Cloud / November 16, 2017

Zendesk: SOC-Compliant in AWS with Gigamon Visibility Platform

Organizations are migrating more applications to public cloud IaaS to take advantage of economies of scale, cost savings and resiliency. Yet, the challenge is deploying an effective security and monitoring strategy; what worked in the on-premises world does not always work in public cloud IaaS. One company that faced this dilemma was Zendesk, who turned to Gigamon to provide a visibility platform to identify and mitigate threats in Amazon Web Services (AWS).

Founded in 2007, Zendesk develops customer service software that helps enterprises improve customer relationships through higher consumer engagement and insight. Already using Gigamon in the on-premises world, Zendesk wanted to extend the same visibility and traffic intelligence capabilities to their AWS workloads.

Zendesk currently runs Cisco Firepower Threat Defense Virtual (FTDv) in AWS and wanted to have a consolidated method for acquiring and distributing traffic. The Gigamon Visibility Platform for AWS was appealing for the following reasons:

  • No need for multiple agents
    Agent overload increases EC2 CPU utilization, forcing Zendesk to build out larger EC2s, driving up cost and complexity. The Gigamon Visibility Platform for AWS was appealing because of the lightweight G-vTAP agent. The Gigamon agent minimizes agent overload, as only one agent is required per EC2. There is also no need to constantly redesign the AWS infrastructure when new tools are added as applications scale out. Finally, the G-vTAP agent supports application scalability; as applications scale out due to demand, the agent scales out as well.
  • Deliver optimized traffic to security tool
    Zendesk did not want to overload their security tools with all network traffic. The Gigamon Visibility Platform for AWS includes the GigaVUE V-Series, visibility nodes that optimize and disperse selected traffic to security tools either in another tool tier in AWS, or backhaul to on-premises.

For their deployment, Zendesk is using NGINX load-balancers, which sit in front of the web servers in AWS. The Visibility Platform acquires traffic from NGINX and then sends it to the visibility tier in AWS to optimize traffic before distributing selected traffic to FTDv, which is also located in a tool tier in AWS, like the diagram below:

With Gigamon, Zendesk can take advantage of some immediate benefits. First and foremost, Zendesk is now SOC-compliant in AWS. This is an very exciting feat as the company is effectively reducing risk and the chance of a security breach across their AWS infrastructure. Secondly, Gigamon enables Zendesk to accelerate the migration of mission-critical workloads to AWS.

To learn more about the Gigamon Visibility Platform for AWS, please read our product brief. If you want to try out the Visibility Platform for yourself, check out our test drive.

Back to top