Networking / March 27, 2020

Yes, You Can Run Fast and Stay Secure During Uncertain Times

These are unprecedented times. Organizations are being forced to face a new normal — work-from-home (WFH) — for all but a handful of essential functions. And this change has happened almost overnight. From an IT perspective, it is important to recognize that this rapid shift will stress both infrastructure as well as applications:

  • On the infrastructure side, networking infrastructure including VPNs, WAN links and so forth were never designed for the entire staff to function as a remote workforce. Infrastructure is pushed to its limits as many organizations are mandating that all their employees work from home. IT teams are being pressured to rapidly increase as well as reallocate capacity to accommodate this paradigm shift.
  • On the applications front, web applications, workforce collaboration tools, unified communication solutions are all being pushed to their limits as everyone is heavily using these applications to stay connected, stay informed and continue to do their jobs. News channels, online banking websites, online e-commerce sites, cloud-based collaboration tools and many other online services are feeling the brunt of this sudden and massive surge in usage due to this working paradigm shift. Additionally, the fear of lockdown and the ensuing need for constant updates, communications or simply a way to keep oneself occupied is further driving usage of many web and online applications.

This stress on infrastructure and applications teams is taking place in two dimensions:

  1. Business Agility Through Rapid Scaling: As mentioned above, certain aspects of infrastructure and applications are facing scaling challenges, perhaps at unprecedented levels. The sudden and rapid shift to WFH has left IT teams with little time to scale their remote access infrastructure. Applications teams are feeling the scaling pinch too, as web applications and cloud services are being tested to their limits. Financials, news and broadcasting, cloud collaboration solutions, online gaming and healthcare, among others, are all feeling the pressure to suddenly and significantly scale their applications to deal with the significant increase in the number of users and the frequency of their usage — and equally important, ensuring that as they scale capacity virtually overnight, the user experience stays good. Having this agility to be able to scale without compromising user experience is providing an unfair advantage to some organizations today.

  2. Working with Budget Uncertainties: As the economy in many dimensions slows to a crawl, organizations are already planning for a potential recession. Travel, entertainment, service industries are all being severely impacted, and the trickle effect of this on the broader economy is something that all organizations are planning for in the form of budgets cuts and spending constraints. IT and applications teams are particularly feeling the impact of this as they are being asked to scale up without scaling their resources — the need to do more with less has never been more pressing than now.

Gigamon solutions can help organizations run fast, stay secure in these challenging times and help mitigate many of the above challenges. Gigamon Visibility and Analytics Fabric™ provides several capabilities that directly help address the above challenges: 

  1. As applications are being rapidly scaled up and new applications are being rapidly developed and deployed to address new demands and needs, the Gigamon Application Intelligence framework provides the capability to quickly identify specific applications and monitor their usage — whether for performance reasons or monitoring user experience. With more than 3,000 pre-defined applications and more than 5,000 application metadata elements out of the box, and the ability to add and identify custom applications, the Application Intelligence capability provides a quick way to ascertain whether the efforts to scale up an application are yielding the desired results. Feeding the specific application data streams and metadata from the Gigamon platform to any one of our several technology alliance partner tools that are focused on application performance monitoring provides a great solution to quickly troubleshoot, monitor and manage applications as capacity is being quickly ramped up or as new applications are being stood up to address the new normal of WFH.

  2. The Gigamon ThreatINSIGHT™ solution provides a simple, easy-to-provision, cloud-based approach to detecting threats and quickly getting to root cause without requiring too many resources. ThreatINSIGHT provides detection of high-severity, high-confidence threats and a simple click-down approach to investigating the root cause of the threat going back several weeks to all incidents leading to the threat. The ensuing streamlining of workflow significantly speeds up time to containment while reducing overhead. Pointing ThreatINSIGHT to ingress/egress links and behind VPN concentrators provides a quick targeted approach to increasing threat hunting capacity while increasing infrastructure capacity, with little to no overhead.

    In parallel, Gigamon TLS solutions provide the ability to investigate encrypted traffic or extract metadata from encrypted traffic. When used in conjunction or independently from ThreatINSIGHT, Gigamon TLS solutions can significantly reduce the load on other tools, centralize the TLS decryption capabilities across multiple tools and shine visibility into blind spots. As credential compromise is becoming increasingly common in these times, being able to look into encrypted traffic to and from applications can be important to realizing whether application and data access is legitimate or illegitimate, even as application capacity is being dynamically increased, applications are being quickly re-architected and new applications are being spun up.

    Additionally, where organizations are using solutions like Splunk or other SIEMs for compliance or for active security monitoring, feeding application metadata from the Gigamon platform into SIEMs can be a powerful way to help ensure compliance while bringing new applications and capacity online. A key benefit of leveraging the Gigamon platform for feeding application metadata to SIEMs is that you can be surgical about what data to send into the SEIMs (meaning you can control your SIEM costs well), you can do this reliably without having to touch multiple applications or without having to enable logging on different servers or controllers, and you won’t have to worry about potential compliance failures or inadvertent blind spots when other developers or other parties change the logging levels or application tracking while rapidly modifying applications.

    Lastly, the Zero Trust framework continues to be a critical model for securing in this climate. In this blog, I’ve outlined approaches to unifying security around the Zero Trust architecture.

  3. The Gigamon Visibility and Analytics Fabric, with its patented Flow Mapping® technology, provides a way to scale up monitoring tool capacity without scaling up costs. By selectively sending only relevant traffic to network-based monitoring tools — be it for performance monitoring or security — existing tool capacity can be increased without adding more tools or significantly increasing cost. Solutions like de-duplicating traffic before forwarding to monitoring tools provide a powerful way to reduce how much traffic is sent to tools, without any consequent loss in fidelity, thereby increasing monitoring capacity significantly while keeping costs contained.

    Additionally, adding more tools does not require scheduling maintenance windows or downtime — which in these times is critical. Simply tapping any new links or network segments when increasing capacity and feeding that traffic to Gigamon ensures that tools behind Gigamon get immediate visibility into that increased capacity. For example, if adding any new WAN links for resiliency or capacity, simply tap those and feed the traffic into the Gigamon fabric. The tools behind Gigamon can get immediate access to all traffic on those new links. No need to purchase new tools just to cover the additional links. If the tools are running at capacity, leverage Flow Mapping and De-duplication to free up capacity on those tools, as new WAN links or internal capacity comes online.

These are just some of the capabilities and benefits of Gigamon Visibility and Analytics Fabric, and how they can be leveraged in these trying times to control costs, monitor applications and infrastructure as capacity is rapidly increased, and still maintain a good security posture.

With some strategic thinking, a good partner and a good set of solutions, together we can help make life a bit easier for IT, InfoSec and applications teams. Gigamon is committed to being a good partner to our customers and helping our customers run fast and stay secure in these trying times.

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.


People are talking about this in the Gigamon Community’s Working from Home group.

Share your thoughts today

Back to top