Security inside out. - Gigamon€¦ · e BOOK ˜ SECURITY INSIDE OUT ˜ OPTIMIZ OU ECURIT OSTUR IT ECURIT ELIVER LATFORM 3 A new vision of network security. Gain visibility into every

The top seven reasons to optimize your network security model with a security delivery platform.

Security inside out.

See what matters.™

2

eBOOK • SECURITY INSIDE OUT • OPTIMIZE YOUR SECURITY POSTURE WITH A SECURITY DELIVERY PLATFORM

It is a delivery vehicle for uncontrolled data. Understand and control what’s connecting to your network with a security delivery platform. See what matters.™

This is not a USB drive.


3

A new vision of network security.Gain visibility into every previously hidden corner of your network, so you can simplify and automate.

Securing an IT network has become more daunting and complex than ever. With the emergence of big data, Internet of Things, and machine-to-machine communications, immense volumes of data speed faster and faster across physical, virtual, and cloud infrastructures, linking billions of devices. Add in a growing number and variety of critical threats, including those originating from inside your organization, from cyber-terrorism, from malware, and from ransomware . . . and the result is a domain of ever-increasing cost, complexity, and risk.

Volume Speed Threats RiskComplexity Cost


4

Perimeter and endpoint-based approaches are incomplete.

These outmoded models can’t defeat zero-day attacks from outside. And they provide limited defense against inside threats.

The simple trust model no longer applies.

Gone are the days when every device was owned, controlled, and secured by IT. Bring Your Own Device (BYOD) and Bring Your Own Software (BYOS) blur the lines between what IT controls and what it does not. Trends like BYOD and BYOS may be good for productivity, but they’re bad for security. Sixty-one percent of security breaches today are carried out by insiders: an employee, a contractor, or a business partner on site.*

Legacy static security frameworks cannot adapt.

Today’s networks are anything but static. With near-universal mobility of users, devices, and apps, fixed, immutable choke points are things of the past. The dynamically expandable cloud makes perimeter boundaries even more fluid.

REASON 1:Legacy security models areno match for modern threats.

* “Dtex Systems: Insider Threat Intelligence Report.” January 2017.


5

Today’s large-scale breaches are complex. Many of these “advanced persistent threats” take place over multiple stages and extended periods of time, ranging from weeks to months.

If you look at a typical kill chain, the activities conducted by a particular actor go through a sequence of steps that are very hard to detect. These steps do not always happen in immediate succession, and can span a long period of time. An attack can remain dormant until it is reactivated, especially once it has opened a backdoor.

Many of these activities can happen without breaching the security perimeter—either because they involve trusted users, devices, or applications, or because that perimeter is subject to the mobility of these users, devices, or applications.

The anatomy of today’s threats is increasingly complex.

REASON 2:

Stage 3BACK DOOR

Stage 4LATERAL MOVEMENT

Malware establishes a firewall-permeable communications channel, with a remote command/control center, then uses it to download more malware and instructions.

Malware probes and propagates to other internal systems and opens other backdoors in case the initial one is detected and closed.

Threat stages

Stage 1RECONNAISSANCE

Stage 2PHISHING & ZERO DAY ATTACK

Attacker draws first blood, typically with a phishing or “drive by” malware download attack that creates a backdoor into the user’s system.

A threat actor observes activity habits of network users to create profiles and attack strategies.

Stage 5DATA GATHERING

Stage 6EXFILTRATE

The malware identifies critical data and prepares it for exfiltration.

Targeted data is stolen, en masse, through the various backdoors. The threat actor may then request ransom, expose information, or sell it.


6

Consequences can be persistent: You may be vulnerable to continuous attacks.System infection can persist.

When a breach is extensive, the targeted organization often remains compromised. Even after a threat is detected and the network cleansed, some systems can remain infected— making them vulnerable to continuous attack.

Defeating SaaS’s evil twin: malware-as-a-service.

Such compromised systems are made available through sites offering malware-as-a service, an expanding “dark web” industry that gives individuals and organizations an easy and inexpensive way to mount crippling attacks, such as DDoS, at will.

REASON 3:

7


It is a transmission device that shares information about everything you do. See what matters.™

This is not a smartphone.


8

Intrusions take a long time to detect ... and they have a long lease on life.

REASON 4:

* Trustwave Holdings, Inc. “2016 Trustwave Global Security Report.” 2016.

Complex, nuanced attacks infiltrate and lurk within hidden areas of today’s networks, often taking weeks to detect and even longer to contain.Meanwhile, the attacker can wreak havoc on an organization’s business by continuing to exfiltrate data.

In addition, businesses can face serious consequences, from breach notification and reporting mandates to fines and potential litigation. Worse yet can be the impact on trust: leery customers are likely to take their business elsewhere.

15

168

The median number of days from intrusion to detection for internally detected breaches.*

The median number of days from intrusion to detection for breaches detected and reported by external parties.*


9

SecOps pros face a perfect storm of challenges.*

* Cisco: “Global Cloud Index.” Dec, 2016. ESG Research: “Network Security Trends,” Oct, 2016.

REASON 5:

It’s tough to be in cybersecurity operations these days. High-profile attacks are headline news, and the sheer volume of alerts can make it challenging to know what needs attention. SecOps pros face an expanding portfolio of responsibilities spread across myriad functions, technologies and processes. Skilled resources are stretched thin, with too few people covering too many responsibilities. Simplifying and automating key security operations processes must be a priority, along with adopting the right security technology architecture.

