Gigamon® 方案說明

資安新視界-資安訊息派送平台

Stanley Lin 林大鈞 Sales Engineer, Taiwan

stanley.lin@gigamon.com

智能流量疏導與視覺化平台領導者

2 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

成立於 2004 年美國加州，2005 年第一個產品交貨 – 2013年六月在NYSE IPO

創造了Data Access Network – 現在稱為 Unified Visibility Fabric 架構

多項專利技術 – 31 項專利, 28 項申請中

超過 2000 個集團大型客戶使用GigaVUE ，分布在 60 多個國家

美國開發與生產

超過 78 個世界 Fortune 100 公司已採用Gigamon的方案

Gigamon Inc. – 美商奇望 The Company. The Team. The Results.

3 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Gigamon – Visibility產業的領導者 GIGAMON是VISIBILITY的CISCO

• 較次大市場佔有率廠家成長率高出4倍

• 37.6% market share as per Gartner

“Gigamon is the market share leader in the

NPB market delivering Layer 2 through Layer

7 NPB visibility, filtering and correlation via its

GigaSMART platform”

- Gartner, Jan 2016

Year

Quarter Q1'15 Q2'15 Q3'15 Q4'15 Q1'16 Q2'16

Gigamon $46.85  $51.45 $56.65 $67.00 $67.20 $75.10

Ixia NVS $35.60  $28.80 $33.50 $32.50 $29.20 $30.20

Gigamon growth rate (YoY) 47.50% 47.60% 44.30% 30.70% 43.40% 46.00%

Ixia NVS growth rate (YoY) 47.10% 11.60% 12.00% -16.20% -18.00% 4.90%

2015 2016

4 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

資訊安全面對與過往不同的挑戰?

5 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Source: Gartner Trends Telecom Forecast (March 2014)

全年資安預算執行了數百億美元的安全防範 投資不可謂不多了

FIREWALL/VPN 設備

$6,721M

IPS

$1,520M 具資安功能 ROUTERS

$968M

企業網路安全設備

防毒, EMAIL;

WAF,NAC …

$9,209M

6 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

資安問題卻不斷發生 – 規模之大令人震驚

*http://variety.com/2014/film/news/sony-hack-unparalleled-cyber-security-firm-1201372889/

+http://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/

++http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/

“知名資訊科技公司「雅虎」，驚傳遭駭客攻擊，目前已有5億多筆用戶資訊全部被盜，也成為美國史上最大規模的個資外洩事

件。” * 2016年9月

“…美國人事行政局 (OPM) 指出大約有

22.1M 個人資料已被盜用 … ” + 2015年

“美國第二大健保公司安泰公司, Anthem

Inc. , 正式宣佈約有8千萬客戶資訊被盜

用 ” ++ 2015年

7 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

盗領事件的省思 – 看不到就無法發揮功效 ATM被遠端控制盗領，更顯示駭客已進化，在內網活動，無法使用現有資安防堵方式防禦!

8 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

• 當今網路資訊安全的架構趨勢已由防堵(Prevention)模式轉化為偵測與立即反應 (Detection & Response) 模式

• 此種資安運作模式必須仰賴一套整合式的資安聯結架構, 以供各種不同資安設備的佈建與擴充

• GigaSECURE是業界首套資安訊息派送平台 (Security Delivery Platform) , 此架構將轉化現有資安服務建置的方式 – 使資安設備更有防治效益, 更自動化, 更降低成本

給CIO與CSO組長的提醒

9 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Introducing GigaSECURE®

業界第一套資安訊息派送平台

SECURITY DELIVERY PLATFORM

9 © 2015 Gigamon. All rights reserved.

10 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

是該將主動權由攻擊者手上移轉至防禦者的時侯了

如何鎖定資安威脅: 現有的資安佈建面臨巨大挑戰 視別訊務有地點或時間的限制

Internet

Routers

“Spine”

Switches

“Leaf”

Switches

Virtualized

Server Farm

Intrusion

Detection

System

Data Loss

Prevention

Email Threat

Detection

IPS

(Inline)

Anti-Malware

(Inline)

Forensics

資安防禦的挑戰:

• 整體網路盲點太多無法全面視別

• 為達資安效能要求導致成本極高

• 資安設備爭奪訊務流量的取得

• 訊務流量無法保持一致性

• 加密封包無法快速解密

• 導致太多假警報 false positives

11 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Intrusion

Detection

System

Data Loss

Prevention

Email Threat

Detection

IPS

(Inline)

Anti-Malware

(Inline)

