THE ESSENTIAL ELEMENT OF YOUR SECURITY

Gigamon Cyber Security Roadshow
THAILAND
Date: 16th May 2018
Venue: ETDA (Electronic Transactions Development Agency)

Welcome Address
Mona Yam
Regional Sales Director
Gigamon

4©2018 Gigamon. All rights reserved.
Time Agenda Speaker
1:10 – 1:50 pm Top Cyberthreats and The Road Ahead Graham Melville
Sr. Director, Security Solutions
Gigamon
1:50 – 2:35 pm Customer Use Case Daniel Ong
Channel Account Manager
Gigamon
2:35 – 2:55 pm Networking and Tea Break
2:55 – 3:45 pm Power Your Tools to Prevent Threats Koay Choon Ping
Sales Engineer, South East Asia
Gigamon
3:45 – 4:05 pm Q&A Session
4:05 – 4:15 pm Closing Remarks Mona Yam
Gigamon
Agenda

Top Cyberthreats and The Road Ahead
Graham Melville
Senior Director, Security Solutions
Gigamon

Agenda
Industry Challenges We Are Facing1
A Look At The Inline Problem
A Better Way
Real World Results
2
3
4

• 27-question online survey conducted in Nov. 2017
– IT security decision maker or practitioner
– Employed by organization with at least 500 employees
• Survey designed to assess:
– Organization’s security posture
– Perceptions of cyberthreats and IT security challenges
– Current and future IT security investments
– IT security practices and strategies
About The Cyberthreat Defense Report
7

Survey Demographics
8
Respondents by employee countRespondents by country
1,200 respondents | 17 countries | 19 industries

Breaches are Inevitable
Organizations are falling victim to
cyberattacks at an alarming rate …
Percentage compromised at least
once, by country

Pessimism is the New Reality
… and they are expecting
more of the same in 2018.
Likelihood of successful attack
Percentage who believe a successful
cyberattack is more likely than not, by country

Challenges
URGENCY
COMPLEXITYSPEED
COST
SKILLS
SHORTAGE

A Skills Shortage Is The Top Issue
‘Lack of skilled personnel’ edges out ‘Low security
awareness among employees’ for the first time in
five years!

IT Security Skills Shortage
IT security admins, analysts, and
architects are in highest demand.

The Speed Issue
Too much data to analyze continues to be a
major issue for organizations.

The Data-in-Motion Dilemma
VOLUME + SPEED + THREATS = COMPLEXITY + RISK + COST
*Cisco Global Cloud Index 2016.
**Statista Global machine-to-machine (M2M) data traffic from 2014 to 2019 (in petabytes per month)
Time
Volume
Network Data
Security Tool
Security tools do not
scale as fast as data
Data Center
transition to 100GbEmergence
of Big Data
Internet
of Things
Machine to
Machine
4.7ZB of global data
center traffic in 2016*
1.7PB of M2M
traffic in 2017**
6.7 ns available to
process a network
packet on a 100Gb link

Complexity
Too many product, Too hard to
manage, No interoperability.

CYBERscape: The Cybersecurity Landscape. Source: Momentum Partners. https://momentumcyber.com/docs/CYBERscape.pdf

Urgency - Vulnerability Patching Challenges
‘Infrequent patching windows’ and ‘lack of qualified
personnel’ inhibit organizations from patching more
rapidly.

Rising IT Security Budgets
In response, enterprises are increasing their
security budgets by 4.7% in 2018, globally.
By country:
By industry:
By size:

2018 Cyberthreat Defense Report, CyberEdge Group, 2018
Costs
FIREWALL
IDS
IPS
NAC
ANTI-MALWARE
DLP
WAF
NEXTGEN FW
NBA
NAT
EMAIL SECURITY
APT
FIREWALL
ANTI VIRUS
Budgets are rising but can they
keep up with the increasing need?

Cyberthreat Hunting Investments
Only a third of respondents are
fully confident in their cyberthreat
hunting investments.

