Upload
kian-burry
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
© 2012 Gigamon. All rights reserved. 1
The Dynamic World of Threat Detection, Containment & Response
© 2012 Gigamon. All rights reserved.
Devices IT owned
Data Contained
Opportunities and ChallengesThe World of IT continues to evolve
2
Dynamic Infrastructure
Static Management and Security Tools
Network Fixed Mobile
Servers Physical
Applications In house
Virtual
User owned
Cloud
Limitless
© 2012 Gigamon. All rights reserved.
Devices IT owned
Data Contained
Opportunities and ChallengesThe World of IT continues to evolve
3
Dynamic Infrastructure
Static Management and Security Tools
Network Fixed Mobile
Servers Physical
Applications In house
Virtual
User owned
Cloud
Limitless
© 2012 Gigamon. All rights reserved. 4
Visibility: The Enabler for SecurityAnatomy of an Attack
Window of Exposure
The “Golden Hour”
Attackidentified
Alert & notification
Early stage containment
Damage & scale assessment
Infrastructure wide response
Second-wave detection
Assessing the infrastructure
Identifying targets
Pilot probe attack
Intrusion commences
Cloaking starts
Anomaly detected
Information extraction
Cloning &‘go mobile’
Cloakingcomplete
Data extraction or manipulation
Securityestablished
Elimination
Attack commences
© 2012 Gigamon. All rights reserved. 5
Two Architectures; Two Approaches“Wall and Watch”
“Watch” – out of band“Wall” – in band
Limit the opportunities Block the known attacks Monitor traffic profiles Alert to anomalies
Broad-scale monitoring Signature behavior Leverage multiple measures The front-line against the unknown
Limitations
Single point of failure Potential bottleneck Dependent upon “Maintenance windows”
Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding
network scale
Limitations
Highly available architecture Line-rate performance Infrequent configuration changes
Requirements
Powerful filtering capability Multi-point triangulation The more pervasive, the greater the value
Requirements
© 2012 Gigamon. All rights reserved. 6
Two Architectures; Two Approaches“Wall and Watch”
“Watch” – out of band“Wall” – in band
Highly available architecture Line-rate performance Infrequent configuration changes
Requirements
Powerful filtering capability Multi-point triangulation The more pervasive the greater the
value
Requirements
Single point of failure Potential bottleneck Dependent upon “Maintenance windows”
Limitations
Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding
network scale
Limitations
© 2012 Gigamon. All rights reserved. 7
Two Architectures; Two Approaches“Wall and Watch”
“Watch” – out of band“Wall” – in band
Single point of failure Potential bottleneck Dependent upon “Maintenance windows”
Limitations
Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding
network scale
Limitations
© 2012 Gigamon. All rights reserved. 8
Networks were Static and SimpleT
OO
LS
Application Performance
Security
Network Management
© 2012 Gigamon. All rights reserved. 9
Networks are Dynamic and ComplexT
OO
LS
Application Performance
Security
Network Management
© 2012 Gigamon. All rights reserved. 10
Application Performance
Network Management
Security
TO
OLS
Networks demand a New Approach
CENTRALIZEDTOOLS
ApplicationPerformance
Network Management
Security
© 2012 Gigamon. All rights reserved.
Packet Modification, Manipulation and Transformation
GigaSMART
The Fabric Intelligence
11
Dynamic power to control traffic selection
Packet Identification, Filtering and Forwarding
ToolsNetwork Flow Mapping
Phy
sica
lV
irtua
l
Application Performance
Network Management
Security
Deduplication
ABACCABACB ABC
Packet Slicing
A B C A B C
Time Stamp
A B C A B C
© 2012 Gigamon. All rights reserved.
The Benefits of Visibility Fabric
12
Visibility Fabric
• Pervasive
• Simple
• Cost Effective
• Centralized
• Scalable
Legacy Approach
• Limited Visibility
• Static
• Expensive
• Distributed
• Constrained
© 2012 Gigamon. All rights reserved. 13
Too
lsN
etw
ork
Network ManagementApplication MonitoringSecurity
Enabling Best-of-Breed SelectionsThe Middleware with Any Network, and Any Tool
© 2012 Gigamon. All rights reserved. 14
The Advantages of Gigamon – GigaBPSTraffic offload – Application-aware traffic profile
© 2012 Gigamon. All rights reserved. 15
Organization Size: Employees (000s) Organization Revenue ($B) Vertical
The Demand is ClearIndependent Survey Results from December 2011
Not enough SPAN ports for the tools
Monitoring and Security tools need too many connection points
Monitoring/security tools cannot keep up
NOC teams cannot provision SPAN ports fast enough
Would a Visibility Fabric be useful in your environment
40%
48%
38%
36%
79%
<1
.0
1.0
-2.5
2.5
-5.0
5.0
-10
.0
10
.0-.
..
20
.0+0%
10%
20%
30%
NF
P/P
ub
lic
<0
.5
0.5
-1.0
1.0
-5.0
5.0
-10
.0
10
.0-2
0.0
20
.0+0%
10%
20%
Se
rvic
es
Go
v/F
ed
Ma
nu
fac
turi
ng
Fn
an
cia
l
He
alth
ca
re
Me
dia
Re
tail
Oth
er0%
10%
20%
30%
© 2012 Gigamon. All rights reserved. 16
“Wall” – in band
Visibility FabricAddressing the Limitations
Single point of failure Potential bottleneck Dependent upon “Maintenance windows”
Limitations
“Watch” – out of band
Risk of over-subscription Famine or Feast: SPAN or TAP Increasing tooling demand & expanding
network scale
Limitations
Heartbeat monitoring Intelligent traffic distribution Establishes a ‘Dynamic DMZ’ enabling
rapid response
“Flow Mapping” filtering Selective traffic forwarding Scalability to serve some of the largest
networks on the planet
© 2012 Gigamon. All rights reserved. 17
Thank you