rethinking traffic visibility: gigamonedm.transition-asia.com/uploads/1/1/8/4/11847324/... ·...
TRANSCRIPT
Rethinking Traffic Visibility: GIGAMON
Gwen Lee Country Manager, South East Asia
2 © 2016 Gigamon. All rights reserved.
An Exciting and Disruptive Market
VISIBILITY
VISIBILITY to support management and monitoring
WAVE 1
©2016 Gigamon. All rights reserved.
VISIBILITY to enable security
WAVE 2
A FOUNDATIONAL BUILDING BLOCK FOR EFFECTIVE SECURITY
Making the invisible, visible.
International; high growth; profitable.
Leading the Network Traffic Visibility market.
Deploy by over 75% of the Fortune-1000.
Investing in Asia. Expanding our reach.
4 © 2016 Gigamon. All rights reserved.
As of Q4 2015
Gigamon Customers Today
©2016 Gigamon. All rights reserved.
ENTERPRISE SERVICE PROVIDER FEDERAL
TECHNOLOGY INDUSTRIAL RETAIL FINANCE HEALTHCARE AND INSURANCE
78 of the
Fortune 100
50 of the Top 100 Global SPs
1900+ End Customers
5 © 2016 Gigamon. All rights reserved.
Another Award-Winning Year
6 © 2016 Gigamon. All rights reserved.
Gigamon GigaSECURE: Supported by the Industry GIGAMON ECOSYSTEM PARTNERS (WEFIGHTSMART.COM)
“…our joint customers will benefit from some of the most advanced security
technology available.”
“…Gigamon’s high performance security delivery platform is
the right match…”
“…a robust and systematic framework to deliver pervasive network visibility to
security appliances…”
“…critical manageability and control to traffic and
flow visibility.”
“…Together, Lancope and Gigamon enable customers to solve today’s
tough security challenges."
“…To be effective, a security appliance needs to be able to access the right
network traffic…”
“…much needed operational efficiency to the task of ensuring
pervasive visibility for security tools.”
“…a security delivery platform addresses the real need for pervasive,
high fidelity visibility…”
“…efficient access to traffic flows and high fidelity meta-data from anywhere
in the network…”
“…allows joint customers to leverage Gigamon's Security Delivery Platform to
effectively extend and access the critical data flows …”
“…significantly increasing the efficiency and effectiveness of [business]
security teams…”
“… access to high fidelity network traffic is a vital step in the implementation of
advanced protections…"
“…Gigamon’s Security Delivery Platform will allow Savvius's products to continue
to provide the insight our customers depend on...”
“…GigaSECURE Security Delivery Platform sheds light on insider initiated threats, it can
provide complementary visibility to the network traffic that Palo Alto Networks sees… “
“Even the best security appliance will fail to deliver if it does not
get the right traffic,…”
7 © 2016 Gigamon. All rights reserved.
• Non homogeneous networks (1Gb copper, 1/10/40Gb fiber) • “Tsunami” of monitoring tools (for Network, Application, Security) • Same Visibility for all Security tools (You can’t secure what you can’t see!) • Visibility for Virtualization Infrastructure • Software Defined “Everything” (including SDN) • Multi Sites Visibility without Higher CAPEX
Current Challenges
8 © 2016 Gigamon. All rights reserved.
Network Forensics/Big Data
Analytics
Application Performance Management
Network Performance Management
Ecosystem Partners who work with Gigamon Network
Security and Vulnerability Management
Customer Experience
Management
9 © 2016 Gigamon. All rights reserved.
Transformation through Visibility: The Need for a Security Delivery Platform
Anti-Malware (Inline)
Anti-Malware (Inline) Anti-Malware
(Inline)
NGFW
NGFW
NGFW
Email Threat Detection
Email Threat Detection
Email Threat Detection
Forensics
Forensics Forensics
Intrusion Detection System Intrusion
Detection System
Intrusion Detection System
Internet
Routers
“Spine” Switches
“Leaf” Switches
Virtualized Server Farm
Anti-Malware (Inline)
Anti-Malware (Inline)
Anti-Malware (Inline)
All tools still connected Fewer network touch points
Enhanced tool efficiency Decreased OPEX costs
Security Delivery Platform: A foundational building block to effective security
Isolation of applications for
targeted inspection
Visibility to encrypted traffic for
threat detection
Inline bypass for connected security
applications
A complete network-wide reach: physical and virtual
Scalable metadata extraction for
improved forensics
Security Delivery Platform
Intrusion Detection System
NGFW Email Threat Detection
IPS (Inline)
Anti-Malware (Inline)
Forensics
10 © 2016 Gigamon. All rights reserved.
Without Gigamon With Gigamon
Use Case: Eliminate SPAN Port Contention FEW SPAN PORTS, MANY TOOLS
Customer is unable to use all tools! Customer has complete visibility for all tools!
