Overcome Cloud Pain Points with Hybrid Traffic Intelligence

Migrating to the cloud is enticing given the agility, endless scalability, and potentially lower total cost of ownership (TCO) of infrastructure as a service (IaaS). Handing off operational burdens allows you to concentrate on building your business and accelerating time-to-market for revenue-generating products and services.

Not being tied down with provisioning and configuring routers and switches or security “of the cloud” headaches are a big help. But the move to the cloud is not a panacea. After all, many, if not most, of the issues faced on-premises follow you to the cloud. Here are just a few of the challenges you may encounter:

• Managing modern cloud-based applications requires visibility at not only the network and packet levels, but also at the application level
• Gaining insights into East-West traffic to understand traffic flows and avoid blind spots
• Offloading security and monitoring tools from needless processing and superfluous traffic to maximize their effectiveness with reduced scaling
• Ensuring automation of dynamic environments with orchestration tool API integrations to minimize manual efforts, reduce OPEX, and accelerate placing new workloads into production
• Obtaining comprehensive metadata generation, not just NetFlow, from sampled packets
• Backhauling traffic when tools are on-premises, without breaking the bank

Holistic Visibility Is a Prerequisite for Success

At the top of the list is visibility — meaning acquiring, analyzing, and distributing all pertinent traffic, regardless of how it is generated, including managed or unmanaged devices, and from any location — even across cloud platforms. Without visibility you can’t ensure proper security and performance. Tools responsible for these critical tasks must have access to all network packets and application data, including East-West, between individual VMs on monitored servers, and between container pods on worker nodes. Log data, such as from VPC Flow Logs, is insufficient for content inspection because packet payloads are not included and are unreliable as the source of truth because the source of the log data may be compromised, and the log content varies from different elements and services.

Obtaining packet-level details is critical, as malware hides in packets; logs do not convey much of what security tools require. Similarly, while IaaS vendor offerings, including AWS CloudWatch and Azure Network Watcher, offer the ability to trigger packet capture on specific events, this is primarily for troubleshooting only and is reactive. Mirroring packet data requires ultra-granularity involving internal and customer-facing applications and workloads in development, test, and production environments.

Historically, administrators have been forced to rely solely on native traffic mirroring services or elaborate tool-specific agents to acquire and send raw packets directly to their security and monitoring tools. The result is complex network designs, excessive bandwidth and processing usage, tool contention for traffic access, overwhelmed tools that lose effectiveness, and needless scaling. IT is limited in its ability to analyze network traffic, customer experience, and application/flow information and have difficulties evaluating infrastructure and application health. Newer observability vendors claim they provide this information, but not at the workload level nor with the advanced metadata attributes necessary to highlight and solve some problems.

Cloud Vendors Ensure Security, Right?

Well, sort of. Cloud infrastructure vendors protect the compute, storage, database, and network elements. Applications, customer data, identity and access management (IAM), firewalls, and more are up to you to secure. Cloud-native security services commonly deployed in the public cloud include IAM, security groups, logs, and web application firewalls (WAF). But these have limitations:

• IAM: Once an attacker has successfully hacked credentials, they won’t need to undertake noticeable activity that gets alerted by cloud dashboards; they could sit there silently and do just enough to not trigger any alerts. The time to detection in this case is many weeks or months.
• Security groups: Despite opening access to necessary ports only, security group configurations have no application context and no visibility into higher layers (beyond L4). Attacks could happen on those ports in the application layer and could result in malware being deployed or data exfiltrated.
• Logs: Logs convey only high-level metrics about conversations and application access points; You’ll know who communicated with whom but won’t have a record of what the communication was about. No packets or payload are included. In case of silent attacks where attackers use the infrastructure and try to operate within limits of threshold violations, logs are of no help.
• WAF: Cloud-native WAFs are very limited in their functionality when compared to industry-leading WAFs, and protect apps only from the OWASP top ten attacks. They are also somewhat of a black box with lack of access to the SecOps teams, which increases their risk of use.

To accelerate the identification of security breaches, troubleshoot, and remediate, something else is needed.

Gigamon Hawk Shines the Light of Truth on All Data in Motion

CloudOps, DevOps, and SecOps must ensure an effective security and network posture in the hybrid cloud, and GigaVUE® Cloud Suite™, part of the Gigamon Hawk Visibility and Analytics Fabric™ (VAF), is the solution.

Gigamon provides an intelligent network traffic visibility platform that automatically acquires, optimizes, and distributes selected traffic to various on-premises and cloud-based tools, increasing security, operational efficiency, and scale across multiple zones and clouds. This enables enterprises to extend their security methods to IaaS while assuring compliance and decreasing the time required to detect threats to mission-critical applications.

Hawk Helps Solve Challenging Cloud Use Cases

The visibility and analytics derived from a Hawk deployment enable you to overcome a broad array of issues, including many you may not have realized you had.

Rather than turn this blog into a 15-part series, we’ve put the information into a whitepaper you can download and read — Solve Challenging Cloud Use Cases with Gigamon, which provides insights into these topics:

Comprehensive Visibility

• Visualize all cloud workload traffic
• Multi-cloud vendor deployments
• Ensure inter-VPC/intracloud visibility
• Generation of NetFlow in the cloud

Ensuring Security and Compliance

• Securing confidential data transmissions
• Anomaly detection without raw traffic
• Cloak internal resource identification

Flexibility and Ease of Deployment

• Send traffic to on-premises and cloud-located tools
• Support any cloud migration strategy
• Multiple tool support
• Automated scalability

Cost Effectiveness

• Simplified traffic acquisition — prevent agent sprawl
• High-capacity processing for demanding workloads
• Support native traffic mirroring service at scale
• Improved tool capacity

For extra credit, learn how application-level visibility takes Hawk into orbit. Read the use case briefs for Application Metadata Intelligence and Application Filtering Intelligence. To learn more about Hawk, visit Gigamon. Better yet, request a live demo.