Security Fundamentals Are Changing
A NEW APPROACH TO SECURITY IS REQUIRED
URGENCYCOMPLEXITYSPEED COSTSKILLS
SHORTAGE
Time to detection and
Time to containment
are too slow
Breaches
continue to happen

Agenda
A Better Way
Real World Results
2
3
4

Internet
Public
Cloud
✕ To many products not enough staff
✕ Hard to keep up with increasing network
speed
✕ Complex with significant blind spots
✕ Difficult to patch security devices
✕ Extraordinary costs
✕ Contention for access to traffic
✕ Inconsistent view of traffic
✕ Too many false positives
✕ Blind to or high cost for encrypted traffic
Challenges with Security Deployments
VISIBILITY LIMITED TO A POINT IN TIME OR PLACE
User Behavior
Analytics
Advanced
Persistent
Threat
Email Threat
Detection
SIEM
Next-Generation
Firewall
Data Loss
Prevention
SIEM
Data Loss
Prevention
User Behavior
Analytics
Next-Generation
Firewall
Advanced
Persistent
Threat
Email Threat
Detection
Data Loss
Prevention
Next-Generation
Firewall
Email Threat
Detection
Advanced
Persistent
Threat
SIEM
User Behavior
Analytics
Routers
“Spine”
Switches
“Leaf”
Switches
Virtualized
Server Farm
Poor architectural choices will lead to poor results!

• With this approach, you:
– Detect and block threats immediately
– Deploy and operate transparently, aka “Bump on the wire” or “Layer 2 mode”
• No need to change routing configurations or endpoints
• But it introduces challenges for both network and security teams:
– Introduces multiple points of failure
– Physical interfaces must match the network
– Degrades network and application performance
– Wastes cycles on traffic it cannot analyze
– Does not scale to network speeds
– Disruptive to upgrade or replace
– Cannot be moved to or from out-of-band operation (detection vs. prevention)
– Asymmetric routing of traffic circumvents tools’ ability to inspect whole sessions
IPS = Intrusion Prevention System; WAF = Web Application Firewall; ATP = Advanced Threat Prevention
Inline Prevention Security Tools
WAN router
Firewall
IPS
WAF
Core switch
ATP

Agenda
A Better Way
Real World Results
2
3
4

GigaSECURE® Security Delivery Platform
THE WORLDS LEADING NEXT GENERATION NETWORK PACKET BROKER
Internet
Public
Cloud
Routers
“Spine”
Switches
“Leaf”
Switches
Virtualized
Server Farm
Isolation of
applications for
targeted inspection
Visibility to
encrypted traffic for
threat detection
Inline bypass for
connected security
applications
A complete
network-wide reach
Scalable metadata
extraction for
improved forensics
Security Delivery Platform
Next-Generation
Firewall
User Behavior
Analytics
Data Loss
Prevention
Email Threat
Detection
Advanced
Persistent Threat
SIEM
Security Delivery Platform
Isolation of
applications for
targeted inspection
Visibility to
encrypted traffic for
threat detection
Inline bypass for
connected security
applications
A complete
network-wide reach:
physical and virtual
Scalable metadata
extraction for
improved forensics
Physical, Virtual
and Cloud
Metadata
Generation
Application
Session Filtering
SSL
Decryption
Inline
Bypass
On-premise
Data Center
Remote
Sites
Public
Cloud
Cisco ACI Private
Cloud

Super Charge Existing SOC/ NOC
• Centralized tools
• Traffic backhauled to
centralized tools
• Full traffic flows
• NetFlow/IPFIX flow records
• Metadata of interest
• De-duplicate before
backhaul
• Ideal for both service
providers & enterprises
Security Operations / Network Operations
GigaVUE-HC2GigaVUE-HD8
Remote Site
GigaVUE-HC1
Remote Site
GigaVUE-HC1
Remote Site
GigaVUE-HC1

Ready for Future Multi-cloud: Hybrid Cloud Visibility
PRESERVE TOOL INVESTMENT
Web
tier
App
tier
Azure Load
Balancing
Azure Load
Balancing
Azure SQL
Database
Virtual Network
Visibility tier
Tool
tier
Availability Zone
Region
Web
tier
Elastic Load
Balancing
App
tier
Elastic Load
Balancing
Amazon
RDS
Visibility tier
Tool
tier
Amazon
CloudWatch
On-Premises Data Center
Azure API
Management
Tool
Tier
GigaVUE-FM
TunnelingTunneling

