Gigamon Deep Observability Pipeline

Supercharge your observability tools with actionable network-level intelligence to realize the transformational promise of the cloud.

LEARN MORE

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

TRAFFIC INTELLIGENCE

From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

OVERVIEW

GET SUPPORT

VÜE COMMUNITY

voice of the customer

Gigamon serves the world's more demanding enterprises and public sector agencies, enabling them to harness actionable network-level intelligence to amplify the power of their cloud, security and observability tools.

CUSTOMERS

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility

 

Five9

Five9

Delivers Cloud-Powered Contact Center Excellence

DoD

Department of Defense

Confidently feeds different tool sets in the physical and virtual world.

 

Resource Library

Your one-stop hub to explore content resources and stay current on the latest in how to amplify the power of your cloud, security and observability tools.

RESOURCES

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

deep observability

Observability is Key to Transformation

Unleash cloud potential with deep observability.

ebook

Deep Observability eBook

Take your security and observability tools to a whole new level.

WHY GIGAMON

Gigamon offers an advanced deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of your cloud, security and observability tools.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Unseen Threats Can Lurk in Your Midst

Deep observability exposes previously unseen threats.

GPTW

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Cloud / November 28, 2017

NetFlow in the Cloud

Diana Shtil  

Organizations are going through a digital transformation at a very fast pace. As a result, more data is flowing throughout their infrastructures – both on-premises and in the public cloud. Security tools have difficulty keeping up with the influx of data and enterprises face heightened risk of security breaches, which can have severe consequences to reputation and brand.

One way to gain insight into all the data flowing over networks is to summarize the traffic flows traversing the infrastructure. NetFlow/IPFIX generation is a popular way to do this on-premises; it offers a way to summarize network traffic in the form of “flow records.” NetFlow and IPFIX are powerful technologies that are used by both security operations (SecOps) and network operations (NetOps) teams today. In fact, a large ecosystem of security and monitoring tools, including many SIEMs, readily understand the format of NetFlow and IPFIX records.

Today, we are debuting NetFlow/IPFIX Generation on the Gigamon Visibility Platform for Amazon Web Services (AWS). With this new capability, enterprises can gain access and analyze relevant data in the cloud to protect themselves from inbound distributed denial of service (DDOS) attacks, data exfiltration and other security threats. An especially important attribute of NetFlow is its ability to reduce the amount of data transferred by up to a whopping 99 percent. If these flow records are being sent to an analyzer that is located in a different region or sent from AWS to on-premises, the data reduction can lead to some significant cost savings.

Think of NetFlow or IPFIX as the equivalent of a phone bill that summarizes the different phone conversations you may have had in the past month – for example, who you called, who called you, the area code and country code of the other party or the duration of the conversation. Likewise, a summary of all the traffic flows in virtual private cloud (VPC) instances is especially useful in security analysis when deviations from normal behavior could be the early smoke signal to alert a security team of potential security incidents.

NetFlow allows a pragmatic way to sift through voluminous data and extract essential information about the nature of interactions happening in a VPC:

  • Information on source and destination of network traffic flows.
  • Statistical information about such traffic flows.
  • Flow details, such as protocol information, class of service, causes of congestion.
  • Application-level insights.

NetFlow/IPFIX capabilities allow enterprises to deliver relevant, summarized data to security and monitoring tools so that they consume the right data needed for incident analysis. To use NetFlow/IPFIX in security analysis, it is vital to support unsampled NetFlow – that is, security teams must have the ability to generate a NetFlow record for every flow seen. Just as a surveillance camera is useless if it is taking a snapshot every few minutes, sampled NetFlow, which generates a flow record for only a sample of traffic, is insufficient for security analysis.

The Gigamon Visibility Platform for AWS supports unsampled NetFlow record generation, thereby ensuring that flows are not missed. An effective way to gain good insight is by using the NetFlow/IPFIX record generation capability in combination with full traffic capture. In other words, use flow records to identify anomalous patterns and full traffic capture to “zoom in” on those specific flows.

If you are an AWS user wondering how this is different from VPC Flow Logs, there are several ways you can use the NetFlow/IPFIX flow record generation capability to augment what you may already be doing today with VPC Flow Logs:

  • The Gigamon Visibility Platform generates flow records for any Flow records on Dynamic Host Configuration Protocol (DHCP) traffic? Yes! Traffic to the Amazon Domain Name System (DNS) server? Amen! Traffic to your default VPC router? Si!
  • NetFlow and IPFIX formats are recognized by a broad range of tools used by SecOps and NetOps practitioners. The Gigamon Visibility Platform can generate flow records in NetFlow v5, NetFlow v9 and IPFIX format. Plug and play – just send the flow records to a tool that understands NetFlow/IPFIX and you are off to the races. We have already validated interoperability with Plixer Scrutinizer, Splunk ES, Cisco Stealthwatch, Kentik and NtopNG to name a few.
  • Cloud operations and SecOps engineers are often tasked with finding the root cause of an incident or task that is difficult to explain. In such situations, the ability to use NetFlow/IPFIX for gaining broad insight into the infrastructure coupled with full traffic capture for deep insight on a subset of flows provides a powerful set of capabilities for operations teams. The Gigamon Visibility Platform for AWS supports both these capabilities – all in a common platform – and can dynamically service chain multiple like capabilities to maximize effectiveness.

To learn more about NetFlow/IPFIX Generation for AWS, please read our press release and check out our Visibility Platform for AWS or come visit us at AWS re:Invent 2017 during our partner theater session “Gain Application and Security Insights using NetFlow and Metadata with Gigamon Visibility Platform for AWS” at either of the following times:

  • Tuesday, November 28, at 1:15 p.m. PST
  • Wednesday, November 29, at 1:15 p.m. PST

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Hybrid/Public Cloud group.

Share your thoughts today

  • © Gigamon 2024
Back to top