rethinking traffic visibility: gigamonedm.transition-asia.com/uploads/1/1/8/4/11847324/... ·...

Rethinking Traffic Visibility: GIGAMON

Gwen Lee Country Manager, South East Asia

2 © 2016 Gigamon. All rights reserved.

An Exciting and Disruptive Market

VISIBILITY

VISIBILITY to support management and monitoring

WAVE 1

©2016 Gigamon. All rights reserved.

VISIBILITY to enable security

WAVE 2

A FOUNDATIONAL BUILDING BLOCK FOR EFFECTIVE SECURITY

Making the invisible, visible.

International; high growth; profitable.

Leading the Network Traffic Visibility market.

Deploy by over 75% of the Fortune-1000.

Investing in Asia. Expanding our reach.


As of Q4 2015

Gigamon Customers Today

©2016 Gigamon. All rights reserved.

ENTERPRISE SERVICE PROVIDER FEDERAL

TECHNOLOGY INDUSTRIAL RETAIL FINANCE HEALTHCARE AND INSURANCE

78 of the

Fortune 100

50 of the Top 100 Global SPs

1900+ End Customers


Another Award-Winning Year


Gigamon GigaSECURE: Supported by the Industry GIGAMON ECOSYSTEM PARTNERS (WEFIGHTSMART.COM)

“…our joint customers will benefit from some of the most advanced security

technology available.”

“…Gigamon’s high performance security delivery platform is

the right match…”

“…a robust and systematic framework to deliver pervasive network visibility to

security appliances…”

“…critical manageability and control to traffic and

flow visibility.”

“…Together, Lancope and Gigamon enable customers to solve today’s

tough security challenges."

“…To be effective, a security appliance needs to be able to access the right

network traffic…”

“…much needed operational efficiency to the task of ensuring

pervasive visibility for security tools.”

“…a security delivery platform addresses the real need for pervasive,

high fidelity visibility…”

“…efficient access to traffic flows and high fidelity meta-data from anywhere

in the network…”

“…allows joint customers to leverage Gigamon's Security Delivery Platform to

effectively extend and access the critical data flows …”

“…significantly increasing the efficiency and effectiveness of [business]

security teams…”

“… access to high fidelity network traffic is a vital step in the implementation of

advanced protections…"

“…Gigamon’s Security Delivery Platform will allow Savvius's products to continue

to provide the insight our customers depend on...”

“…GigaSECURE Security Delivery Platform sheds light on insider initiated threats, it can

provide complementary visibility to the network traffic that Palo Alto Networks sees… “

“Even the best security appliance will fail to deliver if it does not

get the right traffic,…”


• Non homogeneous networks (1Gb copper, 1/10/40Gb fiber) • “Tsunami” of monitoring tools (for Network, Application, Security) • Same Visibility for all Security tools (You can’t secure what you can’t see!) • Visibility for Virtualization Infrastructure • Software Defined “Everything” (including SDN) • Multi Sites Visibility without Higher CAPEX

Current Challenges


Network Forensics/Big Data

Analytics

Application Performance Management

Network Performance Management

Ecosystem Partners who work with Gigamon Network

Security and Vulnerability Management

Customer Experience

Management


Transformation through Visibility: The Need for a Security Delivery Platform

Anti-Malware (Inline)

Anti-Malware (Inline) Anti-Malware

(Inline)

NGFW

NGFW

NGFW

Email Threat Detection



Forensics

Forensics Forensics

Intrusion Detection System Intrusion

Detection System

Intrusion Detection System

Internet

Routers

“Spine” Switches

“Leaf” Switches

Virtualized Server Farm




All tools still connected Fewer network touch points

Enhanced tool efficiency Decreased OPEX costs

Security Delivery Platform: A foundational building block to effective security

Isolation of applications for

targeted inspection

Visibility to encrypted traffic for

threat detection

Inline bypass for connected security

applications

A complete network-wide reach: physical and virtual

Scalable metadata extraction for

improved forensics

Security Delivery Platform

Intrusion Detection System

NGFW Email Threat Detection

IPS (Inline)


Forensics


Without Gigamon With Gigamon

Use Case: Eliminate SPAN Port Contention FEW SPAN PORTS, MANY TOOLS

Customer is unable to use all tools! Customer has complete visibility for all tools!