Agenda
A Better Way
Real World Results
2
3
4

Based on 2017 Fortune list and customer data from Q1 2018, Fortune is part of Time Inc.
Top Lists based on FY2016 data.
“Top 50 Banks in the World," Banks around the World. June 30, 2016. Retrieved from: http://www.relbanks.com/worlds-top-banks/assets
Laura Lorenzetti, "The 10 biggest health-care companies in the Fortune 500," Fortune, June 20, 2015. Retrieved from: https://gigamon.my.salesforce.com/00O14000008ef5s
Data Set: Top US Government Agencies by Contract Spending (FY 2016), GovWin from Deltek. Accessed Feb. 7, 2017.
Samantha Sharf, "The World's Largest Tech Companies: Apple Beats Samsung, Microsoft And Alphabet," Forbes, May 26, 2016. Retrieved from:
http://www.forbes.com/sites/samanthasharf/2016/05/26/the-worlds-largest-tech-companies-2016-apple-bests-samsung-microsoft-and-alphabet/#ed4f6fc89ee4
"Stores Top Retailers 2016," Kantar Retail, National Retail Federation, 2016. Retrieved from: https://nrf.com/resources/annual-retailer-lists/top-100-retailers/stores-top-retailers-2016
"The World's Biggest Public Companies," Forbes, June 2, 2016. Retrieved from: https://en.wikipedia.org/wiki/List_of_telephone_operating_companies
Who Deploys Gigamon?
MANY OF THE WORLD’S LEADING ORGANIZATIONS INCLUDING:

As of Feb 2017
Gigamon Customers
SERVICE PROVIDERFEDERAL
TECHNOLOGY
GENERAL
ENTERPRISE / MISC
RETAIL /
SERVICES FINANCE
HEALTHCARE
/INSURANCE
ENTERPRISE

SERVICE PROVIDERFEDERAL
TECHNOLOGY
GENERAL
ENTERPRISE / MISC
RETAIL /
SERVICES FINANCE
HEALTHCARE
/INSURANCE
ENTERPRISE
Customer data as of Q1 2018
Gigamon Customers
2,800+
End Customers

34
Case Study
• Reduced Cost: $20M+ in TCO savings with GigaSECURE architecture
• Mitigated Risk to ‘Build with Confidence’: Helped bank identify network
assets and proactively solve deployment issues upfront
• Faster Time to Response: Reduced a 5-day P1 incident by 95% preventing
reputation loss, avoiding bad publicity and increasing customer experience
RESULTS
• Key security initiatives (IPS, APT, Email Protection) to protect customers and meet
security compliance requirements were costing significant CAPEX
• Big concerns about adding prevention tools inline due to network resiliency
concerns and environment complexity
• Limited network visibility for security detection and threat hunting initiatives,
leading to poor ROI / outcomes with existing toolsets
CHALLENGE
• Two-part solution:
• Ph. 1: Leverage Inline Bypass for prevention tools in core network
• Ph. 2: Feed data from data centers, edge to to out-of-band detection tools
SOLUTION
Overview
• Large international bank
serving 13 million
customers
• Decided to in-house
security after many years
of outsourcing challenges

35
Case Study
• Maximize uptime: Deployed IPS with minimal production changes
• Increased operational agility with decreased risk: Ability to switch
between IPS and IDS modes instantaneously
• Investment protection: Roadmap for future expansion with GigaSMART
functionality such as SSL, de-duplication, NetFlow
RESULTS
• High cost and potential impact from traffic volume of IDS/IPS deployment
in new data center
• Desire to deploy Cisco Firepower and FireEye NX but resistance to
deploy inline
• Wanted future-proof solution, fault tolerant with High Availability
• 18 month project initially with 7 SIs bidding!
CHALLENGE
• GigaSECURE Security Delivery Platform architecture
• 26 GigaVUE-HC2, 40 bypass modules including
• Gigamon Resilient Inline Protection
• GigaVUE-FMSOLUTION
Overview
• Global bank serving 18.9
million customers with total
assets of £800 billion
• Headquarters in the UK

