Gigamon Style Guide

Download Report

Transcript Gigamon Style Guide 

The Dynamic World of Threat
Detection, Containment & Response
© 2012 Gigamon. All rights reserved.
1
Opportunities and Challenges
The World of IT continues to evolve
Devices
IT owned
User owned
Static Management
and Security Tools
Data
Contained
Limitless
Applications
In house
Cloud
Servers
Physical
Virtual
Network
Fixed
Mobile
© 2012 Gigamon. All rights reserved.
Dynamic
Infrastructure
2
Opportunities and Challenges
The World of IT continues to evolve
Devices
IT owned
User owned
Static Management
and Security Tools
Data
Contained
Limitless
Applications
In house
Cloud
Servers
Physical
Virtual
Network
Fixed
Mobile
© 2012 Gigamon. All rights reserved.
Dynamic
Infrastructure
3
Visibility: The Enabler for Security
Anatomy of an Attack
Assessing the Pilot probe
infrastructure
attack
Identifying
targets
Information
Attack
extraction
commences
Intrusion
commences
Cloaking
complete
Cloning &
‘go mobile’
Cloaking
starts
Data extraction or manipulation
Window of Exposure
The “Golden Hour”
Alert &
notification
Security
established
Damage & scale
assessment
Second-wave
detection
Anomaly
detected
Attack
identified
© 2012 Gigamon. All rights reserved.
Early stage
containment
Infrastructure
wide response
Elimination
4
Two Architectures; Two Approaches
“Wall and Watch”
“Wall” – in band




Limit the opportunities
Block the known attacks
Monitor traffic profiles
Alert to anomalies
“Watch” – out of band




Broad-scale monitoring
Signature behavior
Leverage multiple measures
The front-line against the unknown
Limitations
Requirements
Limitations
Requirements
Single available
point of failure
 Highly
architecture
Potential performance
bottleneck
 Line-rate
Dependentconfiguration
upon “Maintenance
 Infrequent
changeswindows”
Risk of over-subscription
 Powerful
filtering capability
Famine or Feast:
SPAN or TAP
 Multi-point
triangulation
Increasing
tooling demand
& expanding
 The
more pervasive,
the greater
the value
network scale
© 2012 Gigamon. All rights reserved.
5
Two Architectures; Two Approaches
“Wall and Watch”
“Wall” – in band
“Watch” – out of band
Requirements
Requirements
 Highly available architecture
 Line-rate performance
 Infrequent configuration changes
 Powerful filtering capability
 Multi-point triangulation
 The more pervasive the greater the value
Limitations
Limitations
 Single point of failure
 Potential bottleneck
 Dependent upon “Maintenance windows”
 Risk of over-subscription
 Famine or Feast: SPAN or TAP
 Increasing tooling demand & expanding
network scale
© 2012 Gigamon. All rights reserved.
6
Two Architectures; Two Approaches
“Wall and Watch”
“Wall” – in band
“Watch” – out of band
Limitations
Limitations
 Single point of failure
 Potential bottleneck
 Dependent upon “Maintenance windows”
 Risk of over-subscription
 Famine or Feast: SPAN or TAP
 Increasing tooling demand & expanding
network scale
© 2012 Gigamon. All rights reserved.
7
TOOLS
Networks were Static and Simple
Application
Performance
Network
Management
Security
© 2012 Gigamon. All rights reserved.
8
TOOLS
Networks are Dynamic and Complex
Application
Performance
Network
Management
Security
© 2012 Gigamon. All rights reserved.
9
TOOLS
Networks demand a New Approach
Application
Performance
Network
Management
CENTRALIZED
Security
TOOLS
© 2012 Gigamon. All rights reserved.
Application
Performance
Network
Management
Security
10
The Fabric Intelligence
Dynamic power to control traffic selection
Physical
Packet Identification,
Filtering and Forwarding
Packet Modification,
Manipulation and Transformation
Network
Management
Deduplication
ABACCABACB
ABC
Application
Performance
Packet Slicing
Virtual
A
B
C
A B C
Time Stamp
A
Network
© 2012 Gigamon. All rights reserved.
Flow Mapping
B
C
A
GigaSMART
Security
B
C
Tools
11
The Benefits of Visibility Fabric
Legacy Approach
Visibility Fabric
•
Limited Visibility
•
Pervasive
•
Static
•
Simple
•
Expensive
•
Cost Effective
•
Distributed
•
Centralized
•
Constrained
•
Scalable
© 2012 Gigamon. All rights reserved.
12
Enabling Best-of-Breed Selections
Security
Application Monitoring
Network Management
Network
Tools
The Middleware with Any Network, and Any Tool
© 2012 Gigamon. All rights reserved.
13
The Advantages of Gigamon – GigaBPS
Traffic offload – Application-aware traffic profile
© 2012 Gigamon. All rights reserved.
14
The Demand is Clear
Independent Survey Results from December 2011
Would a Visibility Fabric be useful in your environment
79%
NOC teams cannot provision SPAN ports fast enough
36%
Monitoring/security tools cannot keep up
38%
Monitoring and Security tools need too many connection points
48%
Not enough SPAN ports for the tools
40%
30%
20%
30%
20%
20%
10%
10%
10%
Other
Retail
Media
Healthcare
Fnancial
Manufacturing
Gov/Fed
20.0+
10.0-20.0
5.0-10.0
1.0-5.0
0.5-1.0
<0.5
NFP/Public
20.0+
10.020.0
5.0-10.0
2.5-5.0
1.0-2.5
<1.0
© 2012 Gigamon. All rights reserved.
Services
0%
0%
0%
15
Visibility Fabric
Addressing the Limitations
“Wall” – in band
Limitations
 Single point of failure
 Potential bottleneck
 Dependent upon “Maintenance windows”
 Heartbeat monitoring
 Intelligent traffic distribution
 Establishes a ‘Dynamic DMZ’ enabling
rapid response
“Watch” – out of band
Limitations
 Risk of over-subscription
 Famine or Feast: SPAN or TAP
 Increasing tooling demand & expanding
network scale
© 2012 Gigamon. All rights reserved.
 “Flow Mapping” filtering
 Selective traffic forwarding
 Scalability to serve some of the largest
networks on the planet
16
Thank you
© 2012 Gigamon. All rights reserved.
17