From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

LEARN MORE

CLOUD VISIBILITY

GET A DEMO

DATACENTER VISIBILITY

GET A DEMO

NETWORK SECURITY

GET A DEMO

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

MY GIGAMON

OVERVIEW

GET SUPPORT

COMMUNITY

Customer Success

Our global customers are empowered to transform their businesses and innovate with the power of complete network visibility and analytics.

CUSTOMERS

ANU

Australian National University

Fosters a safer campus community with Gigamon.

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility.

 

department of defense

Department of Defense

Confidently feeds different tool sets in the physical and the virtual world.

Resource Library

Your one-stop hub to explore content resources to stay current on the latest in network visibility and analytics.

RESOURCES

Network Tool Efficiency Evaluation

Efficient Tools Are Happy Tools

Answer a few questions and get real-time insights.

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

ebook

Deep Observability eBook

Supercharge your tools with real-time, actionable, packet-level intelligence.

WHY GIGAMON

We are the first company to deliver a unified visibility and analytics architecture across your hybrid infrastructure to simplify, secure and scale IT operations.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Supercharge Your Security and Observability Tools

Without deep observability, you're exposed.

Great Place to work

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Uncategorized / May 3, 2016

Cast Visibility Telemetry Deep and Wide, Catch the Most Dangerous Bad Guys

Dr. Vincent Berk | Co-Founder and CEO, FlowTraq Dr. Vincent Berk  

Spotting the most dangerous bad guys on your network takes a deliberate decision to commit resources to catching them.  These resources reflect an investment in visibility, detection, and skilled operators.

For example, when an adversary has infiltrated your network, they will commonly leave backdoors behind in the compromised systems for re-entry at a later time, or as a spring board when working to compromise additional systems in your network.  These backdoors are network services that should not normally be operating on your network.  FlowTraq is designed to detect these new services and alert you to them — but only when there is sufficient visibility.

Networks that only collect telemetry such as NetFlow or sFlow at their border points, and nowhere else, can be blindsided once the adversary is inside.  Also, keep in mind that the most skilled threat is a trusted insider already knowledgeable about your network and its assets.  To detect this kind of lateral movement, deploying visibility telemetry deep and wide across subnets is absolutely critical.  As networks grow, the management of this visibility infrastructure can be tedious.  Gigamon greatly reduces this burden, allowing your analysts to focus on finding bad guys instead.

Incidentally, the most dangerous type of bad guy is also the one who is hardest to find.  Adversaries that have both time and skill, who specifically target your organization, will be cautious not to reveal themselves.  Their motives — espionage or sabotage — drive their actions, and they will carefully move laterally through your network.  This may involve connecting to local databases or files shares from compromised systems, or moving data over subnets using any number of protocols.  Again, FlowTraq can only spot this behavior if you’re feeding the telemetry collected from locations inside your network.  Visibility is prerequisite to detection.

The art of actively seeking and eliminating intelligent and motivated adversaries on your network is called “cyber hunting”.  A skilled cyber hunter will seek to first understand the adversary completely before shutting him/her down.  This is very important: a skilled bad guy will assume he/she is being watched, so shutting them down at the first sign of malicious activity simply tips them off, allowing them to change tactics.

Always assume the adversary already has gained a wide foothold in your network, even before you’ve discovered the first piece of evidence.  To make sure they are gone, and stay gone, the advanced skilled adversary must be shut down across the board, with every foothold eliminated.  Having broad and deep visibility is critical here.  It allows the cyber hunter to quickly map out how far the bad guy has managed to come.  Remember that time is of the essence once the bad guys are in!

FlowTraq and Gigamon have enabled many cyber hunters by offering powerful detection and forensics through widespread visibility.  Don’t be blindsided.

COMPANY
GET HELP
PRODUCTS & SOLUTIONS
POPULAR LINKS
  • ©Gigamon 2022
Back to top