Product & Solutions Overview

Ananda Rajagopal
VP, Product Line Management

© 2017-2020 Gigamon Inc. All rights reserved.

The New Tomorrow will be Complex and Demand Agility

PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS

Legacy
Systems FW

Cloud
IPS
Operational
Technology

SIEM

Virtual
Containers and
Microservices Performance Security
NPMD

Mobility Physical
APM

2
The Gigamon Visibility and Analytics Fabric

PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS

Legacy
Systems ThreatINSIGHT

Cloud FW

Operational
Technology
IPS

Gigamon | Visibility & Analytics Fabric

Virtual SIEM
Containers and
Microservices

NPMD

Mobility Physical APM

3
Essential Elements of a Visibility and Analytics Fabric

PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS

Legacy
Systems ThreatINSIGHT
Analyze
Application Intelligence, INSIGHT Cloud Data Warehouse
Cloud FW

Operational
Technology Transform
IPS
GigaSMART: Traffic Intelligence, Subscriber Intelligence

Virtual
Aggregate SIEM
Containers and
Microservices
GigaVUE-OS Software
NPMD

Access
Mobility Physical APM
Network Visibility Nodes: Physical, Virtual, Cloud, Containers

4
 Portfolio Highlights

Hardware Cloud GigaSMART and GigaVUE FM Software Gigamon

GigaVUE-OS Software ThreatINSIGHT
+ High capacity + Private Cloud: + Configuration,
HC appliances VMware NSX-T / + Core Intelligence Intent-based + Network
ESXi, Nutanix, orchestration detection &
+ 1/10/25/40/100G + Flow Mapping, response
OpenStack
aggregators GigaStream + Visualization &
+ Public Cloud: monitoring + Integrated
+ Comprehensive + Traffic Intelligence sensor on
AWS, Azure, GCP
tap portfolio + Decryption, De- + Reporting visibility
+ Container duplication appliances
+ Integrated visibility + Automation & 3rd
sensor for + 4G, 5G subscriber- party integration + Physical, virtual,
Gigamon aware visibility cloud sensors
ThreatINSIGHT
+ App Intelligence + 3rd party
integrations
Hardware Visibility Nodes
Hardware Visibility Nodes

GigaVUE H Series GigaVUE TA Series Network Taps

G-TAP M Series
GigaVUE-TA200

GigaVUE-HC3
G-TAP
GigaVUE-TA100

GigaVUE-HC2 GigaVUE-TA40 G-TAP A Series

GigaVUE-HC1 GigaVUE-TA10 Embedded Taps

Intelligent Visibility Nodes Tap Aggregators Physical Taps

with native GigaSMART intelligence
▸ HC1: Entry-level 10G, 1G
▸ HC2: 10G, entry-level 40/100G
▸ HC3: 25G, 40G, 100G
▸ Full spectrum of traffic, subscriber,
application intelligence
▸ Cluster multiple nodes for scale
▸ Integrated ThreatINSIGHT sensor (HC1)
Aggregate. Filter. Optimize. ▸ High-density active
▸ Traffic aggregators for and passive TAPs
10G/25G/40G/100G ▸ Non-intrusive physical access to
▸ Low-cost tap aggregation use cases network traffic
▸ Cluster with GigaVUE H Series ▸ 10 Mbps to 100 Gbps rates (incl.
for full traffic, subscriber, application 40Gb/100Gb BiDi)
intelligence capabilities

7
Visibility in Hybrid Cloud
Consistent visibility across public, private and hybrid cloud

ThreatINSIGHT Tool Tool Tool Tool

Smart
Cloud
Monitoring Gigamon Visibility and Analytics Fabric

Technology
Virtual machines Containers Service mesh

Platforms Any physical

network
Common Architecture for Public and Private Clouds
Key Building Blocks

3rd party Orchestrators & GigaVUE-FM

Integration with
Automation Cloud Platform

Virtual
Container / Agent ThreatINSIGHT
(V Series)

3rd party tunnels Physical 3rd Party Tools

(HC / TA Series)

Traffic Acquisition Traffic Aggregation Traffic Analytics

and Transformation 10
 Introducing the New V Series for VMware
Highlights

+ Visibility in VMware ESXi and NSX

3rd party Orchestrators & GigaVUE-FM Integration with

+ GigaSMART in virtual form factor Automation Cloud Platforms

+ Significant new capabilities vs. VMContainer

/ Container
/ Agent
/ Agent
Virtual
ThreatINSIGHT
(V Series)
GigaVUE-VM
+ Foundation for multi-cloud Physical
3rd party tunnels 3rd Party Tools
(HC / TA Series)

