From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

LEARN MORE

CLOUD VISIBILITY

GET A DEMO

DATACENTER VISIBILITY

GET A DEMO

NETWORK SECURITY

GET A DEMO

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

MY GIGAMON

OVERVIEW

GET SUPPORT

COMMUNITY

Customer Success

Our global customers are empowered to transform their businesses and innovate with the power of complete network visibility and analytics.

CUSTOMERS

ANU

Australian National University

Fosters a safer campus community with Gigamon.

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility.

 

department of defense

Department of Defense

Confidently feeds different tool sets in the physical and the virtual world.

Resource Library

Your one-stop hub to explore content resources to stay current on the latest in network visibility and analytics.

RESOURCES

Network Tool Efficiency Evaluation

Efficient Tools Are Happy Tools

Answer a few questions and get real-time insights.

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

ebook

Deep Observability eBook

Supercharge your tools with real-time, actionable, packet-level intelligence.

WHY GIGAMON

We are the first company to deliver a unified visibility and analytics architecture across your hybrid infrastructure to simplify, secure and scale IT operations.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Supercharge Your Security and Observability Tools

Without deep observability, you're exposed.

Great Place to work

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Security / December 1, 2015

The High Performance Security Delivery Platform

Allen Hebert  

Updated October 28, 2021.

The week of November 16th was a busy one.  As I wrote in my previous blog, I was a part of SCinet security team at SC15 in Austin, TX and on Monday we finished 3 weeks of work to bring the network up and while my SCinet security coworkers used the monitoring tools to keep the network safe during the conference, I worked the Gigamon booth on the show floor and visited with current and future Gigamon customers who were either exhibitors or attendees at SC15. SCinet-Rack

What is a Visibility Fabric?

During my time in the Gigamon SC15 booth, I was asked quite often what our product does?  Some think we are a part of the network infrastructure, and many times we are when our inline solution is deployed, but we are not a Firewall, server load balancer, switch or router.  Others think that we do data analytics, but we are not a malware detection, intrusion detection or prevention, SEIM, Data Loss Prevention, Application Performance Management or Network Performance Management tool.  After I tell them that we don’t do any of these things, then they ask, well what do you do?

We provide a high speed, reliable, configurable pipeline to all of areas of your computing infrastructure where you desire to see the traffic flowing across your network.  Think of it like being in a large room with multiple obstructions preventing you from seeing all areas of that room.  If I stand in one part of the room I can clearly see what is going on around me, but I have limited visibility into the entire room due to obstructions or people standing in the way.  I can observe and attest to what is going on in the area where I am currently located, I can even describe the safety and capacity of the area.  But if I wish to see into other areas, I will need to setup some sort of video camera and a local monitor to provide me with additional visibility.

Representation of the working of a network visibility fabric. A visibility network is pretty similar to the example I provided above.  The security or network performance tool is me standing in the room and can only see the traffic where it is plugged into the network.  In order for that tool to see any other part of the network (room) it needs remote data gathering instruments (TAPs or SPANs) to see the other parts of the network.  If you don’t setup remote data gathering devices then you won’t have visibility to that part of our computing environment.

Most Security, Application and Performance management tools today thrive on access to the actual traffic that is flowing through your network.  The more packets you get to these tools the better analysis they will provide.  Gigamon is the means to get your tools the visibility they need.

Visibility is Key to Security

Being able to see the traffic traveling across your network is key to detecting malicious activity.  Maybe you don’t need to see all parts of your network, so just setup monitoring for those areas of your network where the interesting traffic is traveling across.  Most security and network managers would agree that the links to the Internet should be monitored and the second most common area is your data center.  A good way to determine where to setup your TAPs or SPANs is ask yourself where your traffic flows and secondly, where are my most valuable assets located.  That is where you should be watching.

You can’t protect against what you can’t see.  I may have some outstanding security tools, but unless they get a copy of network traffic from the key areas of my network, they won’t be able see if a malicious actor is trying to steal the valuable information.

The other major threat to visibility is encryption.  While encryption is a very useful technology that protects our valuable data from prying eyes, anything that is used for good can also be used for ill.  Hackers are increasingly using encryption methods to hide their activities within your network.  Having the ability to decrypt encrypted traffic in your network is a valuable tool to consider adding to your security delivery platform.

Security Doesn’t Have to Affect Performance

The number one reason why many network and computing professionals resist adding security measures to their network is that they believe it will adversely affect their ability to get their job done or it will degrade the performance of the computing network and thus impacts their end users.

During a time of employment at a major computer manufacturer and software development company, I recall many times when a fellow employee in the company would decide that they wanted to check out the new version of our network management tool and since it was available as a free download to all employees, it would be downloaded and installed.  Then during the initial configuration, the tool would  discover the topolgy of the network, which would interrogate every router and switch asking for SNMP data and for the names and addresses of all routers or switches that router or switch knew of.  This single action would bring the network down.

Luckily great strides have been made to prevent a monitoring tool from interfering in the network it is supposed to be helping.  In the SCinet network at SC15, Gigamon provided a critical component of the security monitoring of the network.  The Gigamon visibility fabric acts as a shield to keep the security tools from impacting the performance of the network.  Through the use of four 100 Gig TAPs, thirty two 10 Gig TAPS and one SPAN port, Gigamon obtained a copy of the traffic flowing across all links from the show floor (also known as the commodity network) to the network core as well as the links to the Internet providers.  Based on the path of the movement of data through the SCinet network infrastructure, the data flowing across these links provided the Reservoir Labs RSCOPE Bro servers and the Dell Firewall Sandwich with all the data necessary to  monitor the security of the network. watching-cat
SCinet-Security Data Flow - How Gigamon Visibility Fabric Delivers the right traffic to the right monitoring tools. The security tools received data that was deduplicated (ensuring only one copy of a given packet made it to the tool) and on selected links, we selected only IPv4 and IPv6 packets and dropped everything else.  We replicated the stream of data and sent an identical copy to the Reservoir Labs Bro servers and the Dell Firewall Sandwich.  Since there was such a large amount of traffic to be analyzed, we load balanced the single stream of data across 24 interfaces on the six Reservoir Labs Bro servers and 12 interfaces on the 6 Dell Sonic Wall Super Massive Firewalls.

Each year one of the most powerful networks in the world, SCinet, is designed to be very fast and support high performance computing for one week out of the year.  Ensuring that SCinet is used for its intended purposes and not compromised or used for illegitimate purposes is an essential task.  The SCinet security team did an amazing job pulling together the best products and the best engineers to accomplish this goal without sacrificing performance.  Looking forward to doing it again next year.

RELATED CONTENT

REPORT
2022 Ransomware Defense Report
GET YOUR COPY  Go
WEBINAR
Unlock Ultimate Hybrid Cloud Security: Join Nutanix for Insights
WATCH ON DEMAND  Go
REPORT
2022 TLS Trends Data
DOWNLOAD REPORT  Go
WEBPAGE
Suddenly, Ransomware Has Nowhere to Hide
TAKE A LOOK  Go
COMPANY
GET HELP
PRODUCTS & SOLUTIONS
POPULAR LINKS
  • ©Gigamon 2022
Back to top