Chris McKieUpdated October 28, 2021.
This week at Black Hat, you can expect to see a deluge of news relating to the latest hacks and vulnerabilities, as well as many interesting briefing and training discussions, ranging from “Advanced Infrastructure Hacking” to “Windows Kernel Rootkit Techniques.” But, one news item that you may have missed came out on July 21 when Gigamon unveiled the industry’s first Security Delivery Platform.
Coming from a security background, I have to admit that the whole concept of a Security Delivery Platform seemed unusual to me. There’s nothing quite like it, and nowhere in ISC(2) or CompTIA training material is there any substantive content devoted to how do you gain pervasive traffic visibility.
Sure, visibility is something that every security vendor has been talking about for a long time. Some argued that visibility is achieved via a router or switch, while others turn to their favorite next-gen firewall. Bottom line, many of us simply assumed that the visibility challenge was more or less solved. Au contraire.
One of the biggest challenges with dropping security appliances in the network is contention for traffic. Because each device needs access to traffic, as more devices are added, contention bottlenecks arise. This can lead to slower network performance or worse, missed packets for analysis or enforcement. To avoid this, the easy answer is to place multiple appliances “strategically” throughout the network to avoid traffic access contention.
However, an unintended consequence of this approach leads to appliance sprawl. It also leads to one of the bigger problems in security – how to manage a myriad of multi-vendor security appliances. There’s a great research note by Greg Young of Gartner that directly addresses this issue. If memory serves me correct, it states something like 95% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws. If you haven’t read it by now, you should. The point is, adding more and more appliances is a losing battle due to compounding costs, management burdens and increased misconfiguration risks.
So, what is one to do? While security appliances are pretty amazing things these days, they can only act upon the traffic that they see. It follows then that the key to strong security is not dependent on multiple appliances. Rather it is based on getting access of ALL network traffic and simultaneously delivering it to the right security devices for analysis and enforcement. And, this is where a Security Delivery Platform comes into play.
A Security Delivery Platform is exactly what it sounds like. It’s an extensible platform that has pervasive reach and visibility into network traffic. From it, the platform feeds any number of security appliances so that they can do what they do best. This is brilliant, and IMHO, a game changer for security. You can read more about it here in Network World.
For some, a Security Delivery Platform will be seen as a big shift. It requires security professionals to re-think how they deploy their appliances; rather have them sprinkled throughout the network, it posits a new, unified view that streamlines security and helps to mitigate appliance sprawl.
If you are at Black Hat, come by the Gigamon booth #140 and see why a Security Delivery Platform changes everything. And, if you can’t make it, here are some useful links that go into further detail:
- Everything you need to know is here: https://www.gigamon.com/products/technology/security-delivery-platform
- A white paper: “Addressing the Threat Within: Rethinking Network Security Deployment”
- Or this video: https://youtu.be/edi8rixN9vI
In the security world, the only constant is change. With every Black Hat conference, we get to see new hacks, new vulnerabilities, new breaches and new security solutions. This is what makes security exciting and challenging. This Black Hat, you can add one more new innovation to that list, and that’s Gigamon’s Security Delivery Platform.
