Gigamon’s Security Delivery Platform Shifts the Focus of Security to Identification and Remediation
By Zeus Kerravala
Founder and Principal Analyst ZK Research
Gigamon is a ZK Research Client
Gigamon on Tuesday launched its GigaSECURE architecture; what it calls the security market's first Security Delivery Platform (SDP).
Gigamon is a market leader in visibility platforms that provide pervasive information of network traffic, users and applications to network management tools. The visibility platform is a “fabric” that processes and analyzes data and then delivers it to different management tools. This improves both the accuracy and performance of network management solutions.
The GigaSECURE SDP plays a similar role for security but shifts the focus from threat prevention to threat identification and remediation. Almost all security tools today are focused on preventing threats at the perimeter.
Firewalls, IDS/IPS systems and other appliances are designed to stop threats before they make their way into the enterprise. What happens though when a breach occurs? The malicious traffic is free to spread inside the company and cause widespread damage.
Preventing threats is an asymmetric challenge for the security team. Businesses need to protect every point of entry but hackers only need to find one. Given the rise in consumer devices, cloud services, phishing sites and DNS attacks the asymmetry between security teams and cyber criminals is widening.
The GigaSECURE SDP appears to reverse this imbalance. Once the threat has invaded the network it often branches out to other systems causing anomalous traffic patterns. The Gigamon infrastructure captures every flow and is able to quickly detect any traffic pattern that is not the norm.
This means once hackers are inside they must carefully navigate all the systems they have unfiltered but one mistake will be detected by the SDP effectively flipping the asymmetry imbalance around.
In a conversation with Gigamon’s CTO, Shezad Merchant, he and I discussed how the average time for businesses to identify a breach is four months, which is unacceptable in today’s digital computing age.
The value that GigaSECURE can bring is to shrink that four-month window to just a few minutes saving companies hours of remediation time and possibly millions of dollars depending on which systems have been breached.
Once the threat has been identified, the SDP can quarantined the data minimizing the “blast radius” of the breach and then direct the traffic to the appropriate security tool for rapid remediation.
The SDP has other features that can help businesses better address the rapidly evolving threat landscape. These include:
- Bridging the physical – virtual gap. The SDP spans the entire network include cloud and virtual environments meaning virtual and cloud traffic will no longer be invisible to the security tools.
- Improves the scale of existing security infrastructure. The SDP applies a level of intelligence to the data and only forwards traffic to the security tool that it requires. For example, there’s no need to send non-web traffic to a web application firewall. Gigamon is able to decipher the traffic and then direct web traffic instead of having the web filtering tool do the heavy lifting.
- Bring visibility to encrypted traffic. Gigamon’s SDP is able to hold the security keys for encrypted traffic. Gigamon will unencrypt the traffic, look for threats, take action on any suspected malicious traffic and re-encrypt the good traffic.
- Support in-line and out-of-band security models. Customers can choose to put the SDP out-of-band for passive monitoring and testing capabilities. Once there is a degree of comfort with the solution, the solution can then be used in-line.
One of the biggest benefits of GigaSECURE is the broad security ecosystem. It isn’t designed to replace the security tools in place. Rather it sits in between the network and existing products to help with the management and performance of the security tools. Gigamon has a broad ecosystem of security vendors including the following:
- Advanced Malware Protection: Cisco, Cyphort, Damballa, FireEye and Lastline;
- Behavior Analytics: LightCyber and Niara;
- DLP solutions: Symantec;
- Forensics: NIKSUN and Savvius;
- IPS: BlueCoat, Corero, HP, IBM and Tenable;
- NAC: ForeScout;
- NGFW: Check Point, Fortinet and Palo Alto Networks;
- Secure Email Gateways: Cisco, Sophos and Trend Micro;
- Secure Web Gateways: Symantec;
- SIEMs: ARCsight, Lancope, LogRythm, RSA and Splunk; and
- WAFs: Imperva.
It’s time for CSOs to take a hard look at how cybersecurity is being done within the organization and come to terms with the fact that perimeter security, while required, isn’t good enough to stop all attacks. The GigaSECURE security delivery platform can help shift the focus to identification and remediation while improving the ROI of the existing tools in place.
The views and opinions expressed herein are those of the author and do not necessarily reflect the views of Security Current, its affiliates and employees.