Traffic Acquisition Traffic Aggregation Traffic Analytics

and Transformation

11

© 2017-2020 Gigamon Inc. All rights reserved. Discussed under NDA

Visibility in Public Cloud

On-Premises Public Cloud

Hardware TAPs Events and/or flow records

SPAN sessions from network devices, virtualized hosts Custom agents deployed by tools

Virtual TAPs on virtualized hosts Challenges:

Flow monitoring using IPFIX ▸ Primarily for troubleshooting

▸ Reactive and not proactive

Network metadata
▸ Difficult to App performance impact
Install a special-purpose monitoring appliance
▸ Cost implications due to compute per agent
Gigamon Visibility and Analytics Fabric
▸ Reduces agility when deploying new What
happens when you need to deploy a new tool?
12
Public Cloud Visibility Challenges and Gigamon Solution

AWS AWS

Region
Virtual Cloud Network Virtual Cloud Network
VPC VPC
Load Balancer Load Balancer
ELB

Web Tool Tier Visibility

Tool TierTier
Web
Tier Tier
GigaVUE-FM
Load Balancer Load Balancer
ELB
Gigamon Cloud Visibility
App App
Tier Tier

Tool
Database Database
RDS Tier
Availability Zone Availability
AZ Zone

X Inability to access all network traffic ü Minimize agent overload

X Discrete vendor monitoring agents per instance ü Aggregate, select, optimize, and distribute traffic
X Impacts workload and virtual network performance ü Customize orchestration and single-pane-of-glass visualization
X Static visibility with heavy disruption ü Elastic Visibility as workloads scale-out

Load Balancer Subnet Instances Tool Database Availability Zone

13
Visibility in Cloud: Example Deployment
Centralized Visibility Using AWS Across Multiple Teams and Applications

AWS AWS Region A

Applications SecOps VPC Multiple Teams

VPC VPC VPC

Web Visibility Tier Tool Tier Visibility Tier Web

Tier Tier

App App
Tier Visibility Tier Tier
GigaVUE-FM

On-Premises
Data Center
GIGAMON VISIBILITY & ANALYTICS FABRIC

Security, Performance
Management, and Analytics Tools

14
GigaVUE-OS, GigaSMART
Software
 Core Intelligence

Analyze
GigaSMART Application Intelligence, INSIGHT Cloud Warehouse

Transform
GigaSMART Traffic Intelligence, Subscriber Intelligence
Core Intelligence
Aggregate ▸ Flow Mapping: Define policies to extract flows of interest
▸ GigaStream load balancing distributes flows across tools
Core Intelligence: GigaVUE-OS Software
▸ Terabit scale configurations with clustering and Fabric Maps
▸ Inline bypass optimizes threat prevention tools, enforcement point
Access
▸ Visibility across physical, virtual and cloud infrastructure
Network Visibility Nodes: Physical, Virtual, Cloud, Containers

© 2017-2020 Gigamon Inc. All rights reserved.

Example Core Intelligence: Flow Mapping ®
Access, Select and Deliver Traffic

Network Ports Tool Ports

(or to GigaSMART)

Flow Mapping®
From network

Map Rule Tool 1 (VoIP)

Map Rule Tool 2 (IDS)

Map Rule Tool 3 (CEM)

Map Rule Tool 4 (Web)

Tool 5 (SQL)

Map Rule Tool 6 (Recorder)

Configurable Policies

17

VoIP IDS CEM WEB

Example Core Intelligence: Inline Bypass
Increase efficiency of threat prevention tools enabling network ops and security ops teams to collaborate

NETWORK TEAMS
Maximize availability &
E.g. WAN router resiliency
IPS IPS WAF ▸ Maximize tool efficacy
▸ Increase scale of security monitoring
▸ Bypass protection with advanced health
E.g. Firewall checks to maximize availability

SECURITY TEAMS
E.g. IPS Maximize operational agility
▸ Add, remove, upgrade tools seamlessly:
reduce risk and security effort
E.g. WAF ▸ Migrate tools from detection to prevention
modes (and vice-versa)
▸ Easily inspect asymmetric network flows
▸ Integrate inline, out-of-band, flow-based
E.g. ATP tools & metadata to a common platform