5 YEARS TCO
CAPEX OPEX CAPEX OPEX CAPEX OPEX
IPS $3,100,000 $3,100,000 $1,330,000 $1,330,000 $1,770,000 $1,770,000 4xIPS to 2xIPS
APT $4,000,000 $4,000,000 $2,000,000 $2,000,000 $2,000,000 $2,000,000 4xAPT to 2xAPT
WAF $4,000,000 $4,000,000 $2,000,000 $2,000,000 $2,000,000 $2,000,000 4xWAF to 2xWAF
APM / NPM $2,000,000 $2,000,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 2xAPM/NPM to 1xAPM/NPM
SIEM $2,000,000 $700,000 $1,000,000 $500,000 $1,000,000 $200,000 Traffic capacity can be reduced
Cloud Tools $4,000,000 $2,000,000 $2,000,000
$7,770,000 $8,970,000
$16,740,000
Savings (USD)With GigamonWithout Gigamon
Equipment Remarks / Assumption
Total Savings (CAPEX + OPEX)
Total Savings
Estimated Cost Saving Based on 5 Years TCO

Local Customer Use Case
Inline Bypass Solution
Daniel Ong
Channel Account Manager
Gigamon

Major Banking Group in Thailand
CISCO ACI VISIBILITY
• Rapid visibility for better security – Improved visibility on ACI (40G) network.
• Increased network availability and security.
• Holistic security architecture – Easy to manage SPAN traffic request.
• Ready for troubleshooting at any time.RESULTS
• Can’t monitor traffic (VXLAN) between Spine and Leaf of Cisco ACI (40G).
• Can’t terminate ER SPAN tunnel to consolidate traffic.
• Need to send out huge traffic to the right tool at the right time.
• Limited visibility and lack of control.CHALLENGE
• GigaTAP and GigaSMART: Header Striping
• Send specific protocol to tools for analysis.
• IP tunnelling to monitor across two site.
• GigaSTREAM aids in load sharing traffic into multiple tools according to current and planned
tools throughput.
SOLUTION

DC & DR Deployment
Major Banking Group in Thailand
CISCO ACI VISIBILITY

Chemical Industry Customer in Thailand
INLINE BYPASS SOLUTION
• Integrated full Inline Bypass solution for NGFW and ATP.
• Intelligent traffic delivery – Able to specific traffic direction by load sharing
solutions.RESULTS
• No solution for bypass module on ATP appliance.
• Lack of load balancing solutions between NGFW and ATP appliance.
• Security tools impact network uptime.CHALLENGE
• HC1 appliance with Inline Bypass Modules.
• 1 Gbps copper solution.
SOLUTION

Inline Diagram with Active-Active NGFW
Chemical Industry Customer in Thailand
INLINE BYPASS SOLUTION

Power Your Tools to Prevent Threats
See what matters.™
Koay Choon Ping
Sales Engineer, South East Asia
Gigamon

BACKGROUND:
• Founded in 2004
• Headquarters: Santa Clara, CA, U.S.
• Global Offices: 20 countries
• 799 employees
• Over 2,500 customers
Gigamon Visibility Platform provides pervasive visibility into
data in motion across your entire network, enabling stronger
security and network performance.
See what matters.™
PERFORMANCE:
• World’s #1 Visibility Platform
• Named #1 Network Monitoring Equipment (NME)
Vendor Worldwide by Market Share*
• Key Verticals: Federal, Financial Services,
Healthcare, Retail, Technology, Service Providers
• $311M Revenue in FY16, +40% Year-over-Year
©2017 Gigamon. All rights reserved.
Corporate Overview
*Source: IHS Markit Report, Network Monitoring Equipment, May 19, 2017

Internet
Public
Cloud
✕ Significant blind spots
✕ Extraordinary costs
✕ Contention for access to traffic
✕ Inconsistent view of traffic
✕ Blind to encrypted traffic
✕ Too many false positives
Challenges with Ad Hoc Security Deployments
User Behavior
Analytics
Advanced
Persistent
Threat
Email Threat
Detection
SIEM
Next-Generation
Firewall
Data Loss
Prevention
SIEM
Data Loss
Prevention
User Behavior
Analytics
Next-Generation
Firewall
Advanced
Persistent
Threat
Email Threat
Detection
Data Loss
Prevention
Next-Generation
Firewall
Email Threat
Detection
Advanced
Persistent
Threat
SIEM
User Behavior
Analytics
Routers
“Spine”
Switches
“Leaf”
Switches
Virtualized
Server Farm
It is time the balance of power shifted from attacker to defender!
VISIBILITY LIMITED TO A POINT IN TIME OR PLACE

