visibility and automation for enhanced security
TRANSCRIPT
Visibility and Automation for Enhanced Security
VP, Product Line Management
Ananda Rajagopal
3©2015 Gigamon. All rights reserved.
Pervasive Monitoring for Pervasive VisibilityWHAT IS DRIVING THIS EMERGING NEED?
• Increasing Security Threats
• “Zero Trust” Security model: network traffic monitoring
• Distributed applications create east-west traffic patterns
• Dynamically changing traffic patterns demand better visibility
• Maintain visibility through emerging network architecture changes
• E.g. White Box, SDN, VMware NSX, Cisco ACI, OpenFlow
• Eliminate blind spots due to new encapsulations, encryption*
• E.g. VXLAN, SSL traffic
Security, Distributed Apps, SDN, New Blind Spots Driving Pervasive Monitoring
* ‘Avoid These "Dirty Dozen" Network Security Worst Practices’, Andrew Lerner and Jeremy D'Hoinne, Gartner, January 2015
4©2015 Gigamon. All rights reserved.
Gaps in Traditional Security Model
Perimeter or
Endpoint Based
Simple
Trust Model
Static
Environment
• Inside vs. outside
• Focus on prevention
• Trusted vs
Un-trusted
• Corporate vs.
personal asset
• Fixed locations,
zones, perimeters
• Rule based
• Signature based
• Insider-outsider
boundary dissolved
• BYOD
• Mobility of users,
devices and
applications
5©2015 Gigamon. All rights reserved.
©2015 Gigamon. All rights reserved.
Gaps in Traditional Security Model
Perimeter or
Endpoint Based
Simple
Trust Model
Static
Environment
• Inside vs. outside
• Focus on prevention
• Trusted vs
Un-trusted
• Corporate vs.
personal asset
• Fixed locations,
zones, perimeters
• Rule based
• Signature based
• Insider-outsider
boundary dissolved
• BYOD
• Mobility of users,
devices and
applications
More importantly …
THE VERY NATURE
OF CYBER THREATS
HAS CHANGED!
6©2015 Gigamon. All rights reserved.
Source: RSA
Anatomy of an Advanced Persistent Threat (APT)
65432
In Many Cases the System Stays Breached After Exfiltration!
Phishing & zero
day attackBack door
Lateral
movement
Data
gatheringExfiltrate
1
Reconnaissance
7©2015 Gigamon. All rights reserved.
*Trustwave 2014 global security report
**FireEye: Maginot revisited
Current State of Global Security
The mean number of days from
initial intrusion to detection*
The average lifespan of a zero-day
before it is discovered or
disclosed*
of organizations had active Command
& Control (C&C) communications**
of organizations in the study were
breached during the test period**
8©2015 Gigamon. All rights reserved.
Internet
Firewall DMZ
IPS
Spine
Leaf
IDS
Server Farm
Core
Switch
What Else Has Changed That Impacts Security?FUNDAMENTAL SHIFT IN TRAFFIC PATTERNS
No visibility into lateral
propagation of threats!
9©2015 Gigamon. All rights reserved.
What Else Has Changed That Impacts Security?DISSOLVING BOUNDARIES BETWEEN THE EDGE AND THE DATA CENTER
Internet
Firewall DMZ
IPS
Spine
Leaf
IDS
Server Farm
Core
Switch
Virtual
Desktop
10©2015 Gigamon. All rights reserved.
What Else Has Changed That Impacts Security?MOBILITY
Internet
Firewall DMZ
IPS
Spine
Leaf
IDS
Server Farm
Core
Switch
Virtual
Desktop
11©2015 Gigamon. All rights reserved.
Visibility: Catalyst for the Right Security ArchitectureWHAT IS NEEDED?
Deliver network
wide view, regardless
of mobility
Take the guesswork
out of where to
place security tools!
Condense large
volumes of data into
manageable data
Peek into
encrypted traffic
12©2015 Gigamon. All rights reserved.
• Proliferation of tools
• Contention for access to traffic
• Extraordinary costs
• Inconsistent view of traffic
• Model breaks down during a
network upgrade
The Spaghetti of Today’s Monitoring InfrastructureWHY HAS IT NOT BEEN DONE YET?