Forensics

全網可視性Visibility的革命: 資安訊息派送平台

Intrusion

Detection

System

Email Threat

Detection

IPS

(Inline)

Forensics

Data Loss

Prevention

Anti-Malware

(Inline)

Internet

Routers

“Spine”

Switches

“Leaf”

Switches

Virtualized

Server Farm

資安訊息派送平台

Security Delivery Platform

按應用程式類型

獨立識別，進行有

目標性的檢測

提供加密流量的

可視性，保障加密

流量不含有威脅

Inline bypass 為

多層資安架構環境

提供可視性

全網完整覆蓋：

實體網與虛擬網

不抽樣的統計數據

生成，改善資訊

的鑑職準確度

Security Delivery Platform: 創造高效益資安系統的基礎平台

12 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

GigaSECURE® 的效益

1. 增加工具本體效益 2. 全網可視性提高工具的偵測效果 3. 網路運作不受工具影響更穩定

全面性的訊務視別能力

精密篩選訊務供不同資安設備

大幅提昇資安設備效能

Legacy Approach Without Gigamon

Enterprise LAN

Security Tool Security Tool Security Tool Security Tool

Irrelevant

Traffic

Relevant

Traffic

With Gigamon Security Delivery Platform

Security Tool Security Tool Security Tool Security Tool

Enterprise LAN

Relevant

Traffic

• 只見局部網路點之訊務

• 無法控制要取得哪種訊務

• 資訊設備的效能無法善用

13 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

網路取證 /

大數據分析

應用性能管理

網路性能管理

Gigamon適用於各種不同資安, 分析設備應用

Network

資安與漏洞管理

用戶經驗分析系統

14 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Applications Gigamon

Applications

3rd Party Apps (e.g. Splunk, Viavi)

Applications & Tools Infrastructure,

User Community

Gigamon全範圍可視化方案 - Visibility Fabric™

Traffic

Intelligence

Visibility

Fabric Nodes (Pervasive visibility across

physical, virtual, remote

sites, and SDN

production networks)

Fabric

Services Flow Mapping®

Fabric Control

(Management)

Inline Bypass

GigaVUE-HD8 GigaVUE-HB1

GigaVUE-HC2 H S

eri

es

TA

Se

rie

s GigaVUE-TA10

GigaVUE-OS

on white box

GigaVUE-TA40

Vir

tua

l V

isib

ilit

y

GigaVUE-VM

TA

Ps

G-TAP

G-TAP A Series

G-TAP BiDi

Embedded TAPs

G S

eri

es

GigaVUE-2404

GigaVUE-420

G-SECURE-0216

GigaVUE-FM

Clustering

GigaVUE-HD4

G-TAP M Series

FabricVUE™ Traffic Analyzer

De-duplication

Slicing

FlowVUE™

Masking

GTP

Correlation

Header

Stripping Tunneling

SSL Decryption

Adaptive

Packet Filtering

Application

Session Filtering Time Stamping

AP

I

NetFlow & Metadata

Generation

AP

I

AP

I

AP

I

GigaVUE-TA100

15 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

資安訊息派送平台應用範例

16 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用一 : In-Line Bypass 增進資安運作效能與彈性 現有資安與網路的棘手問題

SiSi SiSi

Firewall1

Switch x 2

Switch x 2

Switch x 2

IPS1

WAF1

Firewall2

IPS2

WAF2

資安設備必須與網路頻寬同速率

任何資安設備的變動, 如新加/移除設備, 版本升級, 必導致網路運作停頓

任一資安設備問題導致整個網路運作受到影響

新增設備測試時, 必須以實際運作的流量做測試,

導致測試時網路運作受到斷斷續續的影響

Active-Standby

浪費一台工具

Inline

Bypass

17 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用一 : In-Line Bypass 增進資安運作效能與彈性 解決了資安與網路組的棘手問題

SiSi SiSi

Firewall1

Switch x 2

Switch x 2

Switch x 2

IPS1

WAF1

Firewall2

IPS2

WAF2

雙資安設備可同時運作, 提昇檢測容量

任何資安設備的變動, 如新加/移除設備, 版本升級, 並不影響網路運作

資安效能依網路實際流量配置而非網路頻寬而定

整合串接 Inline, 旁接 Out-of-Band, Flow-based

設備於 GigaSECURE® 平台一體架構

簡化資安連結架構

SiSi SiSi

heartbeats

heartbeats heartbeats

heartbeats

10G 10G

WAF IPS Firewall1 Firewall2

Inline

Bypass

18 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

• 把流量均衡分配到幾台設備上，擴大資安管理的規模

• 同時可加入頻外(out-of-band)分析工具，擴大資安管理的能力

應用一 : In-Line Bypass 增進資安運作效能與彈性 一對一、一對多

Port A1 Port B1

Inline

Bypass

19 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

• 合併多條線路的流量 (最多可以36條線路)，轉發去同一台 inline 資安分析設備上

• VLAN標籤用來區分回路 (回到真正線路前會自動去掉)