Internet
Public
Cloud: AWS
Security Delivery Platform: “See Everything”
A Foundational Building Block To Effective Security
Data Loss
Prevention
Data Loss
PreventionData Loss
Prevention
IPS
(Inline)
IPS
(Inline)
IPS
(Inline)
Email Threat
Detection
Email Threat
Detection
Email Threat
Detection
Forensics
Forensics
Forensics
Intrusion
Detection
System
Intrusion
Detection
System
Intrusion
Detection
System
Routers
“Spine”
Switches
“Leaf”
Switches
Virtualized
Server Farm
Anti-Malware
(Inline)
Anti-Malware
(Inline)
Anti-Malware
(Inline)
Intrusion
Detection
System
Data Loss
Prevention
Email Threat
Detection
IPS
(Inline)
Anti-Malware
(Inline)
Forensics
 All tools still connected
 Fewer network touch points
 Enhanced tool efficiency
 Decreased OPEX costs
Physical, Virtual
and Cloud
Metadata
Engine
(NetFlow / IPFIX)
Application
Session Filtering
SSL
Decryption
Inline
Bypass

Network &
Application
Performance
Management
Gigamon Partner Ecosystem
Security and
Vulnerability
Management
Service
Provider
InfrastructureInfrastructure

Without Gigamon With Gigamon
Eliminate SPAN Port Contention
Few Span Ports, Many Tools
Customer is unable to use all tools! Customer has complete visibility for all tools!
Switch with two SPAN
session limitation
Intrusion Detection
System (IDS)
Application Performance
Management
VoIP Analyzer
Packet Capture
Application
Performance
Management
Intrusion
Detection
System (IDS)
Packet
Capture
VoIP AnalyzerSwitch with
two SPAN
ports

Limited Access to Environment
Limited Tool Ports, Many Switches
Limited Connectivity
to Full Environment
Pervasive Access – Can Connect to
All Points in the Environment
Analysis tool with
only 2 NICs
Switch 1
Switch 2
Switch 3
Switch 4
Switch 5…n
Analysis tool with
only 2 NICs
Switch 1
Switch 2
Switch 3
Switch 4
Switch 5…n

Without Gigamon
Run Multiple POCs in Parallel
Accelerate Certification Of New Tools
Customer performs each Proof-of-Concept (POC)
serially at different times using different data
Customer is able to run multiple POCs
concurrently using same data
With Gigamon
POC #1 – Vendor X Tool POC #2 – Vendor Y Tool POC #3 – Vendor Z Tool
1 month 2 month 3 month
POC #1
Vendor X
Tool
POC #2
Vendor Y
Tool
POC #3
Vendor Z
Tool
1 month 2 month 3 month
Tool tested w/ NW
Segment – 4 weeks
Tool tested w/ same NW
Segment – 4 weeks
Tool tested w/ same NW
Segment – 4 weeks

GigaVUE® Matches Your Network to Your Tools
Change Media and Speed
10, 40 Or 100Gbps Traffic To 1Gbps or 10Gbps Tools
10Gb 1Gb
Customer migrates to a 10Gb network and
1Gb monitoring tools become useless
Customer able to extend the life
of their 1Gb network and security tools
VoIP Analyzer
Management
Intrusion Detection
System (IDS)
Packet Capture Intrusion
Detection
System
VoIP
Monitor
Application
Performance
Management
Packet
Capture

• Maximize tool efficacy
• Increase scale of
security monitoring
• Add, remove, and upgrade
tools seamlessly
• Consolidate multiple points of
failure into a single, bypass-
protected solution
• Integrate inline, out-of-band,
flow-based tools and metadata
via a Security Delivery Platform
Active Security Remediation with Inline Bypass
SCALING INLINE SECURITY WITH INLINE BYPASS
T1
T2
T3
E.g. WAN router
E.g. Firewall
E.g. IPS
E.g. WAF
E.g. ATD
E.g. Core switch
T1 T2
T3T3T3
IPS WAF
ATDATDATD
T1
IPS

• L2-L4 Map rules
– tcp port, ip subnet, vlan, etc.
• Map priorities applies
– Use this to your advantage
• Customized inspection for each map
– Web: NGFW + IPS + WAF
– Email: NGFW + ATD
– Database: NGFW + IPS + ATD
– Unspecified: NGFW + IPS
Inline Map Definition
Flexible Inline Arrangements
BASIC CONCEPT: TRAFFIC SLICES  INLINE MAPS
Web
Email
Database
Unspecified
Traffic Slices for Inspection