Switch with two SPAN session limitation
Intrusion Detection System (IDS)
Application Performance Management
VoIP Analyzer
Packet Capture
Application Performance Management
Intrusion Detection System (IDS)
Packet Capture
VoIP Analyzer Switch with two SPAN ports
11 © 2016 Gigamon. All rights reserved.
Without Gigamon
Use Case: Tool Efficiency TOOLS RECEIVED IRRELEVANT TRAFFIC, REDUCE EFFICIENCY
Relevant and Irrelevant traffic is passed to the Tool => efficiency of Tool reduced!
Only relevant traffic is passed to the Tool!
Switch Switch
Security Tool
Irrelevant Traffic
Relevant Traffic
Relevant Traffic
With Gigamon
Security Tool
12 © 2016 Gigamon. All rights reserved.
Without Gigamon With Gigamon
Use Case: Visibility into Virtual USE EXISTING TOOL FOR VIRTUAL
Existing Tool have no visibility into virtual environment
Visibility into Virtual World with existing Tools
Switch
VM 1
VM 2
EXSi / NSX / KVM
VM 3
???
Switch
VM 1
VM 2
EXSi / NSX / KVM
VM 3
13 © 2016 Gigamon. All rights reserved.
OS
DB
DB Server
Leaf
Core Core
Leaf Leaf
Spine
Leaf
Spine
• Small footprint ‘Virtual Tap’ guest VM appliance • Access, Select, Transform, and Deliver Virtual traffic
GigaVUE-VM - Virtual Workload Monitoring EXTENDING VISIBILITY INTO VIRTUAL DATA CENTERS
Application Performance
Network Performance
Security
Centralized tools
GigaVUE-VM • Flow Mapping™
• Filter on VM, application ports • Packet slicing at any offset • Tunneling for multi-tenant
Advanced Traffic Intelligence • De-duplication • Packet Masking • Packet Slicing • Header Stripping
• Time Stamping • Load Balancing • NetFlow Generation • SSL Decryption
Network Tunnel Port
Tunneling
• Visibility into Hosted Applications
• Visibility into Physical to Virtual traffic
DB
15 © 2016 Gigamon. All rights reserved.
Inline Bypass to Scale Security Delivery SOLVING PAIN POINTS OF BOTH SECURITY & NETWORK TEAMS
Inline Bypass
16 © 2016 Gigamon. All rights reserved.
Inline Bypass to Scale Security Delivery SOLVING PAIN POINTS OF BOTH SECURITY & NETWORK TEAMS
Inline Bypass
17 © 2016 Gigamon. All rights reserved.
Inline Bypass to Scale Security Delivery SOLVING PAIN POINTS OF BOTH SECURITY & NETWORK TEAMS
Inline Bypass
No service
Service continue
18 © 2016 Gigamon. All rights reserved.
Inline Bypass to Scale Security Delivery SOLVING PAIN POINTS OF BOTH SECURITY & NETWORK TEAMS
Increase scale of security monitoring
Consolidate multiple points of failure into a single, bypass-protected solution
Add, remove, and upgrade tools seamlessly
Integrate Inline, Out-of-Band, and Flow-based tools via the GigaSECURE® Security Delivery Platform
Maximize tool efficiency
Inline Bypass
19 © 2016 Gigamon. All rights reserved.
Without Gigamon With Gigamon
Use Case: Limited Access to Environment (Multi segments) LIMITED TOOL PORTS, MANY SWITCHES
Limited Connectivity to Full Environment
Pervasive Access – Can Connect to All Points in the Environment
Analysis tool with only 2 NICs
Switch 1
Switch 2
Switch 3
Switch 4
Switch 5…n
Analysis tool with only 2 NICs
Switch 1
Switch 2
Switch 3
Switch 4
Switch 5…n
20 © 2016 Gigamon. All rights reserved.
GigaVUE® Matches Your Network to Your Tools
Without Gigamon With Gigamon
Use Case: Change Media and Speed (Future proof to new network) 10, 40 OR 100GB TRAFFIC TO 1 OR 10GB TOOLS
10Gb 1Gb
Customer migrates to a 10Gb network and 1Gb monitoring tools become useless
Customer able to extend the life of their 1Gb network and security tools
VoIP Analyzer
Application Performance Management
Intrusion Detection System (IDS)
Packet Capture Intrusion Detection System
VoIP Monitor
Application Performance Management
Packet Capture
21 © 2016 Gigamon. All rights reserved.
Use Case: SSL Decryption OUT-OF-BAND SSL DECRYPTION USING THE SECURITY DELIVERY PLATFORM
IDS at the Perimeter
Anti-malware for Web Apps
DLP at remote sites
Router Firewall Switch
Router
Router
HQ Database
IDS
DLP Anti- Malware
SSL Decryption
SSL Decryption
TAP
TAP
Wor
ksta
tions
Firewall with SSL Proxy LA
N
SSL Decryption
Server Rack (Physical / Virtual)
Branch
SSL Decryption
22 © 2016 Gigamon. All rights reserved.
