• Products
    Products
    • ACCESS TRAFFIC
      ACCESS TRAFFIC
      • Physical Nodes
      • Virtual Nodes
      • TAPs
      • Traffic Aggregators
    • MANAGE & AUTOMATE
      MANAGE & AUTOMATE
      • Fabric Management and Automation
    • OPTIMIZE TRAFFIC
      OPTIMIZE TRAFFIC
      • Application Intelligence
        Application Intelligence
        • Application Filtering
        • Application Metadata
      • Subscriber Intelligence
        Subscriber Intelligence
        • FlowVUE
        • GTP Correlation
      • Traffic Intelligence
        Traffic Intelligence
        • NetFlow Generation
        • SSL Decryption
    • DETECT & RESPOND
      DETECT & RESPOND
      • Gigamon ThreatINSIGHT
  • Solutions
    Solutions
    • SOLUTIONS FOR
      SOLUTIONS FOR
      • Network Operations
      • Security Operations
      • Cloud Operations
      • Service Providers
    • I WANT TO...
      I WANT TO...
      • Improve Performance
      • Optimize Network Change
      • Send Traffic to the Right Tools
      • Improve On-Premises Security
      • Secure the Public Cloud
      • Accelerate Threat Response
    • INDUSTRY
      INDUSTRY
      • Federal
      • Financial Services
  • Partners
    Partners
    • FIND A PARTNER
      FIND A PARTNER
      • Technology Partners
      • Reseller Partners
      • Support and Professional Services Partners
      • Partner Locator
    • NOT A PARTNER?
      NOT A PARTNER?
      • Become a Partner
    • ALREADY A PARTNER?
      ALREADY A PARTNER?
      • Partner Portal Login
  • Support
    Support
    • OVERVIEW
      OVERVIEW
      • Support and Services
      • Policies
      • Warranty
    • GET SUPPORT
      GET SUPPORT
      • Contact Support
      • Education Services
      • Professional Services
    • COMMUNITY
      COMMUNITY
      • Discussion Forum
      • Collaboration Groups
      • All Content
  • Customers
    Customers
    • CUSTOMERS
      CUSTOMERS
      • View All
  • Resources
    Resources
    • RESOURCES
      RESOURCES
      • Resource Library
  • Company
    Company
    • IN THE NEWS
      IN THE NEWS
      • Blog
      • Events
      • Newsroom
    • COMPANY INFORMATION
      COMPANY INFORMATION
      • About Us
      • Careers
  • Login
    Login
    • Community
    • Partner Portal
  • EN
    EN
    • English
    • Français
    • Deutsch
    • 日本語
    • 한국어
    • 简体中文
  • Contact Us
logo
Products Solutions Partners Support Customers Resources Company
Login
  • Community

  • Partner Portal

EN
Language
  • English
  • Français
  • Deutsch
  • 日本語
  • 한국어
  • 简体中文

Network Visibility & Analytics for Digital Innovators

Market-leading network visibility, analytics, and threat detection and response to solve critical performance and security needs.

ACCESS TRAFFIC

Reliably manage, aggregate and control network traffic

  • Physical Nodes
  • Virtual Nodes
  • TAPs
  • Traffic Aggregators

OPTIMIZE TRAFFIC

Automatically extract traffic intelligence and optimize data flow

  • Application Intelligence
    • Application Filtering
    • Application Metadata
  • Subscriber Intelligence
    • FlowVUE
    • GTP Correlation
  • Traffic Intelligence
    • NetFlow Generation
    • SSL Decryption

MANAGE & AUTOMATE

Easily monitor physical and virtual nodes through a single pane of glass

  • Fabric Management and Automation

DETECT & RESPOND

Quickly access real-time network data to accelerate threat investigation

  • Gigamon ThreatINSIGHT

Get Started with Visibility

The market-leading full-stack visibility solution to access and aggregate network data from a single, integrated platform.

LEARN MORE

SOLUTIONS FOR

  • Network Operations
  • Security Operations
  • Cloud Operations
  • Service Providers

I WANT TO...