Intent-based, Drag-and-Drop Configuration

Introducing Inline SSL Solution
FIRST INLINE SSL SOLUTION INTEGRATED
IN A VISIBILITY PLATFORM
Any forward-looking indication of plans for products is preliminary
and all future release dates are tentative and subject to change.
Malware and its actions lay hidden in the night
Then came Gigamon Inline SSL and all was light

SSL Decryption
Out-of-Band SSL Decryption using Security Delivery Platform
IDS at the Perimeter
Anti-Malware
for Web Apps
APM at the Server Rack
DLP at Remote Sites
Router
Firewall with
SSL Proxy
Switch Router
Firewall with
SSL Proxy
Switch
Router
Router
HQ
Database
IDS APM
DLPAnti-
Malware
SSL
Decryption
SSL Decryption
SSL
Decryption
TAP
TAP
WorkstationsFirewall with
SSL Proxy
LAN
SSL Decryption
Server Rack
Branch

Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.
SSL Decryption on Gigamon Products
Encrypted Traffic Decrypted / Unencrypted Traffic
Internet Servers
Corporate Servers Clients
NGFW
IPS
Network
Forensics
Anti-malware
Active, Inline
Appliance(s)
Passive, Out-of-Band
Appliance(s)
• Corporate servers
• Enterprise has server keys
• RSA key exchange
• Supported Since 2014
1
• Corporate servers
• Diffie-Hellman (DH) key exchange
• Emerging TLS 1.3 standard
• Need to be inline to decrypt SSL
2
• Internet Servers or SaaS services
• Enterprise does not have server keys
• Need to be inline to decrypt SSL
3
?
Clients
Internet
1 RSA 2 DH, PFS
3 RSA/DH

Inline Tool Group
(decrypted traffic)
Gigamon Inline SSL Visibility Solution
Highlights
• Servers and clients located internally
or externally
• Private keys not needed
• RSA, DH, PFS can be used
• Supports inline and out-of-band tools
Out-of-Band Tool
(decrypted traffic)
SSL Session
Leg 1
(encrypted)
SSL Session
Leg 2
(encrypted)
1
2
2
3
Web Monitor Tool
(decrypted traffic)
Encrypted traffic
Decrypted traffic

• Maximize tool efficacy
• Increase scale of
security monitoring
• Add, remove, and upgrade
tools seamlessly
• Consolidate multiple points of
failure into a single, bypass-
protected solution
• Integrate inline, out-of-band,
flow-based tools and metadata
via a Security Delivery Platform
Active Security Remediation with Inline Bypass
SCALING INLINE SECURITY WITH INLINE BYPASS
T1
T2
T3
E.g. WAN router
E.g. Firewall
E.g. IPS
E.g. WAF
E.g. ATD
E.g. Core switch
T1 T2
T3T3T3
IPS WAF
ATDATDATD
T1
IPS

Inline tool (decrypted traffic)
Respecting Data Privacy: URL Categorization
Internet
Webroot
• Supports up to 83 Web categories (Finance, Government…)
• Flexible policies based on multiple parameters (IP, Ports, VLAN, domain, categories)
• Whitelists and blacklists with over 5000 domain names
Banking Website (e.g. Citi)
Health care Website (e.g. Aetna)
File sharing Website
(e.g. Dropbox)

Gigamon Inline SSL Deployment
Benefits of Gigamon Inline SSL Approach
The GigaVUE-HC2 is capable of
adding a single inline security
tool, but it does not unlock the
true potential of the unit.
Scalable GigaSMART®
• Inline SSL Decryption

Adding new inline tools
One single GigaVUE-HC2 is
capable of adding multiple tools

Adding new network segment
One single GigaVUE-HC2 is
capable of protecting multiple
network links

Increase inline SSL throughput
The GigaVUE-HC2 is a true Security Delivery Platform that
provides all this functionality in a scalable, modular form factor
• Bypass protection
• Multiple inline tools
• Multiple network links
• Traffic Intelligence
Scalable GigaSMART®
• Inline SSL Decryption

