Upload
truongquynh
View
222
Download
0
Embed Size (px)
Citation preview
3 ©2015 Gigamon. All rights reserved.
AS OF Q2 2015 Enterprise
A broad spectrum of brand-name customers.
Gigamon Customers Today
TECHNOLOGY INDUSTRIAL RETAIL
FINANCE HEALTHCARE & INSURANCE GOVERNMENT
50 of the Top 100 Global SPs
Service Providers
1700+ End Customers 75+ of the Fortune-100
4 ©2015 Gigamon. All rights reserved.
Network Forensics/Big Data
Analytics
Application Performance Management
Network Performance Management
Ecosystem Partners Network
Security and Vulnerability Management
Customer Experience
Management
5 ©2015 Gigamon. All rights reserved.
• BYOD, mobility increase attack surface
• Virtualization increases security blind spots
• Rising use of encryption to embed malware and hide threats
• Volume, variance and velocity of today’s network data
• Attacker sophistication and “low-and-slow” network movement
• Security analytics impossible with legacy means
The Security Operations Challenge THE ATTACKER-DEFENDER ASYMMETRY
6 ©2015 Gigamon. All rights reserved.
Intrusion Detection System
Anti-Malware (Inline)
Email Threat Detection
Forensics
IPS (Inline)
Data Loss Prevention
Forensics
Data Loss Prevention
Intrusion Detection System
IPS (Inline)
Anti-Malware (Inline)
Email Threat Detection
The Security Ops Challenge: • How do all these security tools
gain pervasive visibility? • Where should these security
tools be placed? • How does one rapidly
investigate a new threat source?
Legacy Approaches Have Limited Visibility THERE IS SO MUCH TO PROTECT AND SO MANY PATHS TO MONITOR
Data Loss Prevention
IPS (Inline)
Email Threat Detection
Anti-Malware (Inline)
Forensics
Intrusion Detection System
Internet
Routers
“Spine” Switches
“Leaf” Switches
Virtualized Server Farm
7
The Challenge with Legacy Approaches
Enterprise LAN
Security Tool Security Tool Security Tool Security Tool
Irrelevant Traffic
Relevant Traffic
• Partial infrastructure view • No control on traffic selected • Reduced efficiency of security tool
8 ©2015 Gigamon. All rights reserved.
Security Delivery Platform: “See Everything” A FOUNDATIONAL BUILDING BLOCK TO EFFECTIVE SECURITY
Data Loss Prevention
Data Loss Prevention Data Loss
Prevention
IPS (Inline)
IPS (Inline)
IPS (Inline)
Email Threat Detection
Email Threat Detection
Email Threat Detection
Forensics
Forensics Forensics
Intrusion Detection System Intrusion
Detection System
Intrusion Detection System
Internet
Routers
“Spine” Switches
“Leaf” Switches
Virtualized Server Farm
Anti-Malware (Inline)
Anti-Malware (Inline)
Anti-Malware (Inline)
Intrusion Detection System
Data Loss Prevention
Email Threat Detection
IPS (Inline)
Anti-Malware (Inline)
Forensics
Isolation of applications for
targeted inspection
Visibility to encrypted traffic for
threat detection
Inline bypass for connected security
applications
A complete network-wide reach: physical and virtual
Scalable metadata extraction for
improved forensics
Security Delivery Platform
All tools still connected Fewer network touch points
Enhanced tool efficiency Decreased OPEX costs
9 ©2015 Gigamon. All rights reserved.
GigaSECURE® from Gigamon THE INDUSTRY’S FIRST SECURITY DELIVERY PLATFORM
Internet
Routers
“Spine” Switches
“Leaf” Switches
Virtualized Server Farm
Intrusion Detection System
Data Loss Prevention
Email Threat Detection
IPS (Inline)
Anti-Malware (Inline)
Forensics
Isolation of applications for
targeted inspection
Visibility to encrypted traffic for
threat detection
Inline bypass for connected security
applications
A complete network-wide reach: physical and virtual
Scalable metadata extraction for
improved forensics
Security Delivery Platform
All tools still connected Fewer network touch points
Enhanced tool efficiency Decreased OPEX costs
Security Delivery Platform
Isolation of applications for
targeted inspection
Visibility to encrypted traffic for
threat detection
Inline bypass for connected security
applications
A complete network-wide reach: physical and virtual
Scalable metadata extraction for
improved forensics
GigaVUE-VM and GIgaVUE® Nodes
NetFlow / IPFIX Generation
Application Session Filtering
SSL Decryption
Inline Bypass
10
Benefit for Security Operations
Pervasive infrastructure visibility Granular traffic selection controls
Enhanced tool efficiency Run multiple POCs in parallel
Legacy Approach Without Gigamon
Enterprise LAN
Security Tool Security Tool Security Tool Security Tool
Irrelevant Traffic
Relevant Traffic
With Gigamon Security Delivery Platform Security Tool Security Tool Security Tool Security Tool
Enterprise LAN
Relevant Traffic
Partial infrastructure view No control on traffic selected
Reduced tool efficiency
11 ©2015 Gigamon. All rights reserved.