應用一 : In-Line Bypass 增進資安運作效能與彈性 多對一、多對多

Port A1 Port B1 Port A2 Port B2

VLAN 101 VLAN 101

VLAN 102 VLAN 102

Inline

Bypass

20 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用一 : In-Line Bypass 增進資安運作效能與彈性 Application-Aware Bypass, Serial Inline Tools

A1 B1 A2 B2 A3 B3

Application Aware Bypass Serial Inline Tools

• 依不同應用程式種類需要去篩選訊務流量至不同資安設備

• Inline訊務流量可以啟用Flow Mapping功能

• 對不同資安設備可建立專屬L2-L4篩選政策

• 對不需監的訊務流量直接Bypass

• 可提昇網路與應用程式效能

• 可同時送串聯訊務流量到多個資安設備介面

• 可以Bypass 有問題的資安設備而不會導致網路中斷

• 串聯設備一台斷線導致全部流量中斷

• 可任意增加/移除或昇級資安設備而不影響網路運作

A1 B1 A2 B2 A3 B3

Inline

Bypass

21 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用二

虛擬環境流量可視式

22 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

OS

DB

DB Server

Leaf

Core Core

Leaf Leaf

Spine

Leaf

Spine

應用二 : 虛擬環境流量可視式- GigaVUE-VM LIGHTWEIGHT VM，非侵入式的NFV架構流量收集

應用管理 APM

網路管理 NPM

資安檢測

工具集中

部署

GigaVUE-VM

• Flow Mapping™

• 按VM、tcp/udp 埠進行過濾

• 封包裁切

• 多通道方式送封包去中心設備

進階流量處理

• 去除重複封包

• 敏感資料遮罩

• Source Port標籤

• 表頭移除

• 時間戳記

• 應用特徵過濾

• NetFlow Generation

• SSL封包解密

Network

Tunnel Port

Tunneling

DB

GigaVUE-VM and

GIgaVUE® Nodes

所有分析工具與系統收到同一個源頭分發的數據，方便以後關聯分析，也提高了關聯分析準確性

23 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用二 : 虛擬環境流量可視式- GigaVUE-VM

GigaVUE-FM

Traffic

Policies

APM

NPM

Security

CEM

Tunneling

VDS, VSS, N1k

VMware ESXi VMware ESXi

VDS, VSS, N1k

• 只在主機Hypervisor 佈放建置 ⎻ GigaVUE-VM on every ESXi host

• 篩選所需流量輸出 ⎻ VDS, VSS, Nexus 1k

• 與vCenter整合, 可偵測vMotion

自動找出所要監看的虛擬主機所在Hypervisor位置

GigaVUE-VM

GigaVUE-VM and

GIgaVUE® Nodes

24 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Spine (Nexus 9500)

Leaf (Nexus 9300)

New ACI Architecture

Virtualized Server Farm (UCS)

HYPERVISOR

VM VM

GigaVUE-VM

應用二 : 虛擬環境流量可視式- GigaVUE-VM Cisco ACI 架構亦可應用

Network

Transformation

Core (Nexus 7K)

Aggregation (Nexus 5K,

Catalyst 6K)

Access (Nexus 2K)

Server Farm

Traditional Architecture

SSL

Decryption

NetFlow

Generation

Adaptive

Packet

Filtering

Header

Stripping

GigaVUE-FM

VM Traffic

VXLAN=6000

VXLAN=5000

De-cap VXLAN

NetFlow / IPFIX

Centralized Tools

Application

Performance

Management

Customer

Experience

Management

Security

Network

Performance

Management

REST APIs

Closed Loop Monitoring

Inline

Bypass

G-TAP BiDi

(40Gb)

• 利用原有資安工具監看ACI架構流量

• 解析ACI 打包封包格式, 並去除VXLAN報頭再派送給工具設備

• 流量分類篩選再派送給工具設備, 提昇工具設備效益而無需更新資安設備

• 因而降低資安設備成本

25 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用三

全網Packets level, NetFlow / IPFIX Generation

26 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用三 : 全網NetFlow / IPFIX Generation 資安訊息派送平台產生不同需要的NETFLOW METADATA內容