Switch with two SPAN session limitation

Intrusion Detection System (IDS)


VoIP Analyzer

Packet Capture



Packet Capture

VoIP Analyzer Switch with two SPAN ports


Without Gigamon

Use Case: Tool Efficiency TOOLS RECEIVED IRRELEVANT TRAFFIC, REDUCE EFFICIENCY

Relevant and Irrelevant traffic is passed to the Tool => efficiency of Tool reduced!

Only relevant traffic is passed to the Tool!

Switch Switch

Security Tool

Irrelevant Traffic

Relevant Traffic

Relevant Traffic

With Gigamon

Security Tool



Use Case: Visibility into Virtual USE EXISTING TOOL FOR VIRTUAL

Existing Tool have no visibility into virtual environment

Visibility into Virtual World with existing Tools

Switch

VM 1

VM 2

EXSi / NSX / KVM

VM 3

???

Switch

VM 1

VM 2

EXSi / NSX / KVM

VM 3


OS

DB

DB Server

Leaf

Core Core

Leaf Leaf

Spine

Leaf

Spine

• Small footprint ‘Virtual Tap’ guest VM appliance • Access, Select, Transform, and Deliver Virtual traffic

GigaVUE-VM - Virtual Workload Monitoring EXTENDING VISIBILITY INTO VIRTUAL DATA CENTERS

Application Performance

Network Performance

Security

Centralized tools

GigaVUE-VM • Flow Mapping™

• Filter on VM, application ports • Packet slicing at any offset • Tunneling for multi-tenant

Advanced Traffic Intelligence • De-duplication • Packet Masking • Packet Slicing • Header Stripping

• Time Stamping • Load Balancing • NetFlow Generation • SSL Decryption

Network Tunnel Port

Tunneling

• Visibility into Hosted Applications

• Visibility into Physical to Virtual traffic

DB


Inline Bypass to Scale Security Delivery SOLVING PAIN POINTS OF BOTH SECURITY & NETWORK TEAMS

Inline Bypass



Inline Bypass



Inline Bypass

No service

Service continue



Increase scale of security monitoring

Consolidate multiple points of failure into a single, bypass-protected solution

Add, remove, and upgrade tools seamlessly

Integrate Inline, Out-of-Band, and Flow-based tools via the GigaSECURE® Security Delivery Platform

Maximize tool efficiency

Inline Bypass



Use Case: Limited Access to Environment (Multi segments) LIMITED TOOL PORTS, MANY SWITCHES

Limited Connectivity to Full Environment

Pervasive Access – Can Connect to All Points in the Environment

Analysis tool with only 2 NICs

Switch 1

Switch 2

Switch 3

Switch 4

Switch 5…n

Analysis tool with only 2 NICs

Switch 1

Switch 2

Switch 3

Switch 4

Switch 5…n


GigaVUE® Matches Your Network to Your Tools


Use Case: Change Media and Speed (Future proof to new network) 10, 40 OR 100GB TRAFFIC TO 1 OR 10GB TOOLS

10Gb 1Gb

Customer migrates to a 10Gb network and 1Gb monitoring tools become useless

Customer able to extend the life of their 1Gb network and security tools

VoIP Analyzer



Packet Capture Intrusion Detection System

VoIP Monitor


Packet Capture


Use Case: SSL Decryption OUT-OF-BAND SSL DECRYPTION USING THE SECURITY DELIVERY PLATFORM

IDS at the Perimeter

Anti-malware for Web Apps

DLP at remote sites

Router Firewall Switch

Router

Router

HQ Database

IDS

DLP Anti- Malware

SSL Decryption

SSL Decryption

TAP

TAP

Wor

ksta

tions

Firewall with SSL Proxy LA

N

SSL Decryption

Server Rack (Physical / Virtual)

Branch

SSL Decryption



Use Case: Optimize Tool Efficiency (Centralization) MAXIMIZE THE TOOL INVESTMENT BY CENTRALIZING,

1 site per Tool – Tools not optimized Centralize the Tools for maximum efficiency

