ssl - netfos.com.tw...firewall routers remote sites spine switches leaf switches public cloud...
TRANSCRIPT
Gigamon ���������
����� �� – Gigamon�����
��������SSL������������
© 2018 Gigamon. All rights reserved. 2
Gigamon ����
�������
������ (Security delivery platform) ��
��������� ��
����
��
© 2018 Gigamon. All rights reserved. 3
Corporate Overview
T H E E S S E N T I A L E L E M E N T O F Y O U R S E C U R I T Y�������� – G I G A M O N
Gigamon is leading the convergence of networking and security. Our next generation network packet broker helps make threats more visible, deploy resources faster and maximize performance.
G L O B A L O F F I C E S
20 Countries
V E R T I C A L S
Public Sector | Financial Services | Healthcare | RetailTechnology | Service Providers
N A M E D
Marketleader
P A T E N T S
51 Global patents issued
S E R V I N G
Over 2,800 customers
E M P L O Y I N G
700+ employees
C E O
Paul Hooper
H Q
Santa ClaraCalifornia, USA
F O U N D E D
2004
*Feb 2018: Offices, employee and patent information**Q1 2018: Customer count
© 2018 Gigamon. All rights reserved. 4
��� ���� Gigamon�&����(�����Gigamon Customers
of the top ten Global Banks +$�
7of the top ten Healthcare Providers*!�
8of the top ten U.S. Federal Agencies���,
10
of the top ten largestTech Companies-#��
8of theFortune 100���"���
83of the top ten Mobile Phone Network Operators%�)'���
8Customer data from April 2018. List sources available upon request.
© 2018 Gigamon. All rights reserved. 5
�����������������&��"������� $��
©2016 Gigamon. All rights reserved.
�� #! %�����
© 2018 Gigamon. All rights reserved. 6
�������������
© 2018 Gigamon. All rights reserved. 7
������ �� – ��������
*Trustwave Holdings, Inc. "2016 Trustwave Global Security Report." 2016. Accessed April 5, 2017.**Verizon. "2016 Data Breach Investivation Report." 2016. Accessed April 5, 2017.
65432Phishing &
zero day attackHP"P %$
Back door0��I9�
Lateralmovement�=.� +
Datagathering :�-�DC
ExfiltrationMJ�="�5���9�
1
ReconnaissanceO�*�
D���&4��6�>718*41%81
��,B��#N8'K*F�D���@�G=E��;Q)L**
89%8!3(<?�)�/��8AD�����72*97%
© 2018 Gigamon. All rights reserved. 8
�%#��"��+, – you can’t protect what you can’t see#�(�� + �&�� + .���"�� = # �%�' * + -)�� + ����
*Cisco Global Cloud Index 2016.**Statista Global machine-to-machine (M2M) data traffic from 2014 to 2019 (in petabytes per month)
Time
Volu
me ����(
# ����
# !�������$�#�(��&�
Data Center transition to 40~100GbEmergence
of Big Data
Internetof Things
Machine to Machine
4.7ZB of global data center traffic in 2016*
1.7PB of M2M traffic in 2017**
6.7 ns available to process a network packet on a 100Gb link
© 2018 Gigamon. All rights reserved. 9
���.��'#- – SSL��3(���
1 Source: Gartner “Predicts 2017: Network and Gateway Security”, December 13 2016.2 Source: SSL Performance Problems, NSS Labs3 Source: 2016 Trustwave Global Security Report
>80% 2019���.���3�/080%1
33% #Malware$��"���3
SSL�3#�+5� �� �%��2* (Internet servers, Cloud services)
80% SSL��3��.�,�#)!�&4�180%2
© 2018 Gigamon. All rights reserved. 10
Gartner report – Align NetOps and SecOps Tool Objectives With Shared Use Cases #,�2��B$��A
1:/49�/���8��&
Next Generation NPB!�8�%@ 7�='�-?Flow98*)B6;>�B���5
�B!�+8�%@4����"�(3����<�.0
Gigamon (C���
Gartner report id G00333211, 2017/9/22
Gigamon
© 2018 Gigamon. All rights reserved. 11
161718
131415
101112 IPS
ATP
Forensics
��������������� �
7
4
1
DLP
SIEM
WAF
89
23
56
Firewall
Routers
