Professional Documents
Culture Documents
Product & Solutions Overview: Ananda Rajagopal VP, Product Line Management
Product & Solutions Overview: Ananda Rajagopal VP, Product Line Management
Product & Solutions Overview: Ananda Rajagopal VP, Product Line Management
Ananda Rajagopal
VP, Product Line Management
PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS
Legacy
Systems FW
Cloud
IPS
Operational
Technology
SIEM
Virtual
Containers and
Microservices Performance Security
NPMD
Mobility Physical
APM
2
The Gigamon Visibility and Analytics Fabric
PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS
Legacy
Systems ThreatINSIGHT
Cloud FW
Operational
Technology
IPS
NPMD
3
Essential Elements of a Visibility and Analytics Fabric
PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS
Legacy
Systems ThreatINSIGHT
Analyze
Application Intelligence, INSIGHT Cloud Data Warehouse
Cloud FW
Operational
Technology Transform
IPS
GigaSMART: Traffic Intelligence, Subscriber Intelligence
Virtual
Aggregate SIEM
Containers and
Microservices
GigaVUE-OS Software
NPMD
Access
Mobility Physical APM
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
4
Portfolio Highlights
G-TAP M Series
GigaVUE-TA200
GigaVUE-HC3
G-TAP
GigaVUE-TA100
7
Visibility in Hybrid Cloud
Consistent visibility across public, private and hybrid cloud
Technology
Virtual machines Containers Service mesh
Virtual
Container / Agent ThreatINSIGHT
(V Series)
11
SPAN sessions from network devices, virtualized hosts Custom agents deployed by tools
AWS AWS
Region
Virtual Cloud Network Virtual Cloud Network
VPC VPC
Load Balancer Load Balancer
ELB
Tool
Database Database
RDS Tier
Availability Zone Availability
AZ Zone
App App
Tier Visibility Tier Tier
GigaVUE-FM
On-Premises
Data Center
GIGAMON VISIBILITY & ANALYTICS FABRIC
Security, Performance
Management, and Analytics Tools
14
GigaVUE-OS, GigaSMART
Software
Core Intelligence
Analyze
GigaSMART Application Intelligence, INSIGHT Cloud Warehouse
Transform
GigaSMART Traffic Intelligence, Subscriber Intelligence
Core Intelligence
Aggregate ▸ Flow Mapping: Define policies to extract flows of interest
▸ GigaStream load balancing distributes flows across tools
Core Intelligence: GigaVUE-OS Software
▸ Terabit scale configurations with clustering and Fabric Maps
▸ Inline bypass optimizes threat prevention tools, enforcement point
Access
▸ Visibility across physical, virtual and cloud infrastructure
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
Flow Mapping®
From network
Tool 5 (SQL)
Configurable Policies
17
NETWORK TEAMS
Maximize availability &
E.g. WAN router resiliency
IPS IPS WAF ▸ Maximize tool efficacy
▸ Increase scale of security monitoring
▸ Bypass protection with advanced health
E.g. Firewall checks to maximize availability
SECURITY TEAMS
E.g. IPS Maximize operational agility
▸ Add, remove, upgrade tools seamlessly:
reduce risk and security effort
E.g. WAF ▸ Migrate tools from detection to prevention
modes (and vice-versa)
▸ Easily inspect asymmetric network flows
▸ Integrate inline, out-of-band, flow-based
E.g. ATP tools & metadata to a common platform
Analyze
GigaSMART Application Intelligence, INSIGHT Cloud Warehouse
Transform
GigaSMART Traffic Intelligence, Subscriber Intelligence
Aggregate
Core Intelligence: GigaVUE-OS Software
Access
Traffic Intelligence
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
▸ De-duplicate data streams to increase tool efficiency
▸ Compliance controls with packet slicing, data masking
▸ Insulate tools from encapsulations with header stripping
▸ Encrypted traffic management with TLS decryption
Internet
Gateway
Active, Inline Passive, Out-of-Band
Appliance(s) Appliance(s)
Gigamon Solution
APT Network + “Decrypt once, analyze many” with centralized decryption
Prevention Forensics + Enhance efficiency, coverage of security tools
IPS
Anti- + Decrypt inbound and outbound TLS sessions
malware + Offload expensive TLS processing from other tools
+ Deliver TLS visibility to out-of-band tools for modern cipher
suites
+ Integrates URL categorization to protect data privacy
Corporate Servers Clients
Analyze
GigaSMART Application Intelligence, INSIGHT Cloud Data Warehouse
Access
Traffic Intelligence
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
▸ De-duplicate data streams to increase tool efficiency
▸ Compliance controls with packet slicing, data masking
▸ Insulate tools from encapsulations with header stripping
▸ Encrypted traffic management with TLS decryption
Slice C
Slice D
Slice A
5G CUPS Correlation
Slice B
Control Plane User Plane