  • Improve Performance
  • Optimize Network Change
  • Send Traffic to the Right Tools
  • Improve On-Premises Security
  • Secure the Public Cloud
  • Accelerate Threat Response

INDUSTRY

  • Federal
  • Financial Services
insight

Gigamon ThreatINSIGHT

Accelerate threat detection and response

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

  • Technology Partners
  • Reseller Partners
  • Support and Professional Services Partners
  • Partner Locator

NOT A PARTNER?

  • Become a Partner

ALREADY A PARTNER?

  • Partner Portal Login
app metadata

Metadata Empowered Partner Program

Deliver the power of metadata to your customers.

Proven Support and Services

Our global support team is commited to creating experiences of unmatched quality, scalability and efficiency.

MY GIGAMON

OVERVIEW

  • Support and Services
  • Policies
  • Warranty

GET SUPPORT

  • Contact Support
  • Education Services
  • Professional Services

COMMUNITY

  • Discussion Forum
  • Collaboration Groups
  • All Content

Customer Success

Our global customers are empowered to transform their businesses and innovate with the power of pervasive network visibility and analytics.

CUSTOMERS

  • View All
black-hat

BlackHat

Increase the efficiency of security tools while lowering costs.

 

black-hat

FireEye

Take troublesome tools offline with inline bypass.

black-hat

Under Armour

Visibility at scale with state-of-the-art security architecture.

Resource Library

Your one-stop hub to explore content resources to stay current on the latest in network visibility and analytics.

RESOURCES

  • Resource Library
comparison

Comparison Chart

Gigamon Products: GigaVUE TA Series and GigaVUE HC Series

 

ihs

IHS Markit Report

Gigamon is the leader for the sixth consecutive year.

webinars

Featured Webinars

Hear from our experts live or on demand.

 

WHY GIGAMON

We are the first company to deliver, in a single platform, network visibility and analytics across all seven OSI layers, solving for critical performance and security needs.

 

IN THE NEWS

  • Blog
  • Events
  • Newsroom

COMPANY INFORMATION

  • About Us
  • Careers
atr

Gigamon Applied Threat Research Team

Securing our customers with leading-edge threat research

FREE TRIALS CONTACT SALES
SORT BY CATEGORY
All
|
Networking
|
Security
|
Trends and News
|
Virtual and Cloud
  • SORT BY CATEGORY
    • All
    • Networking
    • Security
    • Trends and News
    • Virtual and Cloud

Home » Security » Top 3 Common Pitfalls That Hurt Your Network Security

Top 3 Common Pitfalls That Hurt Your Network Security

Dr. Vincent Berk, Co-Founder and CEOOctober 11, 2016

The days of fire-and-forget network security may be far gone, but the fog around “active defense” is still very thick.   This article outlines the three most common mistakes companies make when standing up a cyber-hunt capability.

1.) Failure to recognize security as a human game.

Computers don’t hack computers.  People hack computers.  It is a human on the other end who tries to steal your data, deface your website, or ruin your reputation.  When your defensive capability is focused on building static defenses and responding to incidents, you will find yourself falling far short.

More specifically, risk assessments, firewalls, email scrubbers, and access control devices are only static defenses.  They are walls you build around your land to keep the bad guys out.  But when you build a wall, the bad guy will adapt by learning how to go over, under, or around it.  The game is highly dynamic in nature.  Your security architects will assess the landscape and place defenses, but how will they know if the defenses are working?

Cyber hunters are skilled individuals whose sole task it is to seek, discover, and track the bad guys in and around your network.  They build “case files” of: who is trying to get in, what they are trying to do, what techniques they are using, and, most importantly, what assets they have already compromised.  Only when all the evidence has been collected is it the right time to shut down a hacker!

2.) A cyber hunter does not need “write” access to your network.

A cyber hunter is not an incident responder.  You should not be replacing your incident responders with cyber hunters, and you should not task your incident responders with cyber-hunting responsibilities.  Cyber hunters need to collect telemetry, and analyze this telemetry.  They are not the ones to “act.”  The work product of a cyber hunter is a file with all collected evidence and a recommended plan of (counter-)attack.