NetFlow/IPFIX Generation
Challenges:
• High impact on routers and switches for generating NetFlow records
• Routers / switches generate sampled NetFlow which is inadequate for
security
• Some routers do not support NetFlow, others have proprietary flow methods
• Without NetFlow, you can only instrument parts of your network for Deep
Packet Inspection (DPI)
Generating NetFlow Information:
• With NetFlow, you know where you need to DPI.
• Enable end-to-end security enforcement with visibility into every flow
• Ideal to detect Command and Control communications
• Validated with I ndustry-leading SIEM and NetFlow forensics collectors

Metadata Engine
Volume, types and amount of data overwhelm SIEMs Metadata Engine Benefits:
• High Performance
• Cost Savings
• Full visibility, better security

* Planned Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.
Metadata Enhancements
Uncover Denial of Service & compromise
of internal web servers
HTTP Response Codes
Discover malicious
communications to
C&C servers using
DNS transactions
DNS Discovery
DNS
C&C
Bots
Analyze HTTPS certificates
to discover bad/suspicious
certificates
HTTPS Certificate Anomalies

Example Use Case for GigaVUE-HC2
Intrusion
Prevention
Systems
Email
Inspection
Data Loss
Prevention
NetFlow
Collector
GigaStream™
Intrusion
Detection
System
NetFlow
Generation
SSL
Decryption
Internet
Edge Routers
Core Switches Out-of-Band
Malware

Visibility into Private Cloud
VMware ESX and NSX

Network Traffic Visibility For Cross Network Workloads
Challenges
VM VM VM VM VM VM
VIRTUALIZE
• SPAN on Switch Ports
• Physical TAPs
Switch
TRADITIONAL VISIBILITY
• Blind spots for Inter-Host VM traffic
• Blind spots for Intra-Host VM traffic (blade center)
VIRTUAL VISIBILITY CHALLENGES
SERVER SERVER
Switch
Security and Application Monitoring are forcing considerations!!!
SERVER
SERVER
Hypervisor Hypervisor

1. Security no longer an after-thought during virtualization
2. Increasing VM density with mission-critical workloads
3. Visibility into VM-VM traffic needed for Security and Application Performance Monitoring (APM)
4. Creating new virtual instances of tools affects workload performance
5. Automated visibility after VM migration
Virtual Visibility: More Important Than Ever
5 REASONS WHY YOU MUST CARE
HYPERVISOR
SERVER
VIRTUAL
IDS VM1
VIRTUAL
ANTI-
MALWARE
VIRTUAL
APM VM
HYPERVISOR
SERVER
GigaVUE-VM
IDS
ANTI-MALWARE
APM
VIRTUAL SWITCH VIRTUAL SWITCH

GigaVUE-VM
Light Footprint Virtual Machine, Not Kernel Module

GigaVUE-VM: Virtual Workload Monitoring
Enhanced for Software Defined Data Centers (SDDC)
• vCenter integration
• Bulk GigaVUE-VM onboarding
• Virtual traffic policy creation
• Automatic migration of monitoring policiesGigaVUE-FM
Private
Cloud
SERVER I SERVER II
Application
Performance
Network
Management
Security
Virtual Traffic Policies
Tunneling
Internet
Production Network Tools and Analytics

GigaVUE-VM VM3
Hypervisor
vSwitch
• Integration with vCenter to detect vMotion
• Automated re-deployment of rules that follow the VM
Visibility in Motion
Automated Monitoring Policy Management
Hypervisor
vSwitch
VM1VM1VM1VM1VM1 VM2
GigaVUE-FM
vMotion InitiatevMotion Notify
GigaVUE-VM
Monitor VM1
UpdateUpdate
Application
Performance
Network
Management
Security

• Logical (virtual) networks that are decoupled
from underlying physical network
• All intelligence moved to the virtual edge (inside
a server)
• Creation of overlay (virtual network)
that is separate from underlay
(physical network)
• Benefits:
– Create virtual networks independent of
physical network topology
– Ability to rapidly make network changes
based on application/tenant needs
Gigamon Value Prop:
Preserve and extend monitoring tools by
offloading new encapsulations or
by providing tenant-level visibility.
Network Virtualization: VMware NSX
Multi-Tenant Networks
Existing Physical Network
Virtual Networks
“Network hypervisor” (NSX)
Internet