Physical Virtual Container Network Slice A Network Slice B Network Slice C Network Slice D
Probe Probe Probe Application Filter Metadata 100% Sampling +
1) CUPS = Control and User Plane Separation Intelligence Extraction Packets Load Balancing
SUPI = 310150123456781 SUPI = 310150123456782 SUPI = 310150123456783 SUPI = 310150123456784 SUPI = 310150123456781 SUPI = 310150123456782 SUPI = 310150123456783 SUPI = 310150123456784
Whitelist Samplelist
SUPI = 310150123456782 SUPI = 310150123456783
SUPI’s2 SUPI = 310150123456782 SUPI = 310150123456784
SUPIs ending in 2,4
310150123456782 (Deterministic)
310150123456783
22
2) SUPI = Subscription Permanent Identifier
SUPI (5G) = IMSI (4G) Up to 99% reduction in traffic Up to 90% reduction in traffic
GigaSMART Applications: Traffic, Subscriber and Application Intelligence
Application Intelligence
▸ Application Visualization: Understand apps on a network
▸ Extract applications of interest with application filtering
▸ Exclude high bandwidth apps from overloading tools
Analyze
▸ Generate application metadata from network traffic
GigaSMART Application Intelligence, INSIGHT Cloud Data Warehouse
▸ Reduce business-critical risks through easier data isolation
Access
Traffic Intelligence
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
▸ De-duplicate data streams to increase tool efficiency
▸ Compliance controls with packet slicing, data masking
▸ Insulate tools from encapsulations with header stripping
▸ Encrypted traffic management with TLS decryption
Application Intelligence
24
Application Visualization
25
Application Filtering Intelligence
Skype Threat
GIGAMON Detection
Application
Performance
Monitoring
Application
Intelligence
Corp Network – East-West
Data Loss
Prevention
26
Application Metadata Intelligence
Application Metadata
Intelligence
1010101000
1110010101
10101010001110 SQL,
0100011100
01010101000111
1010101000
00101010100010 Facebook,
1010101000
10101000111001 Dropbox,
1110010101
01010100011101
0100011101 Salesforce
Extend beyond “who and when” users, apps are using the network
Network
Learn how they are communicating by observing command and directives
Learn what they are doing by looking at the requested resources
Up to 1000x the information in NetFlow, 1/10 the storage of PCAPs
27
Gigamon Application Metadata Intelligence for SIEM Tools
Rogue Servers
Suspicious Network Activity
Data Exfiltration:
DNS Tunneling
GigaVUE-FM
Integration with 3rd party Orchestrators &
Cloud Platform Automation
G-vTAP Virtual
ThreatINSIGHT
VM / Container / Agent (V Series)
or
3rd-Party Tunnels
or or
(ERSPAN, L2GRE, VXLAN)
or
33
Gigamon ThreatINSIGHT
Technology Components Cloud Data Warehouse Applied Threat Research Customer Success/TAMs
• Physical, virtual, AWS/Azure, & HC1 • Data normalization and enrichment • Dedicated team of specialized data • Each customer is assigned a
sensors scientists paired with threat ThreatINSIGHT TAM. Each TAM is a
• Cloud-native, multi-tenant, global data
• Lightweight interface designed by storage researchers / responders trained, experienced incident responder
responders, for responders and ThreatINSIGHT expert who work
• Threat Discovery: Supervised ML, • Research threat actors, their tools,
tirelessly to ensure you gain tremendous
• Real-time, omnisearch with the INSIGHT Unsupervised ML, Behavioral Analysis, & and their infrastructure to produce value from the solution
Query Language (IQL) Expert Systems leading proprietary Intelligence
• TAM’s deliver training, enablement
• Expertly documented bi-directioal APIs • Response: Metadata enriched with Entity • Apply all ML techniques to global
and Destination intelligence and during incident investigations, & assist
• Fully managed; no tuning, no monitoring, INSIGHT Cloud Data Warehouse
indexed for rapid omnisearch led deployment for full network visibility
and rapid deployment data sets, enabling identification of
investigations
emerging threats 34
ThreatINSIGHT Benefits
A high-velocity cloud-native network detection and response solution designed for speed and scale
35
Summary: The Gigamon Visibility and Analytics Fabric
PERFORMANCE &
DEVICES &
APPLICATIONS
INFRASTRUCTURE SECURITY TOOLS
Legacy
Systems ThreatINSIGHT
Analyze
Application Intelligence, INSIGHT Cloud Data Warehouse
Cloud FW
Operational
Technology Transform
IPS
GigaSMART: Traffic Intelligence, Subscriber Intelligence
Virtual
Aggregate SIEM
Containers and
Microservices
GigaVUE-OS Software
NPMD
Access
Mobility Physical APM
Network Visibility Nodes: Physical, Virtual, Cloud, Containers
36
Get Connected!
community.gigamon.com
Thank You