visibility for security - arrow ecsuniversity.arrowecs.de/fileadmin/university/redaktion/... ·...

Visibility for Security A Security Delivery Platform: See More. Secure More.

2 ©2015 Gigamon. All rights reserved.

Our Vision



AS OF Q2 2015 Enterprise

A broad spectrum of brand-name customers.

Gigamon Customers Today

TECHNOLOGY INDUSTRIAL RETAIL

FINANCE HEALTHCARE & INSURANCE GOVERNMENT

50 of the Top 100 Global SPs

Service Providers

1700+ End Customers 75+ of the Fortune-100

http://www.3m.com/

http://www.bjc.org/


Network Forensics/Big Data

Analytics

Application Performance Management

Network Performance Management

Ecosystem Partners Network

Security and Vulnerability Management

Customer Experience

Management


• BYOD, mobility increase attack surface

• Virtualization increases security blind spots

• Rising use of encryption to embed malware and hide threats

• Volume, variance and velocity of today’s network data

• Attacker sophistication and “low-and-slow” network movement

• Security analytics impossible with legacy means

The Security Operations Challenge THE ATTACKER-DEFENDER ASYMMETRY


Intrusion Detection System

Anti-Malware (Inline)

Email Threat Detection

Forensics

IPS (Inline)

Data Loss Prevention

Forensics



IPS (Inline)



The Security Ops Challenge: • How do all these security tools

gain pervasive visibility? • Where should these security

tools be placed? • How does one rapidly

investigate a new threat source?

Legacy Approaches Have Limited Visibility THERE IS SO MUCH TO PROTECT AND SO MANY PATHS TO MONITOR


IPS (Inline)



Forensics


Internet

Routers

“Spine” Switches

“Leaf” Switches

Virtualized Server Farm

7

The Challenge with Legacy Approaches

Enterprise LAN

Security Tool Security Tool Security Tool Security Tool

Irrelevant Traffic

Relevant Traffic

• Partial infrastructure view • No control on traffic selected • Reduced efficiency of security tool


Security Delivery Platform: “See Everything” A FOUNDATIONAL BUILDING BLOCK TO EFFECTIVE SECURITY


Data Loss Prevention Data Loss

Prevention

IPS (Inline)

IPS (Inline)

IPS (Inline)




Forensics

Forensics Forensics

Intrusion Detection System Intrusion

Detection System


Internet

Routers


“Leaf” Switches








IPS (Inline)


Forensics

Isolation of applications for

targeted inspection

Visibility to encrypted traffic for

threat detection

Inline bypass for connected security

applications

A complete network-wide reach: physical and virtual

Scalable metadata extraction for

improved forensics

Security Delivery Platform

All tools still connected Fewer network touch points

Enhanced tool efficiency Decreased OPEX costs


GigaSECURE® from Gigamon THE INDUSTRY’S FIRST SECURITY DELIVERY PLATFORM

Internet

Routers


“Leaf” Switches





IPS (Inline)


Forensics


targeted inspection


threat detection


applications



improved forensics


All tools still connected Fewer network touch points

Enhanced tool efficiency Decreased OPEX costs



targeted inspection


threat detection


applications



improved forensics

GigaVUE-VM and GIgaVUE® Nodes

NetFlow / IPFIX Generation

Application Session Filtering

SSL Decryption

Inline Bypass

10

Benefit for Security Operations

Pervasive infrastructure visibility Granular traffic selection controls

Enhanced tool efficiency Run multiple POCs in parallel

Legacy Approach Without Gigamon

Enterprise LAN

Security Tool Security Tool Security Tool Security Tool

Irrelevant Traffic

Relevant Traffic

With Gigamon Security Delivery Platform Security Tool Security Tool Security Tool Security Tool

Enterprise LAN

Relevant Traffic

Partial infrastructure view No control on traffic selected

Reduced tool efficiency


Gigamon GigaSECURE: Supported by the Industry GIGAMON ECOSYSTEM PARTNERS

“…our joint customers will benefit from some of the most advanced security

technology available.”

“…Gigamon’s high performance security delivery platform is

the right match…”

“…a robust and systematic framework to deliver pervasive network visibility to

security appliances…”

“…critical manageability and control to traffic and

flow visibility.”

“…Together, Lancope and Gigamon enable customers to solve today’s

tough security challenges."

“…To be effective, a security appliance needs to be able to access the right

network traffic…”

“…much needed operational efficiency to the task of ensuring

pervasive visibility for security tools.”

“…a security delivery platform addresses the real need for pervasive,

high fidelity visibility…”

“…efficient access to traffic flows and high fidelity meta-data from anywhere

in the network…”

“…allows joint customers to leverage Gigamon's Security Delivery Platform to

effectively extend and access the critical data flows …”

“…significantly increasing the efficiency and effectiveness of [business]

security teams…”

“… access to high fidelity network traffic is a vital step in the implementation of

advanced protections…"

“…Gigamon’s Security Delivery Platform will allow Savvius's products to continue

to provide the insight our customers depend on...”