Core
Switches
Access
Switches
InternetInternet
Distribution
Switches
ANTI-
MALWARE
SIEM
DLP
IDS
IPS
FORENSICS
APT ANALYTIC
S
13©2015 Gigamon. All rights reserved.
Example Security Delivery ArchitectureOFFERED BY GIGAMON TODAY
Leaf switch
Spine
switch
Spine
switch
Core
switch
Core
switch
Leaf switch
APM
IPS (Inline)
Anti-Malware (Inline)
Network Forensics
Web Analytics
SIEM
DLP
IDS
APT Detection
Security
Tool Rack
GigaVUE-VM
InlineBypass
SSLDecryption
NetFlowGeneration
GigaVUE-FM
14©2015 Gigamon. All rights reserved.
Third Party Applications,
SDN Controller Integration, etc…
Applications & Tools Infrastructure,
User Community
Unified Visibility Fabric™
FOR PERVASIVE VISIBILITY INTO BUSINESS INFRASTRUCTURE
Traffic
Intelligence
Visibility
Fabric Nodes(Pervasive visibility across
physical, virtual, remote
sites, and future SDN/NFV
production networks)
Fabric
Services Flow Mapping®
Fabric Control
(Management)
Applications
Inline Bypass
GigaVUE-HD8 GigaVUE-HD4 GigaVUE-HB1
GigaVUE-HC2H S
eri
es
TA
Se
rie
s
GigaVUE-TA1
GigaVUE-OS
on white box* Vir
tua
l V
isib
ilit
y
GigaVUE-VM
TA
Ps
G-TAP
G-TAP A Series
G-TAP BiDi
Embedded TAPs
G S
eri
es GigaVUE-2404
GigaVUE-420
G-SECURE-0216
Deduplication
Packet Slicing
FlowVUE™
Masking
GTP Correlation
Header Stripping
NetFlow Generation
Tunneling
SSL Decryption
Adaptive Packet Filtering
GigaVUE-FM
Clustering
AP
I
AP
I
AP
I
AP
I
AP
I
15©2015 Gigamon. All rights reserved.
Ph
ysic
al
• Service chain GigaSMART®
applications• Leverage hybrid port capability • Create flexible service chains
Advanced Traffic Intelligence Using GigaSMARTMULTIPLE APPLICATIONS CAN BE SERVICE CHAINED TOGETHER
Flow
Mapping®
Tunnel
Termination
SSL
DecryptionAdaptive
Packet Filtering
Vir
tual
GigaVUE-VM
GigaVUE-VM
Remote site
traffic to DLP
Web Server
Connect Requests
to NPM / CEM
East-West traffic
between virtual
workloads to IDS
Visibility Fabric: A Customer’s JourneyA Programmable Fabric to Detect, React and Respond
16
17©2015 Gigamon. All rights reserved.
The Customer Journey
Visibility Enables
Consolidation & Optimization
Cost, Network & Tool Efficiency,
Traffic Productivity
Visibility Fabric:
Physical & Virtual Nodes
Ability to Manage
Fabric Clusters
Themes
Pain Point/
Value
Business
Value
Gigamon
Solutions
Best
Practices
Visibility Assures
Security & Compliance
Risk Management: Compliance,
Security, Privacy, Data Integrity
Visibility
Platform
Ability to Tie
IT Teams Together
Visibility Delivers
Insight & Action
Business Agility to Anticipate,
React, and Respond
Active Visibility:
Detect & Respond
Ability to Have the Platform
Act as a Real-time Sensor
CAPEX
OPEX
ASSURANCE
CAPEX
OPEX
ASSURANCE
CAPEX
OPEX
AGILITY
+ +
Stages of Customer Adoption and Maturity
18©2015 Gigamon. All rights reserved.
DAY 1 ROI ASSURED!
