabric Intelligence

11

Dynamic power to control traffic selection

Packet Identification, Filtering and Forwarding

ToolsNetwork Flow Mapping

Phy

sica

lV

irtua

l

Application Performance

Network Management

Security

Deduplication

ABACCABACB ABC

Packet Slicing

A B C A B C

Time Stamp

A B C A B C

© 2012 Gigamon. All rights reserved.

The Benefits of Visibility Fabric

12

Visibility Fabric

• Pervasive

• Simple

• Cost Effective

• Centralized

• Scalable

Legacy Approach

• Limited Visibility

• Static

• Expensive

• Distributed

• Constrained

© 2012 Gigamon. All rights reserved. 13

Too

lsN

etw

ork

Network ManagementApplication MonitoringSecurity

Enabling Best-of-Breed SelectionsThe Middleware with Any Network, and Any Tool

© 2012 Gigamon. All rights reserved. 14

The Advantages of Gigamon – GigaBPSTraffic offload – Application-aware traffic profile

© 2012 Gigamon. All rights reserved. 15

Organization Size: Employees (000s) Organization Revenue ($B) Vertical

The Demand is ClearIndependent Survey Results from December 2011

Not enough SPAN ports for the tools

Monitoring and Security tools need too many connection points

Monitoring/security tools cannot keep up

NOC teams cannot provision SPAN ports fast enough

Would a Visibility Fabric be useful in your environment

40%

48%

38%

36%

79%

<1

.0

1.0

-2.5

2.5

-5.0

5.0

-10

.0

10

.0-.

..

20

.0+0%

10%

20%

30%

NF

P/P

ub

lic

<0

.5

0.5

-1.0

1.0

-5.0

5.0

-10

.0

10

.0-2

0.0

20

.0+0%

10%

20%

Se

rvic

es

Go

v/F

ed

Ma

nu

fac

turi

ng

Fn

an

cia

l

He

alth

ca

re

Me

dia

Re

tail

Oth

er0%

10%

20%

30%

© 2012 Gigamon. All rights reserved. 16

“Wall” – in band

Visibility FabricAddressing the Limitations

Single point of failure Potential bottleneck Dependent upon “Maintenance windows”

Limitations

“Watch” – out of band

Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding

network scale

Limitations

Heartbeat monitoring Intelligent traffic distribution Establishes a ‘Dynamic DMZ’ enabling

rapid response

“Flow Mapping” filtering Selective traffic forwarding Scalability to serve some of the largest

networks on the planet

© 2012 Gigamon. All rights reserved. 17

Thank you