E.g. Core switch

ATP ATP ATP
18
IPS = Intrusion Prevention System
WAF = Web Application Firewall
ATP = Advanced Threat Prevention
 GigaSMART Applications: Traffic, Subscriber and Application Intelligence

Analyze
GigaSMART Application Intelligence, INSIGHT Cloud Warehouse

Transform
GigaSMART Traffic Intelligence, Subscriber Intelligence

Aggregate
Core Intelligence: GigaVUE-OS Software

Access
Traffic Intelligence
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
▸ De-duplicate data streams to increase tool efficiency
▸ Compliance controls with packet slicing, data masking
▸ Insulate tools from encapsulations with header stripping
▸ Encrypted traffic management with TLS decryption

© 2017-2020 Gigamon Inc. All rights reserved.

▸ Centralized NetFlow/IPFIX generation to offload network
 Example GigaSMART Application: TLS Decryption

Clients Internet Servers Customer Pain Points

+ Lack of visibility into TLS traffic causes blind spots
+ Decrypting TLS traffic on each tool prohibitively expensive
+ Not future-proof for TLS 1.3

Internet

Gateway
Active, Inline Passive, Out-of-Band
Appliance(s) Appliance(s)
Gigamon Solution
APT Network + “Decrypt once, analyze many” with centralized decryption
Prevention Forensics + Enhance efficiency, coverage of security tools
IPS
Anti- + Decrypt inbound and outbound TLS sessions
malware + Offload expensive TLS processing from other tools
+ Deliver TLS visibility to out-of-band tools for modern cipher
suites
+ Integrates URL categorization to protect data privacy
Corporate Servers Clients

Encrypted Traffic Decrypted / Unencrypted Traffic 20

 GigaSMART Applications: Traffic, Subscriber and Application Intelligence
Analyze
GigaSMART Application Intelligence, INSIGHT Cloud Data Warehouse
Transform
GigaSMART Traffic Intelligence, Subscriber Intelligence
Aggregate
Core Intelligence: GigaVUE-OS Software
Access
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
© 2017-2020 Gigamon Inc. All rights reserved.
Subscriber Intelligence
▸ 5G, 4G GTP correlation of control, user traffic for subscriber data
▸ SIP/RTP correlation of control, user traffic for rich media visibility
▸ FlowVUE sampling and whitelisting to optimize tool resources
▸ Enable smooth migration from 4G/LTE to 5G/CUPS
▸ Slash monitoring costs to increase average profitability per user
Traffic Intelligence
▸ De-duplicate data streams to increase tool efficiency
▸ Compliance controls with packet slicing, data masking
▸ Insulate tools from encapsulations with header stripping
▸ Encrypted traffic management with TLS decryption
▸ Centralized NetFlow/IPFIX generation to offload network
 Example: Subscriber Correlation and Whitelisting
5G CUPS1 Correlation 5G Network Slice Correlation
How it works? How it works?
Enables targeted forwarding of traffic for specific users or equipment only Send the network slice to the appropriate tool
5G Traffic 5G Traffic 5G Traffic
Control Plane User Plane User Plane

(N4, N11) (N3, N4) (N3, N4)

5G Network Slice Correlation

Slice C

Slice D
Slice A
5G CUPS Correlation

Slice B
Control Plane User Plane

Enterprise Customer IoT 5G VIP General

Probe Probe Probe Probe

Physical Virtual Container Network Slice A Network Slice B Network Slice C Network Slice D
Probe Probe Probe Application Filter Metadata 100% Sampling +
1) CUPS = Control and User Plane Separation Intelligence Extraction Packets Load Balancing

5G Subscriber Whitelisting 5G Subscriber Sampling

How it works? How it works?
Filters out all traffic not belonging to the pre-defined subscriber whitelist Filters out all traffic not belonging to the pre-defined sample list (deterministic or random)

SUPI = 310150123456781 SUPI = 310150123456782 SUPI = 310150123456783 SUPI = 310150123456784 SUPI = 310150123456781 SUPI = 310150123456782 SUPI = 310150123456783 SUPI = 310150123456784