Switch 1 Remote 1

Switch 2 Remote 2

Switch Central

Switch 3 Remote 3

Switch 4 Remote 4

Switch 1 Remote 1

Switch 2 Remote 2

Switch

Central

Switch 3 Remote 3

Switch 4 Remote 4


Spine (Nexus 9500)

Leaf (Nexus 9300)

New ACI Architecture

Virtualized Server Farm (UCS)

HYPERVISOR

VM VM

GigaVUE-VM

Software-Defined Visibility TOOL CENTRALIZATION WITH VISIBILITY FABRIC

Network Transform-

ation

Core (Nexus 7K)

Aggregation (Nexus 5K, Catalyst 6K)

Access (Nexus 2K)

Server Farm

Traditional Architecture

SSL Decryption

NetFlow Generation

Application Session Filtering

Header Stripping

GigaVUE-FM

VM Traffic

VXLAN= 6000

VXLAN= 5000

De-cap VXLAN

NetFlow / IPFIX

Centralized Tools


Customer Experience Management

Security

Network Performance Management

REST APIs

Closed Loop Monitoring

Inline Bypass

G-TAP BiDi (40Gb)

• All tools are still connected

• Fewer network touch points

• Increased tool performance

• Cost savings

Case Study


Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM

• Inline Tools: SourceFire IPS, Imperva WAF • Out-of-Band tools: FireEye, ExtraHop • Needed many-to-one inline inspection, APP aware intelligence and capture

the same traffic for out-of-band security functions like FireEye and ExtraHop

• GigaSECURE®: Inline bypass technology to provide many-to-one (1x10Gband 3x1Gb links) inline inspection

• APP aware capability only delivers WEB traffic to Imperva for inspection • Capture same Internet traffic and send to out-of-band FireEye, ExtraHop

• Use one SourceFire appliance to protect 4 different physical links

with different media/speed • Feed same Internet traffic to both inline and out-of-band tools • Significantly simplified security operations: upgrade any security tool at will

Background & Challenge

Solution

Results & Key Benefits


Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM


• Leading Vendors: IBM, HP, SPLUNK, Intel Security (McAfee), LogRhythm

• Function: collect and correlate log, event and network data from a variety of disparate sources for detection and compliance reporting

• GigaSECURE Value-add – Richer analytics with unsampled NetFlow Generation – Cost effective scaling – Extended NetFlow with URL and SIP for threat detection – Match traffic flow to traffic source through CDP support; find

infected machines faster – SSL decryption

• Opportunities: expansion of SIEM for compliance reporting and internal audits, expansion of threat monitoring for detection

Gigamon + SIEM EXPANDED ANALYTICS AND PERVASIVE VISIBILITY

Network Performance

Security

NetFlow Collector

Traffic Data

NetFlow Stats

NetFlow Generation

Flow Mapping®


Case Study: Federal / Civilian Agency CENTRALIZED MANAGEMENT, SECURITY FOR PHYSICAL AND VIRTUAL INFRASTRUCTURE

• 4 Separate Locations • Existing network was hacked. Counter cyber security threats • Migrate from older Gigamon H/W to new Visibility Fabric™ Infrastructure • Centrally manage and secure growing Virtual Infrastructure

• GigaVUE-HC2’s @ 4 locations with Integrated TAPs • GigaVUE-FM and GigaVUE-VM (250 nodes)

• Outsider & Insider threat addressed with this solution • Secured Physical and Virtual Infrastructure • Lower CAPEX and OPEX: Optimize existing tools, quickly add new tools

Background & Challenge

Solution

Results & Key Benefits


Case Study: Federal / Civilian Agency DEPLOYMENT – SECURITY AND VIRTUAL MONITORING

Remote Data Center

Network Ports

Tool Ports 24 x 10Gb Module

Switch 1 Switch 2

Server Farm 1

Server Farm 2

Core A Core B

Tool Connections to any tools in your Tool Farm

Tunneled VM to VM

conversation

Remote Data Center

Core 0 Core 1

TAP links to GigaVUE®

GigaVUE-VM

VM Applications Tool Farm

Tool Farm

OC3

OC3

GigaSMART® module


#wefightsmart

rethinking traffic visibility: gigamonedm.transition-asia.com/uploads/1/1/8/4/11847324/... ·...

Documents