• 1:1式NetFlow/IPFIX的輸出, 可增進 “慢速攻擊” 的偵測

• 可依不同資安設備設定不同篩選條件的NetFlow記錄

• 可以Offload資料傳輸交換器產生NetFlow/IPFIX的負擔

• 經由全流量Flow的視別可達成全域性 (End-to-End) 的資安防禦

• 對於利用資料傳遞通訊流程的攻擊方式特別有效地偵測

• 與市面領先之SIEM廠家或NetFlow統計鑑識設備商均有結合運作範例

Advanced Information

Elements

• 可以選用輸出URL訊息至所產生的客製化格式中如

• 至多可以同時輸出6個不同NetFlow v5/v9 and IPFIX的接收/分析設備

• 可結合LLDP/CDP 定位資料傳輸來源介面

Flow Metadata

SIEM and NetFlow

Forensics Integration

NetFlow / IPFIX

Generation

27 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

* Planned

應用三 : 全網NetFlow / IPFIX Generation

Uncover Denial of Service & compromise of internal web servers

HTTP Response Codes

Discover malicious communications to C&C servers using DNS transactions

DNS Discovery*

DNS C&C

Bots

Analyze HTTPS certificates to discover bad/suspicious certificates

HTTPS Certificate Anomalies*

Correlate Kerberos and DHCP logs to map “who” (user) with “what” (hostname and IP)

Mapping User, Hostname & IP Address*

Metadata

User

Machine IP

NetFlow / IPFIX

Generation

Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.

28 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用三 : 全網NetFlow / IPFIX Generation NETFLOW/IPFIX應用在資安偵測的範例

6 5 4 3 2

Phishing & zero

day attack Back door

Lateral

movement

Data

gathering Exfiltrate

1

Reconnaissance

Patient zero

analysis with

HTTP, HTTPS

and DNS

analysis

C&C analysis

with URL, HTTP,

SSL certificate

and DNS

analysis

Anomaly based

detection

through flow,

login, and

session analysis

URL, volumetric, HTTP / HTTPS, SSL

certificate, DNS analysis

NetFlow / IPFIX

Generation

29 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用三 : 全網NetFlow / IPFIX Generation 讓資安工具設備更快速地偵測問題所在

DNS query and

response information

DHCP query and

response information

URL access

Information

HTTP request,

response information

SSL certificate

information

Kerberos and user

login information

Server, application

connectivity information

User flow records

and session information

Intrusion

Detection

System

Data Loss

Prevention

Email Threat

Detection

IPS

(Inline)

Anti-Malware

(Inline)

Forensics

GigaVUE-VM and

GIgaVUE® Nodes

Application

Session Filtering

SSL

Decryption

Inline

Bypass

Context and Intent-based

Big Data Analytics

NetFlow / IPFIX

Generation

Metadata Engine

NetFlow / IPFIX

Generation

30 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

業界支持

GIGAMON NETFLOW / IPFIX GENERATION

Currently

Available

Currently

Available

In

progress

In

progress

In

progress

Currently

Available

In

progress

NetFlow / IPFIX

Generation

31 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Necessary And Sufficient?

Metadata 能協助快速定位

32 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Necessary And Sufficient?

Full Packet Stream 能找出攻擊內容與源頭

33 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Full Packet Stream ASF – 應用辨識 SESSION FILTERING

Application

Session Filtering

通用收集器 1 1 2 2

1 1 2 2 3 3 4 4 Email

監控

視頻

監控

3 1 2 4

Application

Session Filtering

• DPI/Content-based Filtering 把應用辨識，並把同一個 session 的封包一併過濾出來

• 舉例: 帶 attachment 的 email，BitTorrent 封包,，URL地址，在 HTTP上的 Over-the-top 應用 (下載,

youtube, facebook)