Considering the seriousness of the threat, cyber hunters should certainly not be acting alone.  The appropriate response to collected evidence of compromise is something that incident responders should be reviewing and implementing.  Since most attackers will quickly gain more than a single foothold in your organization, it is important hunters find them all—before asking the responders to shut an attacker down.

Incident response is very reactive in nature.  Cyber hunting is pro-active and investigative.

3.) Visibility is king.

“Some” telemetry is not enough.  You need all.  Simply collecting log or alert data will leave you completely blind to a smart attacker.  It will also turn your cyber hunter into an incident responder.  Keep in mind that “no evidence of compromise” is NOT the same as “evidence of no compromise.”

It is also important to realize that the data a cyber hunter is going to need tomorrow may not be obvious today.  The better you are able to equip your cyber hunter with visibility, the better your chances of defending your network.  This means collecting packets, collecting logs, collecting NetFlow, and comparing it all to threat intelligence from inside as well as outside your organization.

Collect “all” this as telemetry — meaning:  keep it!  Don’t collect, aggregate, and junk it if no immediate evidence is found.  Instead, keep weeks or even months of forensic history on all your data.  Hunters will often find themselves searching back for things they didn’t know weeks ago.

And finally:  try to keep as much of your telemetry collection “out-of-band” as possible.  The better you shield your data sources, the less likely it is that attackers will be able to get to them.  Once hackers get into your telemetry, your hunters are blind.

  • Facebook
  • Twitter
  • LinkedIn

Learn More

  • Putting NetOps Back in Control
  • Stronger Security Starts with Network Visibility
  • Stop Managing Tools and Start Securing Your Organization

Current Offerings

  • Live Gigamon ThreatINSIGHT Demo
  • Gigamon ThreatINSIGHT Video Demo
  • Live Gigamon Visibility Platform Demo
  • Gigamon Flow Mapping® Video Demo
  • SSL/TLS Video Demo

Tweets

Gigamon@gigamon·
14 Dec

Gigamon is looking for: Sales Engineer - Northeast
http://app.jobvite.com/m?3EOqQkwx #job

Reply on Twitter 1205670965528666118Retweet on Twitter 1205670965528666118Like on Twitter 1205670965528666118Twitter 1205670965528666118
Gigamon@gigamon·
13 Dec

4 gridiron-inspired tips that can help you achieve #DigitalTransformation success with #data: https://ubm.io/2rkH3Qv @sjbuckley @DarkReading

Reply on Twitter 1205498100980310016Retweet on Twitter 1205498100980310016Like on Twitter 12054981009803100163Twitter 1205498100980310016
Gigamon@gigamon·
13 Dec

Never hurts to have a reminder. http://bit.ly/2l8YDDq #cybersecurity #security #cyberattacks

Reply on Twitter 1205442549617430528Retweet on Twitter 1205442549617430528Like on Twitter 12054425496174305281Twitter 1205442549617430528
Load More...


COMPANY
  • About Us
  • Blogs
  • Careers HIRING!
  • Customers
  • Events
  • Leadership Team
  • Newsroom
  • Offices
GET HELP
  • Community
  • Contact Sales
  • Partner Portal
  • Support & Services
PRODUCTS & SOLUTIONS
  • Application Intelligence
  • GigaSMART
  • GigaVUE HC Series
  • NetFlow Generation
  • Network Taps
  • SSL/TLS Decryption
  • Threat Detection and Response
  • Visibility Fabric Management and Automation
POPULAR LINKS
  • 2019 Cyberthreat Defense Report
  • 2019 IHS Report
  • Crimeware Trends Report
  • Featured Webinars
  • First Step to Visibility
  • Free Trials and Demos
  • Gigamon Product Comparison
  • Network Visibility Guide

  • Terms & Agreement
  • Privacy Policy
  • Cookie Policy
  • ©Gigamon 2019