Gigamon GigaSECURE: Supported by the Industry GIGAMON ECOSYSTEM PARTNERS
“…our joint customers will benefit from some of the most advanced security
technology available.”
“…Gigamon’s high performance security delivery platform is
the right match…”
“…a robust and systematic framework to deliver pervasive network visibility to
security appliances…”
“…critical manageability and control to traffic and
flow visibility.”
“…Together, Lancope and Gigamon enable customers to solve today’s
tough security challenges."
“…To be effective, a security appliance needs to be able to access the right
network traffic…”
“…much needed operational efficiency to the task of ensuring
pervasive visibility for security tools.”
“…a security delivery platform addresses the real need for pervasive,
high fidelity visibility…”
“…efficient access to traffic flows and high fidelity meta-data from anywhere
in the network…”
“…allows joint customers to leverage Gigamon's Security Delivery Platform to
effectively extend and access the critical data flows …”
“…significantly increasing the efficiency and effectiveness of [business]
security teams…”
“… access to high fidelity network traffic is a vital step in the implementation of
advanced protections…"
“…Gigamon’s Security Delivery Platform will allow Savvius's products to continue
to provide the insight our customers depend on...”
“…GigaSECURE Security Delivery Platform sheds light on insider initiated threats, it can
provide complementary visibility to the network traffic that Palo Alto Networks sees… “
“Even the best security appliance will fail to deliver if it does not
get the right traffic,…”
13 ©2015 Gigamon. All rights reserved.
• Consistent network-wide traffic view for all security appliances, all of the time
• Eliminate departmental and appliance level contention for access to data
• No disruption to network traffic as security solutions get deployed or upgraded, or when moving from out-of-band to inline deployments
• Eliminate blind spots associated with encrypted traffic, mobility
• Significantly offload security appliances through full session offload and full flow metadata
• Faster identification of malware movement, faster time to containment
Benefits FASTER DETECTION, FASTER CONTAINMENT
14 ©2015 Gigamon. All rights reserved.
Applications Gigamon
Applications
3rd Party Apps (e.g. Splunk, Viavi)
Applications & Tools Infrastructure,
User Community
Unified Visibility Fabric™
Traffic Intelligence
Visibility Fabric Nodes
(Pervasive visibility across physical, virtual, remote sites, and future SDN production networks)
Fabric Services Flow Mapping®
Fabric Control (Management)
Inline Bypass
GigaVUE-HD8 GigaVUE-HB1
GigaVUE-HC2 H S
erie
s
TA S
erie
s
GigaVUE-TA1 / TA10
GigaVUE-OS on white box
GigaVUE-TA40
Virt
ual V
isib
ility
GigaVUE-VM
TAPs
G-TAP
G-TAP A Series
G-TAP BiDi
Embedded TAPs
G S
erie
s GigaVUE-2404
GigaVUE-420
G-SECURE-0216
GigaVUE-FM
Clustering
GigaVUE-HD4
G-TAP M Series
FabricVUE™ Traffic Analyzer
De-duplication
Slicing
FlowVUE™
Masking
GTP Correlation
Header Stripping Tunneling
SSL Decryption
Adaptive Packet Filtering
Application Session Filtering Time Stamping
API
API
API
NetFlow Generation
API
15 ©2015 Gigamon. All rights reserved.
• A Revolutionary Way to Distribute Critical Packet Data at a Fraction of the Cost • Enables the Visibility of Packet-Based Data from Anywhere on the Network • Lowers the Total Cost of Network Monitoring, Security and Compliance
Visibility Fabric™ Architecture SIMPLE IN CONCEPT – DIFFICULT IN EXECUTION
APM
Application Performance Management (APM)
Network Performance Management (NPM)
Customer Experience Management (CEM)
Security
Tool Farm
Phys
ical
GigaVUE-VM
GigaVUE-VM
Virt
ual
Flow Mapping®
(Packet Identification, Filtering, and Forwarding)
GigaSMART (Packet Modification and Transformation)
16 ©2015 Gigamon. All rights reserved.
Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM
• Inline Tools: Sourcefire IPS, Imperva WAF • Out-of-Band tools: FireEye, ExtraHop • Needed many-to-one inline inspection, APP aware intelligence and capture
the same traffic for out-of-band security functions like FireEye and ExtraHop
• GigaSECURE®: Inline bypass technology to provide many-to-one (1x10Gb and 3x1Gb links) inline inspection
• APP aware capability only delivers WEB traffic to Imperva for inspection • Capture same Internet traffic and send to out-of-band FireEye, ExtraHop
• Use one Sourcefire appliance to protect 4 different physical links
with different media/speed • Feed same Internet traffic to both inline and out-of-band tools • Significantly simplified security operations: upgrade any security tool at will
Background & Challenge
Solution
Results & Key Benefits
17 ©2015 Gigamon. All rights reserved.
Case Study: Global Manufacturer SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM
19 ©2015 Gigamon. All rights reserved.
• Industry’s first Security Delivery Platform
• One Architecture, One Software, One Management Platform for all Visibility
• Holistic Physical + Virtual Visibility for any network including SDN (Cisco ACI, VMware NSX)
• Zero Packet Loss through Patented Flow Mapping®
• Clustering: Extend Scale beyond a Single Node
• GigaSMART®: Common Platform for Advanced Traffic Intelligence, Service Chaining
• Only Vendor with Advanced Visibility: SSL Decryption, Application Session Filtering …
• High-fidelity NetFlow for Advanced Traffic Insight
• Advanced Traffic Visualization and Automation with GigaVUE-FM
• 100% Focused on Success of our Customers and Partners Customer numbers FY15Q2.
Why Gigamon? PROVEN ACROSS MORE THAN 1700 GLOBAL CUSTOMERS INCLUDING 75+ FORTUNE 100
20 ©2015 Gigamon. All rights reserved.
Without Gigamon With Gigamon
Eliminate SPAN Port Contention FEW SPAN PORTS, MANY TOOLS
Customer is unable to use all tools! Customer has complete visibility for all tools!
Application Performance Management
Intrusion Detection System (IDS)
Packet Capture
VoIP Analyzer Switch with two SPAN
session limitation
Intrusion Detection System (IDS)
Application Performance Management
VoIP Analyzer
Packet Capture
21 ©2015 Gigamon. All rights reserved.
Without Gigamon With Gigamon
Limited Access to Environment FEW TOOL PORTS, MANY SWITCHES
Limited connectivity to full environment
Pervasive access – Can connect to all points in the environment
Analysis tool with only 2 NICs
Switch 1
Switch 2
Switch 3
Switch 4
Switch 5…n
Analysis tool with only 2 NICs
Switch 1
Switch 2
Switch 3
Switch 4
Switch 5…n
22 ©2015 Gigamon. All rights reserved.
GigaVUE® Matches Your Network to Your Tools
Without Gigamon With Gigamon
Change Media and Speed 10, 40 OR 100GB TRAFFIC TO 1 OR 10GB TOOLS
10Gb 1Gb
Customer migrates to a 10Gb network and 1Gb monitoring tools become useless
Customer able to extend the life of their 1Gb network and security tools
Intrusion Detection System
VoIP Monitor
Application Performance Management
Packet Capture
VoIP Analyzer
Application Performance Management
Intrusion Detection System (IDS)
Packet Capture
10Gb 1Gb
23 ©2015 Gigamon. All rights reserved.
Without Gigamon
Run Multiple POCs in Parallel ACCELERATE CERTIFICATION OF NEW TOOLS
Customer performs each Proof-of-Concept (POC) serially at different times using different data
Customer is able to run multiple POCs concurrently using same data
With Gigamon
POC #1 – Vendor X Tool POC #2 – Vendor Y Tool POC #3 – Vendor Z Tool
1 month 2 month 3 month
POC #1 Vendor X Tool
POC #2 Vendor Y Tool
POC #3 Vendor Z Tool
1 month 2 month 3 month
Tool tested w/ NW Segment – 4 weeks
Tool tested w/ same NW Segment – 4 weeks
Tool tested w/ same NW Segment – 4 weeks