5G Subscriber Whitelisting 5G Subscriber Sampling

SUPI = 310150123456782
Whitelist Samplelist
SUPI = 310150123456783
SUPI’s2 SUPI = 310150123456782 SUPI = 310150123456784
SUPIs ending in 2,4
310150123456782 (Deterministic)
310150123456783

22
2) SUPI = Subscription Permanent Identifier
SUPI (5G) = IMSI (4G) Up to 99% reduction in traffic Up to 90% reduction in traffic
 GigaSMART Applications: Traffic, Subscriber and Application Intelligence
Analyze
GigaSMART Application Intelligence, INSIGHT Cloud Data Warehouse
Transform
GigaSMART Traffic Intelligence, Subscriber Intelligence
Aggregate
Core Intelligence: GigaVUE-OS Software
Access
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
© 2017-2020 Gigamon Inc. All rights reserved.
Application Intelligence
▸ Application Visualization: Understand apps on a network
▸ Extract applications of interest with application filtering
▸ Exclude high bandwidth apps from overloading tools
▸ Generate application metadata from network traffic
▸ Reduce business-critical risks through easier data isolation
Subscriber Intelligence
▸ 5G, 4G GTP correlation of control, user traffic for subscriber data
▸ SIP/RTP correlation of control, user traffic for rich media visibility
▸ FlowVUE sampling and whitelisting to optimize tool resources
▸ Enable smooth migration from 4G/LTE to 5G/CUPS
▸ Slash monitoring costs to increase average profitability per user
Traffic Intelligence
▸ De-duplicate data streams to increase tool efficiency
▸ Compliance controls with packet slicing, data masking
▸ Insulate tools from encapsulations with header stripping
▸ Encrypted traffic management with TLS decryption
▸ Centralized NetFlow/IPFIX generation to offload network
Application Intelligence

Application Application Application

Usage and Patterns
• Classification of 3000+
applications
• Corp, web, mobile & custom
applications
• Simple dashboards
Extraction
• Action on individual applications
• Detect, manage and isolate shadow
IT, ICS (Industrial Control Systems),
social media applications, etc.
Attributes & KPIs
• 5,000+ metadata attributes
• Metrics on security, performance,
customer experience
• Export to SIEMs with pre-built
adapters

Application Application Application

Visualization Filtering Metadata

Application Intelligence
24
Application Visualization

25
Application Filtering Intelligence

Skype Threat
GIGAMON Detection

Internet – North-South VISIBILITY

&
A N A LY T I C S
FABRIC
Packet-
Based
Forensics

Application
Performance
Monitoring

Application
Intelligence
Corp Network – East-West
Data Loss
Prevention

26
Application Metadata Intelligence

Application Metadata
Intelligence

1010101000
1110010101
10101010001110 SQL,
0100011100
01010101000111
1010101000
00101010100010 Facebook,
1010101000
10101000111001 Dropbox,
1110010101
01010100011101
0100011101 Salesforce

Extend beyond “who and when” users, apps are using the network
Network
Learn how they are communicating by observing command and directives
Learn what they are doing by looking at the requested resources
Up to 1000x the information in NetFlow, 1/10 the storage of PCAPs
27
Gigamon Application Metadata Intelligence for SIEM Tools
Rogue Servers
Suspicious Network Activity

Data Exfiltration:
DNS Tunneling

Weak Ciphers Suspicious User Activity

GigaVUE-FM Fabric Management
 GigaVUE-FM
Single pane of glass management

GigaVUE-FM: Centralized Management & Control

Configuration Visualization / Monitoring Reporting Automation & 3rd party
+ Node-level element + End-to-end topology + Summary dashboards integration
management visualization • Port, map usage + Integration with 3rd parties
• Top talkers • Amazon EC2, Cloudwatch
+ Intent-based Orchestration + Auto-discovery of network
+ Audit trail • Azure APIs
+ Ease-of-use for popular + Hierarchical grouping of • VMware vSphere, NSX Mgr
capabilities nodes by tags + Export/schedule HTML/ • Nutanix
• Inline bypass PDF reports • OpenStack
• App Intelligence + Tool capacity planning to
maximize tool utilization + Inventory reports + REST API gateway for
• TLS Decryption
+ Performance reports generic automation
+ License management + Status and events
+ Ansible playbooks
+ RBAC

© 2017-2020 Gigamon Inc. All rights reserved.

