Gigamon Brings Deep Observability into AWS Security Lake

AWS is an industry leader in IaaS, with an extensive and worldwide public cloud presence that offers endless scalability, agility, and simplicity for millions of customers. With the launch of Amazon Security Lake, customers can now analyze data across their environment to improve the protection of their workloads, applications, and data.

Gigamon is delighted to be a launch partner for multiple AWS services, including Amazon Security Lake, AWS Gateway Load Balancer as an end point, expansion of VPC Traffic Mirroring to new EC2 instances, and others. In addition to integration with Amazon Security Lake, Gigamon GigaVUE^® Cloud Suite™ for AWS is integrated with AWS NLB and native AWS VPC Traffic Mirroring.

The Gigamon Deep Observability Pipeline Flows to Amazon Security Lake

The Gigamon Deep Observability Pipeline harnesses actionable network-level intelligence to amplify the power of observability tools. Through our Application Metadata Intelligence (AMI) technology, Gigamon provides a bottom-up view of data in motion in on-prem and multi-cloud environments. This gives broad East-West visibility of actual data, protocols, and applications (both known and unknown) in motion, giving NetOps, CloudOps, and security teams full visibility into application traffic running in data centers and public clouds.

In addition to traffic from VMs, with the Gigamon Universal Container Tap, customers can now capture traffic between Amazon EKS pods in their cloud environments and generate lateral forensics on EKS container traffic.

As customers undertake application modernization projects and migrate workloads to cloud, application uptime and security in the shared responsibility model become critical. When an application outage occurs, you can immediately understand if it is network related irrespective of whether the applications are deployed on-prem or in hybrid or multi-cloud environments.

Gigamon AMI can share all attributes from the OCSF schema with AWS Security Lake and observability and SIEM tools, and — as the schema grows — up to 7,000 application and networking attributes, enabling you to troubleshoot issues and reduce MTTR.

Gigamon Application Metadata Exporter supports multiple ingestion methodologies, including CEF, IPFIX, JSON, and Kafka. And with ingestion support now extended to Parquet format, Gigamon can seamlessly send data to Amazon Security Lake. Customers can extract relevant network metadata and share it with their observability and security tools to address multiple use cases, including application performance and application security.

How the Gigamon Advantage Can Help

Gigamon complements observability and SIEM solutions by bringing complete network, application, end-user, and infrastructure observability to hybrid cloud IT landscapes. If an observability or SIEM tool platform detects a customer-impacting problem with an application or any of its dependencies, CloudOps teams can quickly review the application network health for areas such as DNS queries, packet transmissions, and latency in a particular part of the cloud or on-prem.

Conversely, if Gigamon detects compliance issues related to SSL and cipher versioning or security risks related to vulnerable protocols, port spoofing, or crypto mining, these issues can immediately be put in the context of the applications and infrastructure as known by observability/SIEM tools.

Here are a few use cases that are enabled by Gigamon in conjunction with your observability/SIEM solution of choice:

• Are the applications communicating as usual, or did anything change in their network profile after recent upgrades?
• Are they speaking using vulnerable protocols or deprecated ciphers? Are the required TLS certificates still current?
• What other network traffic is competing with the key app’s traffic? Is it affecting the app connectivity? And what occupies the same network segments that my app uses?
• Multi-cloud latency visibility
• DNS latency issues
• Broad East-West visibility

Gigamon accesses network traffic from all sources, extracts network-derived attributes, and sends this to Amazon Security Lake for further analysis, exploration, and enrichment, as shown in Figure 1 below.

The Gigamon Deep Observability Pipeline, including GigaVUE V Series for selective traffic mirroring and metadata enrichment, could be run in AWS or on-prem. Customers can follow instructions provided in the Quick Start Guide to deploy the Gigamon Deep Observability Pipeline and start sending network telemetry data to enrich Amazon Security Lake.

Get Complete AWS Visibility with Gigamon

The powerful combination of GigaVUE Cloud Suite for AWS and Amazon Security Lake greatly improves access and visibility into network traffic and apps flowing within your hybrid cloud infrastructure. AWS customers obtain complete visibility into virtual machines, an essential requirement for building multi-tiered tool stacks. Regardless of which Zero Trust architecture is used, traffic visibility will be a requirement.

Traffic is intelligently distributed to network monitoring and security tools to maximize their effectiveness and accuracy and to avoid unnecessary scaling to lower CapEx. In addition, Gigamon and AWS solutions are tightly coupled to drive automation, simplify management, and reduce OpEx.

Check out our free Cloud Suite for AWS Test Drive and see for yourself. And download our whitepaper to get further insights into elucidating cloud visibility.