RSA 2014 Recap: The Year of Pervasive Security and Analytics

by: Neal Allen, Sr. Worldwide Training Engineer, GigamonNeal-Allen

According to ESG research and Jon Oltsik, Sr. Principal Analyst at ESG: 44% of organizations believe that their current level of security data collection and analysis could be classified as “big data,” while another 44% believe that their security data collection and analysis will be classified as “big data” within the next two years. (note: In this case, big data security analytics is defined as, ‘security data sets that grow so large that they become awkward to work with using on-hand security analytics tools’).

This trend was highlighted at the RSA Conference the week before last with many organizations including Gigamon talking about ways security professionals can sift through the noise to find “the needle in the haystack.” Large amounts of security related data is driving the need for Big Data security analytics tools that can make sense of all this information to uncover and identify malicious and anomalous behavior.

Prior to a few years ago, threats were largely script kiddies and other unsophisticated hackers looking to disrupt communications. Organized crime then discovered they could make a lot of money selling access into corporate networks – so they started hiring really smart people to hack in. Around the same time, some governments created formal, but unofficial, departments whose job it was to steal third party intellectual property in order to advance their nation.

Between organized crime and state-sponsored industrial espionage, the interior of the network is at as much risk as the perimeter. This is particularly true with the growth in BYOD and mobility in general. If security analytics and security tool vendors are having problems keeping up with newly upgraded 10Gb edge links, then how will they deal with core networks where there are lots and lots of 10Gb, 40Gb or faster links? Not to mention, user edge traffic often times is not even tapped or spanned because of the potentially high costs of monitoring copious amounts of data across expansive networks.

The nature of security is evolving quickly and no one technique or approach to securing the network suffices anymore. Companies focused around security are now embracing multiple approaches in parallel to address security effectively. These include solutions that are inline and out-of-band, as well as solutions that do packet-level analysis and flow-level analysis. Gigamon, together with its Ecosystem Partners, presented at RSA and highlighted the critical role Gigamon’s Visibility Fabric™ plays in enabling pervasive security for best-in-breed solutions from Sourcefire/Cisco, ForeScout, FireEye, Websense, TrendMicro, Riverbed, Narus, LogRhythm and nPulse.

An effective solution that enables pervasive security should serve up the ability to address a multitude of approaches. The Gigamon Visibility Fabric does exactly that with highly scalable and intelligent solutions to address inline, out-of-band, packet-based and now flow-based security tools and approaches. In addition, Gigamon’s Visibility Fabric has the ability to combine approaches effectively, including packet-based pre-filtering prior to generating NetFlow. Gigamon’s Visibility Fabric is necessary to accelerate post analysis – through granular filtering and forwarding of packets, as well as pervasive flow-level visibility – to find that “needle in the haystack.”

We’ve entered into a new world of network security and providing insightful security analytics can be just as important as the ability to detect threats from across the network in real time. Walking around the booths at RSA, it was clear that without pervasive visibility most networks will be left with limited or delayed situational awareness, security intelligence and operational responsiveness. In a rapidly moving world, this delay may be too late.

Visibility in Motion at Cisco Live Orlando

by: Huy Nguyen, Senior Director of Product
Management at Gigamon

Huy_Nguyen_headshot

Now that Cisco Live Orlando has come and gone and we’re gearing up for VMworld, we’re seeing even more attention being paid to virtualization given the interest in software defined networks (SDN) and data centers (SDDC). So, virtualization remains hot and with around 60 percent of all applications running in virtualized environments according to some studies, we shouldn’t be surprised that there are even summer camps being offered around the subject (I’m not kidding). I feel like 2013 is the Summer of Virtualization!
That being said, it makes sense to let you know how Gigamon is continuing to address the visibility challenges being experienced by organizations utilizing virtualized environments.  On the first day of the Cisco Live World of Solutions expo we announced GigaVUE-VM 2.0. If you’re not familiar with our GigaVUE-VM, it is basically a virtual instance of one of our Visibility Fabric nodes. Because traffic between virtual machines may be switched locally, it will never traverse the physical network, rendering existing monitoring and analysis tools blind to this virtual traffic.  The GigaVUE-VM fabric node provides that packet-level visibility into the virtualized server world.
One of the dynamic things about the 2.0 update in addition to exposing inter-VM traffic flowing within a physical host and across physical hosts is that GigaVUE-VM now supports Cisco’s Nexus 1000V virtual switch as well as VMware’s vSphere Distributed Switch (VDS). GigaVUE-VM works with these virtual switches to abstract copies of the packets before intelligently filtering and forwarding the packets to the management, security, and monitoring tools that require packet-level visibility, such as application and network performance monitoring tools and intrusion detection systems.
Perhaps even more exciting is that GigaVUE-VM 2.0 has the ability to automatically reconfigure Gigamon’s Visibility FabricTM architecture and migrate monitoring policies to maintain continuous visibility when a virtual machine vMotion event occurs. Essentially, GigaVUE-VM preserves visibility into the traffic flowing between VMs even after that VM moves from one physical host to another for what we call “visibility in motion.”
What’s so significant about this function is that without the ability to automatically migrate the monitoring policies, visibility that had been configured would be lost once the vMotion occurs and would require manual reconciliation which very well could be arduous given the agile virtual infrastructures of today.
For even more information, check out our white paper,
Visibility into the Cloud and Virtualized Data Center”.
CiscoLiveOrlando_GIGAMON6 CiscoLiveOrlando-GIGAMON5 CiscoLiveOrlando-GIGAMON4 CiscoLiveOrlando-GIGAMON1 CiscoLiveOrlando_GIGAMON3 CiscoLiveOrlando_GIGAMON2