Remotesites
Spine switches
Leafswitches
Public cloud
Internet
Virtualizedserver farm
© 2018 Gigamon. All rights reserved. 12
Firewall
Routers
Remotesites
Spine switches
Leafswitches
Public cloud
Internet
Virtualizedserver farm
161718131415 101112
IPSATP Forensics
��� ��� – Gigamon �����
7 41
DLPSIEMWAF
8923 56
S E C U R I T Y D E L I V E R Y P L A T F O R M
Targetedinspection
Inline mode forvisibility and control
Detection ofencrypted threats
Reach physical, virtual and cloud
Metadata forimproved forensics
© 2018 Gigamon. All rights reserved. 13
Firewall
Routers
Remotesites
Spine switches
Leafswitches
Public cloud
Internet
Virtualizedserver farm
161718131415 101112
IPSATP Forensics
GigaSECURE® Security Delivery Platform – ������
7 41
DLPSIEMWAF
8923 56
S E C U R I T Y D E L I V E R Y P L A T F O R M
Targetedinspection
Inline mode forvisibility and control
Detection ofencrypted threats
Reach physical, virtual and cloud
Metadata forimproved forensics
Routers
API
G I G A S E C U R E ® S E C U R I T Y D E L I V E R Y P L A T F O R M
ApplicationSession Filtering
Inline Bypass
SSL Decryption
Physical, Virtual
and Cloud
MetadataEngine
• In-Line Bypass����
• Inline SSL ���
• ������#�"�� ��
• !$��� ���
����������
© 2018 Gigamon. All rights reserved. 15
Use Case�In-Line Bypass �DA�#<=��>/�A�=9B73, �N
SiSi SiSi
Firewall1
Switch x 2
Switch x 2
Switch x 2
IPS1
APT1
Firewall2
IPS2
APT2
JA�?���)E, "(.1�G
��A�?�3@ , �%�/4H?�, 2*�6, ���L9BE
A�#<9B�I0GF:;K9BM�;�
$��! Inline, '! Out-of-Band, Flow-based ?�& GigaSECURE®���O+-
5�A�C8+-
SiSi SiSi
heartbeats
heartbeatsheartbeats
heartbeats
10G10G
APT IPSFirewall1 Firewall2
InlineBypass
© 2018 Gigamon. All rights reserved. 16
Use Case�In-Line Bypass �+�#;�9�C/�37; ��8'�;�73<1,&��F
SiSi SiSi
Firewall1
Switch x 2
Switch x 2
Switch x 2
IPS1
APT1
Firewall2
IPS2
APT2
>�(B�0A);��6,(B�2?%�;�9�, >4E��+*
��,�5�B�:�#Inline;�9��"-.; ����3(B, @� 3;�C/��$
SiSi SiSi
heartbeats
heartbeatsheartbeats
heartbeats
10G10G
APT IPSFirewall1 Firewall2
InlineBypass
TA/HC1
��out of band��
��Inline��
�������
�3���A�InlineD!�$�out of band-.+=
© 2018 Gigamon. All rights reserved. 17
�=<�%�� SSL / TLS �G".3��AW�2
SSL/TLS ������CPU����������� ���Gigamon���GS����
SSL�G"��.3�2
Web Proxies Or Firewalls
• �7Q?O�G",B:�� �*J(18K��H�G"U5
• �B�Proxy)FWC$�;�96 �#��;
SSL Decryptors
• �7Q�U?O�9>P�"7Q• �+#��-D�V�'0S• 96�#�H�bypass�IM&E
Decryptor
InlineTool(s)
L7 Load Balancers
• Config/scriptH!4FT��/@N�/�R
• CLH�D�+#�96�Bypass
Inline Tool(s)FW Proxy
© 2018 Gigamon. All rights reserved. 18
Use Case�SSL ���������Out of band�In-line��
Encrypted Traffic Decrypted / Unencrypted Traffic
Internet Servers
Corporate Servers Clients
NGFW
IPS
NetworkForensics
Anti-malware
Active, InlineAppliance(s)
Passive, Out-of-BandAppliance(s)
• Corporate servers• ���� server keys• RSA key exchange• Gigamon ��2014� Out of band�
1
• Corporate servers• Diffie-Hellman (DH) key exchange• Emerging TLS 1.3 standard•��� inline �� SSL�
2
• Internet Servers or SaaS services•���� Internet server keys•��� inline �� SSL�
3
?
Clients
Internet
1 RSA 2 DH, PFS
3 RSA/DH
© 2018 Gigamon. All rights reserved. 19
Inline SSL������ONE INLINE NETWORK, ONE INLINE TOOL, ONE OUT-OF-BAND TOOL
GigaSMART
Na Nb
INLINETOOL
iT iT iT iT
iNiN
iNiN
vport
bypass
Ta Tb
Non-SSL
SSL
��: �������GigaSMART�/� TWICE, ����, �������.
OOB TOOL
iT
© 2018 Gigamon. All rights reserved. 20
Virtual Visibility: 0�%��3�$ 82
1. 6�()+ �=��0��� (VM)*?