Unified Architecture for Visibility: Physical and Cloud (Public or Private)

GigaVUE-FM
Integration with 3rd party Orchestrators &
Cloud Platform Automation

G-vTAP Virtual
ThreatINSIGHT
VM / Container / Agent (V Series)
or

3rd-Party Tunnels
or or
(ERSPAN, L2GRE, VXLAN)
or

G-TAP Physical 3rd-Party Tools

(Fiber & Copper) (HC / TA Series) (Physical or SaaS)

Traffic Acquisition Traffic Aggregation Traffic Analytics

and Transformation
Gigamon ThreatINSIGHT
Network Detection & Response
Gigamon ThreatINSIGHT
High-velocity Cloud-native Network Detection and Response (NDR)
Unequaled Visibility
Comprehensive Visibility Across
your Attack Surface (N/S/E/W +
AWS/Azure/Cloud + Decrypted
Traffic*)
Unlimited storage of detection
related Enriched Network
Metadata (near full-PCAP detail
without high storage
requirements)
Up to 30 Days retention of all
Enriched Network Metadata
activity to enable Threat Hunting
and Full Incident Investigation
High Fidelity Threat Detection
Leading Threat Intelligence,
Machine Learning & Behavioral
Analysis from the Gigamon
Applied Threat Research Team
High-fidelity, accelerated Threat
Detection with automatic Risk
Scoring across entire MITRE
ATT&CK framework
Rapid, Informed Response
Fast omnisearch capability to
investigate along any vector
through extended timeframes
Powerful Threat Hunting and Full
Investigation & Incident
Management Workflows
Case evidence to enable security
experts make informed, complete
response decisions
Integrations with leading security
solutions to rapidly carry out
mitigation actions
33

Technology Components
• Physical, virtual, AWS/Azure, & HC1
sensors
• Lightweight interface designed by
responders, for responders
• Real-time, omnisearch with the INSIGHT
Query Language (IQL)
• Expertly documented bi-directioal APIs
• Fully managed; no tuning, no monitoring,
and rapid deployment
Gigamon ThreatINSIGHT
Cloud Data Warehouse
• Data normalization and enrichment
• Cloud-native, multi-tenant, global data
storage
• Threat Discovery: Supervised ML,
Unsupervised ML, Behavioral Analysis, &
Expert Systems
• Response: Metadata enriched with Entity
and Destination intelligence and
indexed for rapid omnisearch led
investigations
Applied Threat Research
• Dedicated team of specialized data
scientists paired with threat
researchers / responders
• Research threat actors, their tools,
and their infrastructure to produce
leading proprietary Intelligence
• Apply all ML techniques to global
INSIGHT Cloud Data Warehouse
data sets, enabling identification of
emerging threats
Customer Success/TAMs
• Each customer is assigned a
ThreatINSIGHT TAM. Each TAM is a
trained, experienced incident responder
and ThreatINSIGHT expert who work
tirelessly to ensure you gain tremendous
value from the solution
• TAM’s deliver training, enablement
during incident investigations, & assist
deployment for full network visibility
34
ThreatINSIGHT Benefits
A high-velocity cloud-native network detection and response solution designed for speed and scale
+ Unequaled visibility that eliminates blindspots
across your attack surface
+ Fast, high-fidelity detection of hidden and
emerging threats
+ Rapid investigations to make informed
mitigation response actions that stop threats
+ Eliminate operational maintenance, enabling
response teams to focus on threats and not
management of tools
+ INSIGHT Cloud Data Warehouse enables
advanced ML and Behavioral Analytics for
Threat Detection while enriching, indexing,
and storing metadata to enable omnisearch
capabilities for rapid response
+ ThreatINSIGHT is not just software, with ATR
and our TAM’s it’s a partnership in combatting
cyber threats through high-fidelity detection
and rapid, informed response
35
Summary: The Gigamon Visibility and Analytics Fabric

PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS

Legacy
Systems ThreatINSIGHT
Analyze
Application Intelligence, INSIGHT Cloud Data Warehouse
Cloud FW

Operational
Technology Transform
IPS
GigaSMART: Traffic Intelligence, Subscriber Intelligence

Virtual
Aggregate SIEM
Containers and
Microservices
GigaVUE-OS Software
NPMD

Access
Mobility Physical APM
Network Visibility Nodes: Physical, Virtual, Cloud, Containers

36
 Get Connected!
community.gigamon.com

Thank You