Gigamon and FireEye: A One, Two Knockout Punch For Cyber Attacks

FireEye pioneered new technology that uses advanced threat protection that reaches beyond signatures to prevent, detect and respond to multi-stage attacks. FireEye MVX platform executes suspicious activity safely inside virtual environments that identify malicious code so an attack can be isolated and the appropriate response and mitigation can take place. The technique has been called “sandboxing” but the FireEye approach is quite differentiated in the market because it is purpose-built and takes advantage of multi-vector and multi-flow capabilities that aren’t available in other sandboxing solutions. FireEye processes nearly half a million unique malware samples per day and has conducted over 2 million deep dive forensic analyses. It is no wonder that its 2500+ customer base is a rapidly growing one.

Figure 1: Source FireEye Analyst Day June 3, 2015

[Note: this is now 19 zero-days]

FireEye’s MVX technology is now available across the network, web, email, and along with forensics, endpoint and cloud-security products, FireEye offers a complete line of defenses against advanced attacks, including sophisticated techniques like zero-days – malicious code that take advantage of an unknown flaws in software and easily evade traditional signature-based technology.

FireEye’s advanced threat prevention capabilities are a perfect complement for Gigamon’s security delivery platform and the visibility and scaling that it enables for FireEye. Gigamon extends the reach of FireEye threat detection to virtualized networks and encrypted traffic for instance. It also allows administrators to optionally toggle deployment inline or out of band as required. And with application session filtering, Gigamon can send the right traffic (e.g. mail, web or Netflow data) to those FireEye appliances optimized to receive each.

FireEye + Gigamon: A Real Better Together Package

So what does bringing together advanced threat protection with market leading visibility give customers? In short, the package extends the benefits of each giving those who deploy it a platform for long-term protections and scaling.

Figure 2: The FireEye Cyber Protection Framework Sees The Right Traffic At The Right Time

FireEye protects against cyber-attacks and malware. Gigamon scales and optimizes those protections by aggregating high-bandwidth traffic and intelligently filtering it to multiple FireEye appliances.

The joint solution results in:

• Better malware detection through broader traffic visibility
• A reduction in detection and response time by expediting access to traffic
• Extension of malware detection to traffic flowing among virtualized servers
• Inspection of SSL encrypted traffic for embedded malware
• Reduction in deployment and management costs of an advanced protection framework
• Less disruption in both the scaling and deployment of FireEye protections

Gigamon’s security delivery platform makes the deployment of FireEye enterprise-wide, more cost-effective both in the initial investment and for the long term. Customers can extend the benefits of the security delivery platform to other security tools and applications that connect to it essentially multiplying the gains from the initial investment each time the customer adds security devices and technologies.