NPM
NPM
NPM
NPM
Edge
Switches
Internet
Routers
Core
Switches
Distribution
Switches
Case Study: Large Utility
18
$6.25M$3.1M
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
NPM
New data center with NPM deployment
Original Quote for NPM: $6.25M
Rejected by Utility’s Budget Approvers
NPM + Gigamon: $3.1M
Results:
1. Better deployment
2. Improved 4-5 additional tools
3. Visibility Fabric architecture now in place
4. 50% savings in CAPEX
Software Defined VisibilityProgrammable Fabric
19
20©2015 Gigamon. All rights reserved.
The Case for a Programmable Visibility FabricUSE CASE: SECURITY (PROVISIONING AND NOTIFICATIONS)
‘Suspicious’ Pattern
• Generate NetFlow
• Change Flow Map
• Decrypt SSL
APIs
Software Defined
Data Center
Virtual
Workloads
Production Network
Internet
Security
Tools and Analytics
GigaVUE-FM
APIs to Provision
Visibility Fabric™
21©2015 Gigamon. All rights reserved.
The Case for a Programmable Visibility FabricUSE CASE – INVENTORY, ANALYTICS, PROVISIONING AND ADMINISTRATION
Customer / Partner Applications
(Auto Provisioning)
GigaVUE-FM
Production Network Tools and Analytics
Application
Performance
Network
Management
• Configure Network Port
• Create / Update Flow Map
APIsAPIsCustomer Application
(CMDB)
Vendor APIs
(Inventory, Stats)
Use Case 2 (Inventory/Stats):
• Heterogeneous monitoring
• Reporting
• Capacity Planning
Use Case 3 (Ticketing/Provisioning):
• Configure network port
• Monitor new IP subnet / VLANs
• Upgrade SW image
• Get Inventory / Status
• Get Statistics
Security
APIs to Provision
Visibility Fabric
22©2015 Gigamon. All rights reserved.
The Case for a Programmable Visibility FabricUSE CASE – PRIVATE CLOUD PROVISIONING
Software Defined
Data Center
Virtual
Workloads
Internet
Use Case 4 (Private Cloud Orchestration):
1. Create new Workloads / VMs
2. Enable Virtual Visibility
vCenter
APIs
vCenter APIs
APIs
• Deploy GigaVUE-VM
• Create Traffic Policies
GigaVUE-FM
Production Network Tools and Analytics
Application
Performance
Network
Management
Security
APIs to Provision
Visibility Fabric™
23©2015 Gigamon. All rights reserved.
The Programmable FabricAGILE VISIBILITY FABRIC
Inventory Provisioning Analytics Notifications Administration
Inventory / Orchestration
(OSS, Homegrown)
SDN Controllers
(OpenStack, NSX, ODL)
Monitoring Tools
(NPM, APM, SEIM)
North Bound Integration (NBI) APIs
. . . . . .
GigaVUE-FM
About Gigamon
24
25©2015 Gigamon. All rights reserved.
As of Q4 2014
Gigamon Customers TodayA BROAD SPECTRUM OF BRAND-NAME CUSTOMERS
Enterprise
TECHNOLOGY INDUSTRIAL RETAIL
FINANCE HEALTHCARE & INSURANCE GOVERNMENT
50 of the Top 100 Global SPs
Service Providers
1600+ End Customers 67 of the Fortune-100
26©2015 Gigamon. All rights reserved.
The Complete Visibility EcosystemINTEROPERABILITY WITH ANY TOOL AND ANY NETWORK
27©2015 Gigamon. All rights reserved.
• One architecture, One Software, One Management Platform for all visibility
• Holistic Physical + Virtual Visibility
• Zero packet loss through patented hardware filtering and asymmetric reassembly
• Clustering: Extend scale beyond a single node
• GigaSMART: Common platform for advanced traffic intelligence, service chaining
• Best De-duplication in the market: 100x better
• Only vendor with advanced visibility: SSL Decryption, Adaptive Packet Filtering, …
• High fidelity NetFlow for advanced traffic insight
• Advanced Traffic Visualization and Automation with GigaVUE-FM
• Multi-tiered security architecture vs. standalone bypass
Why Gigamon?PROVEN ACROSS MORE THAN 1600 CUSTOMERS INCLUDING 67 FORTUNE 100
28©2015 Gigamon. All rights reserved.
VISIBILITY
MATTERS