Without Gigamon With Gigamon
Use Case: Optimize Tool Efficiency (Centralization) MAXIMIZE THE TOOL INVESTMENT BY CENTRALIZING,
1 site per Tool – Tools not optimized Centralize the Tools for maximum efficiency
Switch 1 Remote 1
Switch 2 Remote 2
Switch Central
Switch 3 Remote 3
Switch 4 Remote 4
Switch 1 Remote 1
Switch 2 Remote 2
Switch
Central
Switch 3 Remote 3
Switch 4 Remote 4
23 © 2016 Gigamon. All rights reserved.
Spine (Nexus 9500)
Leaf (Nexus 9300)
New ACI Architecture
Virtualized Server Farm (UCS)
HYPERVISOR
VM VM
GigaVUE-VM
Software-Defined Visibility TOOL CENTRALIZATION WITH VISIBILITY FABRIC
Network Transform-
ation
Core (Nexus 7K)
Aggregation (Nexus 5K, Catalyst 6K)
Access (Nexus 2K)
Server Farm
Traditional Architecture
SSL Decryption
NetFlow Generation
Application Session Filtering
Header Stripping
GigaVUE-FM
VM Traffic
VXLAN= 6000
VXLAN= 5000
De-cap VXLAN
NetFlow / IPFIX
Centralized Tools
Application Performance Management
Customer Experience Management
Security
Network Performance Management
REST APIs
Closed Loop Monitoring
Inline Bypass
G-TAP BiDi (40Gb)
• All tools are still connected
• Fewer network touch points
• Increased tool performance
• Cost savings
Case Study
44 © 2016 Gigamon. All rights reserved.
Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM
• Inline Tools: SourceFire IPS, Imperva WAF • Out-of-Band tools: FireEye, ExtraHop • Needed many-to-one inline inspection, APP aware intelligence and capture
the same traffic for out-of-band security functions like FireEye and ExtraHop
• GigaSECURE®: Inline bypass technology to provide many-to-one (1x10Gband 3x1Gb links) inline inspection
• APP aware capability only delivers WEB traffic to Imperva for inspection • Capture same Internet traffic and send to out-of-band FireEye, ExtraHop
• Use one SourceFire appliance to protect 4 different physical links
with different media/speed • Feed same Internet traffic to both inline and out-of-band tools • Significantly simplified security operations: upgrade any security tool at will
Background & Challenge
Solution
Results & Key Benefits
45 © 2016 Gigamon. All rights reserved.
Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM
46 © 2016 Gigamon. All rights reserved.
• Leading Vendors: IBM, HP, SPLUNK, Intel Security (McAfee), LogRhythm
• Function: collect and correlate log, event and network data from a variety of disparate sources for detection and compliance reporting
• GigaSECURE Value-add – Richer analytics with unsampled NetFlow Generation – Cost effective scaling – Extended NetFlow with URL and SIP for threat detection – Match traffic flow to traffic source through CDP support; find
infected machines faster – SSL decryption
• Opportunities: expansion of SIEM for compliance reporting and internal audits, expansion of threat monitoring for detection
Gigamon + SIEM EXPANDED ANALYTICS AND PERVASIVE VISIBILITY
Network Performance
Security
NetFlow Collector
Traffic Data
NetFlow Stats
NetFlow Generation
Flow Mapping®
47 © 2016 Gigamon. All rights reserved.
Case Study: Federal / Civilian Agency CENTRALIZED MANAGEMENT, SECURITY FOR PHYSICAL AND VIRTUAL INFRASTRUCTURE
• 4 Separate Locations • Existing network was hacked. Counter cyber security threats • Migrate from older Gigamon H/W to new Visibility Fabric™ Infrastructure • Centrally manage and secure growing Virtual Infrastructure
• GigaVUE-HC2’s @ 4 locations with Integrated TAPs • GigaVUE-FM and GigaVUE-VM (250 nodes)
• Outsider & Insider threat addressed with this solution • Secured Physical and Virtual Infrastructure • Lower CAPEX and OPEX: Optimize existing tools, quickly add new tools
Background & Challenge
Solution
Results & Key Benefits
48 © 2016 Gigamon. All rights reserved.
Case Study: Federal / Civilian Agency DEPLOYMENT – SECURITY AND VIRTUAL MONITORING
Remote Data Center
Network Ports
Tool Ports 24 x 10Gb Module
Switch 1 Switch 2
Server Farm 1
Server Farm 2
Core A Core B
Tool Connections to any tools in your Tool Farm
Tunneled VM to VM
conversation
Remote Data Center
Core 0 Core 1
TAP links to GigaVUE®
GigaVUE-VM
VM Applications Tool Farm
Tool Farm
OC3
OC3
GigaSMART® module
49 © 2016 Gigamon. All rights reserved.
#wefightsmart