2. VM&�;�7�7> (VDI&'1)
3. VM-VM :&!9�3�#6��=2�
4. �0�����40�6��������&6"/�-
5. V-motion�, �5<2.��,�3�()
5 ����������
HYPERVISOR
SERVER
VIRTUALIDS VM1
VIRTUAL ANTI-
MALWARE
VIRTUALAPM VM
HYPERVISOR
SERVER
GigaVUE-VMIDS
ANTI-MALWARE
APM
LEGACY APPROACH MODERN APPROACH
© 2018 Gigamon. All rights reserved. 21
OS
DB
DB Server
Leaf
Core Core
Leaf Leaf
Spine
Leaf
Spine
D'8�3U�I� : GigaVUE-VMLightweight VM�Z���;NFV013U(Y
��APM
���NPM
����
�����
GigaVUE-VM • Flow Mapping™
• $VM�tcp/udp�PEQ6• ��G�• �OR,�N�����L�
�����• �XTH��• ) M+SA• Source Port2>• F[=X
• -V"K• !97�Q6• NetFlow Generation• SSL��J�
NetworkTunnel Port
Tunneling
DB
GigaVUE-VM andGIgaVUE® Nodes
#.�/� C?@(���4[�:;*&�,��WB�/��%\�WB�/5<�
© 2018 Gigamon. All rights reserved. 22
Application Visibility: �79�/D
GigaSECURESecurity Delivery Platform
Cor
pora
te N
etw
ork
• know what applications are contributing to the network trafficIUGAM *GA\PEW33�])B$=Z���#;�MC�N��� (user, business unit, device)
• Rich metadata +�")BF'!0�R�VJ�O�� �<Q
• Out-of-the-box �0��YT1&�4526�4.,:'M?
• Lower tool cost and improved tool efficiency�HX@�K=Z�V�T �8%�J[��S-
• Send suspicious traffic to a tool �4� >\PHX��K(=ZLT �8%�
© 2018 Gigamon. All rights reserved. 23
GigaSMART � �:6�>3200-�),�
���A ��),�&�+ (~once a quarter)
�:6�82-#�$@Functionality delivered with 2 different capabilitiesFlow mapping .?&��),�$@based on application type
.?&��),��&��� metadata
�C�C4.?:6*$@91GigaSmart�!�3<B��),�:6=%���9;$@�(Metadata /7�"��5�2'
Application Visibility: ����0
© 2018 Gigamon. All rights reserved. 24
Application MonitoringTop 10 applications
�������������������� ������
Gigamon ������� ��inline SSL�����
© 2018 Gigamon. All rights reserved. 26
���Gigamon��������Internet
Router
IPS McAfee
NGFW Fortinet
����Internet
����
Internet
�����
Check PointS O F T W A R E T E C H N O L O G I E S L T D .
Ò
LOMCONSOLE
FACT ORY
1 2 3 4
5 6 7 8
SYNC
MGMT
CONSOLE
CONSOLE
1 2 3 4RESETFW CheckPoint
NAT
NAT
WAF Imperva
Server Farm
L7 Palo Alto Networks
IPS McAfee
DMZ Sever
IPS McAfee
����
�����
� ��
300M 300M 150M
�����
© 2018 Gigamon. All rights reserved. 27
��Gigamon����
Router
IPS McAfee
���
Internet
������
Check PointS O F T W A R E T E C H N O L O G I E S L T D .
Ò
LOMCONSOLE
FACT ORY
1 2 3 4
5 6 7 8
SYNC
MGMT
CONSOLE
CONSOLE
1 2 3 4RESETFW CheckPoint NAT
WAF Imperva
Server Farm
L7 Palo Alto Networks
DMZ Sever
����
�����
� ��
����Internet
����Internet
NATNGFW Fortinet
IPS McAfee
300M 300M 150M
������
© 2018 Gigamon. All rights reserved. 28
����Internet
����Internet
���
Internet
300M 300M
150M
DMZ Sever
������
NGFW CheckPoint
NATNGFW Fortinet
NGFWCheckPoint
�����
� ��
����
Server Farm
NAT
IPS McAfee
WAF Imperva
IPS McAfee
L7 Palo Alto Networks
Inline Serial Tool
��Gigamon�HC1�����
������
© 2018 Gigamon. All rights reserved. 29
• <*�_f&_�s���?Gigamonn�0��]�_sDE
• �YInline q(n����4?Gigamon �l�0��N�'�n�8?�`s�wa[Xq(n�6q� @�\{W�K~Judq(n��L-q(n�hPp;
• SGigamon #i�m+ (S&��fS��&U�+K~"���jm+���^'�q(n�) �N��q(n�c/#i�!a|�}k�m+.�f2oZPp7f(�
• SGigamon 0�c��Mq(n�Ux�OH�TQhPy15n�:%OH�c�BypassK~�a�A,e_sx���
• gGigamonCt:%aNIx�@��SInline bypass portc�Bypass K~��Av4_s�>
• B �$r���HCn���F�9�z�)� 7*24 q(GM��>
�j�b3R=V
© 2018 Gigamon. All rights reserved. 30