User devices and apps not static (BYOD, BYOS)

Emergence of big data

Encryption of enterprise traffic

Appliance performance degrades due to SSL

A significant percentage of malware uses encryption

Minimal SecOps staff

Insufficient automation

No visibility into lateral threat propagation

Data center transition to 100G

Machine-to-machine data

Internet of things (IoT)

Perimeter security enables breaches anywhere

Inadequate security skills

Simple trust model dissolves with boundaries


10

Security fundamentals have changed. How we address threats has not.

REASON 6:

EVOLVING TRAFFIC PATTERNS AND MOBILITY

FUNDAMENTALLY UNCHANGED

SECURITY MODELS

RISING USE OF ENCRYPTION

TIME-TO-DETECTION AND TIME-TO-CONTAINMENT ARE TOO

SLOW

Albert Einstein defined insanity as “doing the same thing over and over again and expecting different results.” Unchanged security models simply cannot handle completely new breeds of hackers and new types of threats. Commercialized hacking tools, malware-as-a-service, and sophisticated multidimensional attacks are all becoming commonplace. At the same time, there is more data speeding across networks, more devices connecting from more places, and more widespread use of encryption.

The “whack-a-mole” approach of adding new tools to address each of these problems creates a patchwork quilt that cannot cover everything and slows time to detection and containment and increases cost and complexity.


11

REASON 7:

Ad-hoc security deployments have unintended consequences.Proliferation of security tools.

Too many network security appliances of diverse types, at more places in the network, increase complexity and costs.

Inconsistent view of traffic.

Security appliances tied in at specific network points are often blind to traffic from other parts of the network. They also miss mobile users and apps as they circulate to other parts of the infrastructure.

Contention for access to traffic.

Too many tools trying to access traffic from the same points in the network: only one actually gets through.

Blindness to encrypted traffic.

Many security appliances can’t see encrypted traffic—and malware increasingly uses encryption to take advantage of this deficiency.

Extraordinary costs.

Management costs and complexity are soaring due to the proliferation of security tools across the network.

Too many false positives.More security appliances create more false positives for SecOps staff to wade through.

12


It is a connection to the rest of the world. See what matters.™

This is not a router.


13

How can you optimize security in a landscape with so many challenges?

Command and control for workflow

Visibility

Change control

Auditing

Testing

Fewer tools

Less cost

Less management/operational overhead

Decrease SecOps load

Identify framework gaps

Automate Simplify Boost Efficiency

Given the challenges outlined here—from legacy approaches to complex persistent threats or increased burdens on SecOps—what is the best approach to improving your overall security posture?

You need to automate, simplify, and boost efficiency of your security operations so that you gain better control while optimizing your existing investments in core security tools.


14

A security delivery platform transforms your approach to security.You can automate, simplify, and boost efficiency of your security operations with a security delivery platform. Only Gigamon delivers a security delivery platform that lets you manage, secure, and understand what’s happening with data in motion across your entire network—and allows you to optimize your existing investments in security tools that help keep your organization safe.

GigaSECURE® Security Delivery PlatformPhysical Virtual Cloud

Inlinebypass

Powered by GigaSMART®

GigaVUE®visibility nodes

Applicationsession filtering

Metadataengine

SSLdecryption

On-premData Center

RemoteSites

Cisco ACI PrivateCloud

PublicCloud

APIs

Centralized Tools

User BehaviorAnalytics

Next-generationFirewall

AdvancedPersistent

Threat

Data LossPrevention

SIEM EmailThreat

Detection


15

GigaSECURE connects to your physical and virtual network, supporting both inline and out-of-band tools across multiple network segments simultaneously. Security tools link directly into GigaSECURE at their customary interface speeds, and then receive a high-fidelity stream of relevant traffic from across the network infrastructure. GigaSECURE delivers visibility into the lateral movement of malware, speeds the detection of exfiltration activity, and can significantly reduce the overhead, complexity, and cost of securing your entire network—physical, virtual, and cloud.

The Gigamon® Security Delivery Platform provides an essential visibility foundation that allows you to adopt a Defender Lifecycle Model and shift the advantage away from attackers back to you.

Adopt a Defender Lifecycle Model: Rethink network security with GigaSECURE®.The industry’s first and only bona fide security delivery platform.

AutomatedAutomated

PreventionBasic Hygiene:

Firewall, Endpoint,Segmentation, etc.

DetectionBuilding Context:

Big Data and Machine Learning

PredictionTriangulating Intent:

Artificial Intelligence and Cognitive Solutions

ContainmentTaking Action: Firewalls, IPS,

Endpoints, Routers

Inline BypassSSL Decryption

InlineEnforcement

Metadata EngineApplication Session Filtering

SSL Decryption

Metadata EngineApplication Session Filtering

SSL Decryption

GigaSECURE® Security Delivery PlatformPhysical Virtual Cloud

Defender Lifecycle Model


16

Leverage the power of the Gigamon ecosystem. No platform stands alone, and the Gigamon Security Delivery Platform is no exception. Together, Gigamon and its ecosystem partners address all of your visibility and security requirements, so you can focus on what matters to your business.

© 2017 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the Untied States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Visit: www.gigamon.com/campaigns/see-what-matters or contact us at 408.831.4000

1056-02 06/17

Documents

Security inside out. - Gigamon€¦ · e BOOK ˜ SECURITY INSIDE OUT ˜ OPTIMIZ OU ECURIT OSTUR IT ECURIT ELIVER LATFORM 3 A new vision of network security. Gain visibility into every