Dawn of a New Era: Active Visibility for Multi-tiered Security

What keeps the enterprise security team up at night? Fear that their enterprise would be the next target of a breach or a security attack. Per Gartner, an estimated $18 Billion will be spent by enterprises world-wide on various security products/services in 2014. Yet breaches and the negative consequences of vulnerabilities continue to proliferate … self-replicating malware, denial-of-service attacks, exploiting security vulnerabilities in products, cyber-espionage, theft of critical data and more. Surely, this begs the question as to why “secured” networks are so exposed!

The reality is that the envelope of threats has expanded significantly today. No longer can one rely on reactive security; one has to be proactive. Attacks can come from multiple sources, can originate from the inside of an enterprise or at the perimeter. A multi-tiered security approach is required to protect against different types of attacks by using intelligent real-time traffic inspection across both inline and out-of-band security appliances. These security appliances/software could include firewalls, IPS, malware detectors, IDS, Data Loss Prevention, anti-virus software and other SIEM (Security Information and Event Management) approaches. In this scenario, the security team is faced with important questions: how does one make sure that inline tools (e.g. IPS and firewalls) do not become a single point of failure? How does the security administrator ensure that critical links that have tight maintenance windows are continuously monitored? How do security and network teams cooperate to ensure that inline security tools do not become network bottlenecks? As networks and applications continue to grow along with the volume and pace of information, these security solutions can quickly be pushed beyond their limit, eventually compromising enterprise security.

Until now! Say hello to the age of Active Visibility for Multi-tiered Security. Gigamon today announced a new approach that allows security teams to address the aforementioned challenges by combining high availability and intelligent traffic distribution across multiple inline and out-of-band security tools to ensure continuous security monitoring. The combination of high-performance compute and advanced traffic intelligence for traffic distribution across multiple security devices addresses the aforementioned risks to reduce the threat envelope, mitigate risk and maximize asset utilization. For example, the ability to take traffic from a single network link and intelligently replicate it across multiple inline security and out-of-band security tools means that all of these specialized security tools can concurrently inspect the same traffic in real-time. Moreover, the built-in fail-safe/fail-open high-availability capabilities ensure that continuous security monitoring can finally be achieved. No critical link is now a single point of failure. A failure of a single security tool in a chain of security devices will no longer create a domino effect that exposes the enterprise. And although inline security tools operate at very different rates compared to the network, the approach allows traffic to be intelligently load balanced across multiple instances of a security device such as an IPS to allow scalable security practices to be put in place. As you would see from today’s press release, this revolutionary approach has been publicly endorsed by several of Gigamon’s security ecosystem partners such as FireEye and ForeScout.

Delivered in the form of an inline “bypass” module and an advanced traffic intelligence GigaSMART® module with embedded ports on Gigamon’s GigaVUE-HC2 platform, the approach arms security teams with tremendous infrastructure insight and response capabilities in real-time. The new front-facing GigaSMART® modules increase the compute power of the GigaVUE-HC2 so that a single 2 RU compact unit can process up to 200 Gbps across 64 10G ports, while a standard rack full of these systems can process up to a whopping 4.2 Tbps! The implication of this enormous compute power means that an unprecedented level of traffic pre-processing can be done using the various advanced GigaSMART applications to deliver only relevant data to out-of-band security tools. The GigaVUE-HC2 platform is a compact 2 RU platform that is part of Gigamon’s Unified Visibility Fabric architecture that leads the pack in the category of mid-range products for network visibility today.