“…GigaSECURE Security Delivery Platform sheds light on insider initiated threats, it can

provide complementary visibility to the network traffic that Palo Alto Networks sees… “

“Even the best security appliance will fail to deliver if it does not

get the right traffic,…”


Bridging the Gap


• Consistent network-wide traffic view for all security appliances, all of the time

• Eliminate departmental and appliance level contention for access to data

• No disruption to network traffic as security solutions get deployed or upgraded, or when moving from out-of-band to inline deployments

• Eliminate blind spots associated with encrypted traffic, mobility

• Significantly offload security appliances through full session offload and full flow metadata

• Faster identification of malware movement, faster time to containment

Benefits FASTER DETECTION, FASTER CONTAINMENT


Applications Gigamon

Applications

3rd Party Apps (e.g. Splunk, Viavi)

Applications & Tools Infrastructure,

User Community

Unified Visibility Fabric™

Traffic Intelligence

Visibility Fabric Nodes

(Pervasive visibility across physical, virtual, remote sites, and future SDN production networks)

Fabric Services Flow Mapping®

Fabric Control (Management)

Inline Bypass

GigaVUE-HD8 GigaVUE-HB1

GigaVUE-HC2 H S

erie

s

TA S

erie

s

GigaVUE-TA1 / TA10

GigaVUE-OS on white box

GigaVUE-TA40

Virt

ual V

isib

ility

GigaVUE-VM

TAPs

G-TAP

G-TAP A Series

G-TAP BiDi

Embedded TAPs

G S

erie

s GigaVUE-2404

GigaVUE-420

G-SECURE-0216

GigaVUE-FM

Clustering

GigaVUE-HD4

G-TAP M Series

FabricVUE™ Traffic Analyzer

De-duplication

Slicing

FlowVUE™

Masking

GTP Correlation

Header Stripping Tunneling

SSL Decryption

Adaptive Packet Filtering

Application Session Filtering Time Stamping

API

API

API

NetFlow Generation

API


• A Revolutionary Way to Distribute Critical Packet Data at a Fraction of the Cost • Enables the Visibility of Packet-Based Data from Anywhere on the Network • Lowers the Total Cost of Network Monitoring, Security and Compliance

Visibility Fabric™ Architecture SIMPLE IN CONCEPT – DIFFICULT IN EXECUTION

APM

Application Performance Management (APM)

Network Performance Management (NPM)

Customer Experience Management (CEM)

Security

Tool Farm

Phys

ical

GigaVUE-VM

GigaVUE-VM

Virt

ual

Flow Mapping®

(Packet Identification, Filtering, and Forwarding)

GigaSMART (Packet Modification and Transformation)


Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM

• Inline Tools: Sourcefire IPS, Imperva WAF • Out-of-Band tools: FireEye, ExtraHop • Needed many-to-one inline inspection, APP aware intelligence and capture

the same traffic for out-of-band security functions like FireEye and ExtraHop

• GigaSECURE®: Inline bypass technology to provide many-to-one (1x10Gb and 3x1Gb links) inline inspection

• APP aware capability only delivers WEB traffic to Imperva for inspection • Capture same Internet traffic and send to out-of-band FireEye, ExtraHop

• Use one Sourcefire appliance to protect 4 different physical links

with different media/speed • Feed same Internet traffic to both inline and out-of-band tools • Significantly simplified security operations: upgrade any security tool at will

Background & Challenge

Solution

Results & Key Benefits


Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM

Technical Benefits


• Industry’s first Security Delivery Platform

• One Architecture, One Software, One Management Platform for all Visibility

• Holistic Physical + Virtual Visibility for any network including SDN (Cisco ACI, VMware NSX)

• Zero Packet Loss through Patented Flow Mapping®

• Clustering: Extend Scale beyond a Single Node

• GigaSMART®: Common Platform for Advanced Traffic Intelligence, Service Chaining

• Only Vendor with Advanced Visibility: SSL Decryption, Application Session Filtering …

• High-fidelity NetFlow for Advanced Traffic Insight

• Advanced Traffic Visualization and Automation with GigaVUE-FM

• 100% Focused on Success of our Customers and Partners Customer numbers FY15Q2.

Why Gigamon? PROVEN ACROSS MORE THAN 1700 GLOBAL CUSTOMERS INCLUDING 75+ FORTUNE 100


Without Gigamon With Gigamon

Eliminate SPAN Port Contention FEW SPAN PORTS, MANY TOOLS

Customer is unable to use all tools! Customer has complete visibility for all tools!


Intrusion Detection System (IDS)

Packet Capture

VoIP Analyzer Switch with two SPAN

session limitation



VoIP Analyzer

Packet Capture



Limited Access to Environment FEW TOOL PORTS, MANY SWITCHES

Limited connectivity to full environment

Pervasive access – Can connect to all points in the environment

Analysis tool with only 2 NICs

Switch 1

Switch 2

Switch 3

Switch 4

Switch 5…n

Analysis tool with only 2 NICs

Switch 1

Switch 2

Switch 3

Switch 4

Switch 5…n


GigaVUE® Matches Your Network to Your Tools


Change Media and Speed 10, 40 OR 100GB TRAFFIC TO 1 OR 10GB TOOLS

10Gb 1Gb

Customer migrates to a 10Gb network and 1Gb monitoring tools become useless

Customer able to extend the life of their 1Gb network and security tools


VoIP Monitor


Packet Capture

VoIP Analyzer



Packet Capture

10Gb 1Gb


Without Gigamon

Run Multiple POCs in Parallel ACCELERATE CERTIFICATION OF NEW TOOLS

Customer performs each Proof-of-Concept (POC) serially at different times using different data

Customer is able to run multiple POCs concurrently using same data

With Gigamon

POC #1 – Vendor X Tool POC #2 – Vendor Y Tool POC #3 – Vendor Z Tool

1 month 2 month 3 month

POC #1 Vendor X Tool

POC #2 Vendor Y Tool

POC #3 Vendor Z Tool

1 month 2 month 3 month

Tool tested w/ NW Segment – 4 weeks

Tool tested w/ same NW Segment – 4 weeks

Tool tested w/ same NW Segment – 4 weeks


VISIBILITY MATTERS

visibility for security - arrow ecsuniversity.arrowecs.de/fileadmin/university/redaktion/... ·...

Documents