Dynamic ‘Traffic Visibility Service’ Insertion
Internet
Security/Monitor Admin
“Copy
Packet”
GigaVUE-FM
Tools and Analytics
Application
Performance
Network
Management
Security
Monitoring Policy

REST APIs
Software-Defined Visibility
Internet
SDDC / Cloud Monitoring –
Tenant and Application Visibility
SSL
Decryption
NetFlow / IPFIX
Generation
Application
Session Filtering
Adaptive
Packet Filtering
Header
Stripping
APM
Anti-Malware
IDS
DLP
Network Forensics
APT
Centralized Tools
Network Performance
Customer Experience
Security
Monitoring
De-cap VXLAN
Virtual Traffic
VXLAN=6000
SSL Decrypted
NetFlow / IPFIX
TAPs
GigaVUE-VM
Filtered and Sliced Virtual Traffic
NSX APIs, Gigamon Service Insertion
vCenter APIs, Events
vCenter
NSX Manager
GigaVUE-FM
2. Apply “Visibility” Policy
GigaVUE-VM
vRealize Automation (vRA)
1. Deploy new Tenants and Applications 2. Apply “Visibility” Policy

Partner Solution Categories and Integration Options
Solution Category Integration Options
SDDC Operations and Visibility Port Mirroring, NSX-API, NetX
Automated Traffic Visibility for
VMware powered SDDC

Gigamon Visibility Platform
Public Cloud

Public Cloud Visibility Challenges and Gigamon Solution
Gigamon Visibility Platform
Database
Web
Tier
App
Tier
Load Balancer
Tool Tier
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Load Balancer
RDS
Web
Tier
App
Tier
ELB
ELB
Tool Tier
Region
AZ
VPC
Database
Web
Tier
App
Tier
Load Balancer
Load Balancer
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Visibility Tier
GigaVUE-FM
Tool
Tier
X Inability to access all traffic
X Discrete vendor monitoring agents per instance
X Impacts workload and virtual network performance
X Static visibility with heavy disruption
 Minimize agent overload
 Aggregate, select, optimize, and distribute traffic
 Customize orchestration and
single-pane-of-glass visualization
 Elastic Visibility with ATS as workloads scale-out
Load Balancer Subnet Database Availability Zone (AZ)ToolInstances

Economic Benefits of Using Single Gigamon Agent
vs. Multiple Agents
Compares 1 Gigamon agent to 1- 8
tool agents
Assumptions
• Average traffic bandwidth of 250Mbps
per Amazon EC2 instance monitored
• Starting Amazon EC2 instance of type
c4.large

Network &
Application
Performance
Management
Visibility Platform for AWS: Cloud Validated Tools
Security and
Vulnerability
Management
Infrastructure
Open Source

Multi-cloud: Hybrid Cloud Visibility
Web
tier
App
tier
Azure Load
Balancing
Azure Load
Balancing
Azure SQL
Database
Virtual Network
Visibility tier
Tool
tier
Availability Zone
Region
Web
tier
Elastic Load
Balancing
App
tier
Elastic Load
Balancing
Amazon
RDS
Visibility tier
Tool
tier
Amazon
CloudWatch
On-Premises Data Center
Azure API
Management
Tool
Tier
GigaVUE-FM
TunnelingTunneling

Multi-cloud: Centralized Visibility and Security
On-Premises
Data Center
Security, Performance Management,
and Analytics Tools
Applications
Web
tier
Web
tier
SecOps VPC
GigaVUE-FM
Amazon
CloudWatch
Visibility tier
Visibility tier
Tool tier Web
tier
App
tier
Visibility tier
Azure API
Management
AWS Direct
Connect
Azure
ExpressRoute
Applications

Q&A Session
Mona Yam
Gigamon
Sittipong Nateeprasittiporn
Product Manager
nForce Secure Co.,Ltd.

Closing Remarks
Mona Yam
Gigamon

THE ESSENTIAL ELEMENT OF YOUR SECURITY

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to THE ESSENTIAL ELEMENT OF YOUR SECURITY

Similar to THE ESSENTIAL ELEMENT OF YOUR SECURITY (20)

More from ETDAofficialRegist

More from ETDAofficialRegist (20)

Recently uploaded

Recently uploaded (12)

THE ESSENTIAL ELEMENT OF YOUR SECURITY