• 支持使用 RegEx (Regular Express) 定義特徵

• Session Aware

NETFLIX Exchange NETFLIX NETFLIX NETFLIX Exchange Exchange Exchange

NETFLIX

Exchange

NETFLIX NETFLIX NETFLIX

Exchange Exchange Exchange

NETFLIX Exchange NETFLIX Exchange

1 2 3 4

^rfb 00[1-9]\.00[0-9]\x0a$ MAC LLC IP Data Trailer

34 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Vir

tual

Physic

al

自我調整數據包過濾 Adaptive Packet Filtering

APF提供強大的功能支援過濾查找出FULL-PACKET中的內容

35 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Physic

al

• 利用封包切片，在轉發去分析系統前，把封包中含有敏感資料的部份移除。

• 利用封包切片，在轉發去分析系統前，把封包中敏感資料的部份遮罩，例如信用卡卡號，身份證號等。

SSL 封包解密與法規遵從 怎樣可以兩全其美？

Flow

Mapping®

通道終結點

SSL

封包解密

封包切片

敏感資料

遮罩 Vir

tual

GigaVUE-VM

GigaVUE-VM

遙距節點所收集到的流量轉發到 DLP 分析

Web 伺服器相關流量轉發到 NPM / CEM

監控

跨越全網虛擬伺服器間的流量轉發到

IDS 分析

36 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用四

大幅減少記錄容量，機敏資訊的遮蓋

37 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

應用四 : 大幅減少記錄容量

選擇性封包裁切

• 去除重覆封包

• 單一session流量經由數個網路結點, 會產生多個相同而重覆的封包

• De-Dup功能可辦識相同session流量而將重覆封包只留取一筆, 而可減少33~75%的封包量

去除重覆封包

• 封包裁切

• 對不同屬性流量可裁切不同長度的封包, 可以減少側錄或大數據設備的容量

• 平均網路流量封包長度約為800Byte, 如果依需要裁切為平均200Byte, 則可節省80%流量

去除重覆封包 封包裁切

38 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

臺北某科技大學 計算機與網路中心

Gigamon 客戶實用案例分享

39 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

• 該科技大學因承辦技專校院招生委員會聯合會相關業務。因應教育部政策，資安等級提升為A級

• 評估峰值流量於一年內將增加為6Gbps至8Gbps

• 現有APT、WAF不是無對應流量之型號或是無法負荷之預算金額

• POC測試設備時無法克服 – 核心交換器因Mirror Port過多無法負荷

– 某些測試設備必須Inline，上線時調整線路造成斷線

– 測試設備異常無法即時拔除

未建置Gigamon架構前困擾問題

40 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

該校 In-Line 連接架構示意

Stack

WAN Switch1 WAN Switch2

VSS

Core (Local) Core (Remote) NG Firewall

QoS Device

41 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

該校 Out-of-band 連接示意

SIEM

• 可透過設定將多路聚合 (多對1)

Flow Analysis

POC Device

POC Device

42 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

• 設備採購成本降低 – 緩衝資安設備HA一次到位預算壓力

– 使用Map Filter 依照條件決定流量路徑。8Gb流量也能用4Gb設備，如：

• IP Dst 非Server Farm 不通過WAF設備

• 非SSL封包不通過SSL解密設備

• 非關鍵業務網段不通過APT設備

• 高度彈性 – 可控制介面，依需求彈性切換使用模式不浪費

– 依政策需求可調整個別設備故障政策(Fail Open、Fail Close)

– 設備測試、維護及升級不斷線，提升業務持續運作成效

建置後現階段效益

Deep Packet Inspection 辨識關鍵業務 - 金融應用

44 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Deep Packet Inspection – GigaSMART APF/ASF

45 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

金融交易 – 以字段 “03 06 45 20…9168” 辨識及過濾

46 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

金融交易 – 以字段 “03 06 45 20…9168” 辨識及過濾

Cisco ACI & SDDC環境監測

48 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

Cisco ACI & SDDC 環境

49 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

• Spine-Leaf是40Gb BiDi線路 – 監測工具不支援

• 扁平化架構 – 線路增多

– 縱向橫向流量都存在，封包容易被重複捕捉

• 使用VxLAN技術 – 監測工具無法辨識，造成分析錯誤或是無法解譯

• Cisco UCS虛擬環境 – 出現監測盲點

Cisco ACI & SDDC 環境 監測挑戰

50 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

ACI VxLAN – Before Gigamon: unknown traffic

51 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

After Gigamon VxLAN Header Strip

55 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

• 全網資安訊息的可視性 – 提供資安設備完整訊息 – 實體網路，虛擬網路，內部網路全部可視

• 工具設備介接與實作網路分離 – 工具設備介接彈性 – 網路頻寬與工具效能脫鈎，工具任何異動不影響網路運作

• DPI深度訊務封包辨識 – 訊務篩選派送提昇工具設備運作效益 – 包含封包Header, Data內容的辨識與篩選能力，大幅節省工具設備需要處理的訊務量

• 應用程式訊務辨識 – mission critical app 的應用結合 – 金融應用 - 關鍵營運業務 (如ATM訊務) 的篩選可作稽核與分流

為什麼現在需要Gigamon平台

56 Confidential and Proprietary. For Internal Use Only. © 2015 Gigamon. All rights reserved.

See More

Secure More