Security breaches are on the rise, both on-premises and in the public cloud. As a result, organizations need to be able to conduct deep network forensics and rapid incident response no matter where their data or workloads reside. Together, Gigamon and ProtectWise deliver pervasive visibility, automated threat detection and unlimited forensic exploration, securing workloads in enterprise, cloud or hybrid environments.
The infrastructure as a service (IaaS) segment is projected to grow at 36.8 percent in 2017. According to Gartner, this growth is driven by businesses migrating their mission-critical applications and compute-intensive workloads to the cloud. However, one of the biggest concerns for organizations transitioning to the public cloud are the lack of visibility and forensic capabilities that exist on legacy network security products.
Using legacy approaches to secure workloads in the public cloud typically requires a complete re-architecture of the existing cloud application stack to insert security instances inline. They need additional layers of security appliance instances and load balancers to achieve high availability, which can reduce performance and uptime, and increase latency. Appliances, even virtualized ones, typically run their own proprietary operating systems and can’t be maintained using standard approaches favored by DevOps.
Legacy appliance instances tend to be silos. Without modern APIs for deep integration into the cloud and orchestration fabric, they encourage appliance instance sprawl as each vendor’s appliance looks at its own narrow view of network traffic. Appliances can be very expensive to run, requiring larger than necessary instances per appliance as they typically analyze network traffic locally instead of moving the analytic workload into a purpose-built cloud platform.
Also, few organizations have fully migrated their workloads to the public cloud. That means any new security product that provides visibility and forensics for workloads in public cloud environments needs to provide the same capabilities for hybrid environments. If it can’t, it becomes yet another one of many security products busy security teams will have to manage.
And let’s not forget stating a well-known fact: Sophisticated adversaries use multi-stage attacks that unfold over long time periods. The average time from breach to detection is 146 days. While logs can be manipulated, the network doesn’t lie. So, security teams with access to historical PCAP data for time periods that exceed this breach detection window are well positioned to uncover APTs. Unfortunately, legacy products are not architected to retain PCAP data for extended lengths of time, even if they are “cloud washed” for deployment in the public cloud.
IT/cloud and security architects are often challenged with ensuring an effective security posture in the cloud and accelerating on-boarding of mission-critical applications to AWS. The Gigamon Visibility Platform delivers network traffic visibility for workloads running in AWS and enables increased security, operational efficiency and scale across VPCs.
With Gigamon, enterprises can maximize application performance by reducing agent overload via a lightweight G v-TAP agent with minimal impact on AWS EC2 CPU utilization. The platform integrates with AWS APIs and deploys visibility tiers in all virtual networks (VPCs) that collect aggregated traffic and apply advanced intelligence prior to sending selected traffic to security tools such as The ProtectWise Grid.
For joint customers, the technical alliance between ProtectWise and Gigamon provides an easy deployment for AWS, as depicted in the figure below. The G v-TAP agent copies network traffic from each EC2 workload instance and sends encapsulated traffic to the GigaVUE V Series. The V Series identifies the appropriate traffic flows within the network, and manipulates and filters that network traffic before delivering it to The ProtectWise Grid for real-time and retrospective analysis. The V Series can also slice or mask sensitive data to ensure compliance before sending it to The ProtectWise Grid.