Gigamon Style Guide
Download
Report
Transcript Gigamon Style Guide
The Dynamic World of Threat
Detection, Containment & Response
© 2012 Gigamon. All rights reserved.
1
Opportunities and Challenges
The World of IT continues to evolve
Devices
IT owned
User owned
Static Management
and Security Tools
Data
Contained
Limitless
Applications
In house
Cloud
Servers
Physical
Virtual
Network
Fixed
Mobile
© 2012 Gigamon. All rights reserved.
Dynamic
Infrastructure
2
Opportunities and Challenges
The World of IT continues to evolve
Devices
IT owned
User owned
Static Management
and Security Tools
Data
Contained
Limitless
Applications
In house
Cloud
Servers
Physical
Virtual
Network
Fixed
Mobile
© 2012 Gigamon. All rights reserved.
Dynamic
Infrastructure
3
Visibility: The Enabler for Security
Anatomy of an Attack
Assessing the Pilot probe
infrastructure
attack
Identifying
targets
Information
Attack
extraction
commences
Intrusion
commences
Cloaking
complete
Cloning &
‘go mobile’
Cloaking
starts
Data extraction or manipulation
Window of Exposure
The “Golden Hour”
Alert &
notification
Security
established
Damage & scale
assessment
Second-wave
detection
Anomaly
detected
Attack
identified
© 2012 Gigamon. All rights reserved.
Early stage
containment
Infrastructure
wide response
Elimination
4
Two Architectures; Two Approaches
“Wall and Watch”
“Wall” – in band
Limit the opportunities
Block the known attacks
Monitor traffic profiles
Alert to anomalies
“Watch” – out of band
Broad-scale monitoring
Signature behavior
Leverage multiple measures
The front-line against the unknown
Limitations
Requirements
Limitations
Requirements
Single available
point of failure
Highly
architecture
Potential performance
bottleneck
Line-rate
Dependentconfiguration
upon “Maintenance
Infrequent
changeswindows”
Risk of over-subscription
Powerful
filtering capability
Famine or Feast:
SPAN or TAP
Multi-point
triangulation
Increasing
tooling demand
& expanding
The
more pervasive,
the greater
the value
network scale
© 2012 Gigamon. All rights reserved.
5
Two Architectures; Two Approaches
“Wall and Watch”
“Wall” – in band
“Watch” – out of band
Requirements
Requirements
Highly available architecture
Line-rate performance
Infrequent configuration changes
Powerful filtering capability
Multi-point triangulation
The more pervasive the greater the value
Limitations
Limitations
Single point of failure
Potential bottleneck
Dependent upon “Maintenance windows”
Risk of over-subscription
Famine or Feast: SPAN or TAP
Increasing tooling demand & expanding
network scale
© 2012 Gigamon. All rights reserved.
6
Two Architectures; Two Approaches
“Wall and Watch”
“Wall” – in band
“Watch” – out of band
Limitations
Limitations
Single point of failure
Potential bottleneck
Dependent upon “Maintenance windows”
Risk of over-subscription
Famine or Feast: SPAN or TAP
Increasing tooling demand & expanding
network scale
© 2012 Gigamon. All rights reserved.
7
TOOLS
Networks were Static and Simple
Application
Performance
Network
Management
Security
© 2012 Gigamon. All rights reserved.
8
TOOLS
Networks are Dynamic and Complex
Application
Performance
Network
Management
Security
© 2012 Gigamon. All rights reserved.
9
TOOLS
Networks demand a New Approach
Application
Performance
Network
Management
CENTRALIZED
Security
TOOLS
© 2012 Gigamon. All rights reserved.
Application
Performance
Network
Management
Security
10
The Fabric Intelligence
Dynamic power to control traffic selection
Physical
Packet Identification,
Filtering and Forwarding
Packet Modification,
Manipulation and Transformation
Network
Management
Deduplication
ABACCABACB
ABC
Application
Performance
Packet Slicing
Virtual
A
B
C
A B C
Time Stamp
A
Network
© 2012 Gigamon. All rights reserved.
Flow Mapping
B
C
A
GigaSMART
Security
B
C
Tools
11
The Benefits of Visibility Fabric
Legacy Approach
Visibility Fabric
•
Limited Visibility
•
Pervasive
•
Static
•
Simple
•
Expensive
•
Cost Effective
•
Distributed
•
Centralized
•
Constrained
•
Scalable
© 2012 Gigamon. All rights reserved.
12
Enabling Best-of-Breed Selections
Security
Application Monitoring
Network Management
Network
Tools
The Middleware with Any Network, and Any Tool
© 2012 Gigamon. All rights reserved.
13
The Advantages of Gigamon – GigaBPS
Traffic offload – Application-aware traffic profile
© 2012 Gigamon. All rights reserved.
14
The Demand is Clear
Independent Survey Results from December 2011
Would a Visibility Fabric be useful in your environment
79%
NOC teams cannot provision SPAN ports fast enough
36%
Monitoring/security tools cannot keep up
38%
Monitoring and Security tools need too many connection points
48%
Not enough SPAN ports for the tools
40%
30%
20%
30%
20%
20%
10%
10%
10%
Other
Retail
Media
Healthcare
Fnancial
Manufacturing
Gov/Fed
20.0+
10.0-20.0
5.0-10.0
1.0-5.0
0.5-1.0
<0.5
NFP/Public
20.0+
10.020.0
5.0-10.0
2.5-5.0
1.0-2.5
<1.0
© 2012 Gigamon. All rights reserved.
Services
0%
0%
0%
15
Visibility Fabric
Addressing the Limitations
“Wall” – in band
Limitations
Single point of failure
Potential bottleneck
Dependent upon “Maintenance windows”
Heartbeat monitoring
Intelligent traffic distribution
Establishes a ‘Dynamic DMZ’ enabling
rapid response
“Watch” – out of band
Limitations
Risk of over-subscription
Famine or Feast: SPAN or TAP
Increasing tooling demand & expanding
network scale
© 2012 Gigamon. All rights reserved.
“Flow Mapping” filtering
Selective traffic forwarding
Scalability to serve some of the largest
networks on the planet
16
Thank you
© 2012 Gigamon. All rights reserved.
17