170 likes | 306 Views
The Dynamic World of Threat Detection , Containment & Response. Opportunities and Challenges. The World of IT continues to evolve. IT owned. Static Management and Security Tools. Mobile. Network. Contained. Virtual. Servers. In house. User owned. Limitless. Data. Devices.
E N D
The Dynamic World of Threat Detection, Containment & Response
Opportunities and Challenges The World of IT continues to evolve IT owned Static Management and Security Tools Mobile Network Contained Virtual Servers In house User owned Limitless Data Devices Physical Dynamic Infrastructure Cloud Applications Fixed
Opportunities and Challenges The World of IT continues to evolve IT owned Static Management and Security Tools Mobile Network Contained Virtual Servers In house User owned Limitless Data Devices Physical Dynamic Infrastructure Cloud Applications Fixed
Visibility: The Enabler for Security Anatomy of an Attack Cloaking complete Cloning & ‘go mobile’ Information extraction Attack commences Assessing the infrastructure Pilot probe attack Cloaking starts Data extraction or manipulation Intrusion commences Identifying targets Window of Exposure The “Golden Hour” Damage & scale assessment Alert & notification Second-wave detection Security established Anomaly detected Elimination Early stage containment Infrastructure wide response Attack identified
Two Architectures; Two Approaches “Wall and Watch” “Wall” – in band “Watch” – out of band • Limit the opportunities • Block the known attacks • Monitor traffic profiles • Alert to anomalies • Broad-scale monitoring • Signature behavior • Leverage multiple measures • The front-line against the unknown • Limitations • Limitations • Requirements • Requirements • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale • Highly available architecture • Line-rate performance • Infrequent configuration changes • Powerful filtering capability • Multi-point triangulation • The more pervasive, the greater the value • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows”
Two Architectures; Two Approaches “Wall and Watch” “Wall” – in band “Watch” – out of band • Requirements • Requirements • Highly available architecture • Line-rate performance • Infrequent configuration changes • Powerful filtering capability • Multi-point triangulation • The more pervasive the greater the value • Limitations • Limitations • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows”
Two Architectures; Two Approaches “Wall and Watch” “Wall” – in band “Watch” – out of band • Limitations • Limitations • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows”
Networks were Static and Simple Application Performance Network Management Security TOOLS
Networks are Dynamic and Complex Application Performance Network Management Security TOOLS
Networks demand a New Approach Application Performance ApplicationPerformance Network Management Network Management TOOLS Security Security CENTRALIZED TOOLS
The Fabric Intelligence Packet Identification, Filtering and Forwarding Packet Modification, Manipulation and Transformation Physical Deduplication ABACCABACB ABC Packet Slicing A B C A B C A B C A B C Application Performance Virtual Time Stamp Network Management Flow Mapping Network GigaSMART Tools Security Dynamic power to control traffic selection
The Benefits of Visibility Fabric Legacy Approach Visibility Fabric • Pervasive • Simple • Cost Effective • Centralized • Scalable • Limited Visibility • Static • Expensive • Distributed • Constrained
Enabling Best-of-Breed Selections Security Application Monitoring Network Management Tools Network The Middleware with Any Network, and Any Tool
The Advantages of Gigamon – GigaBPS Traffic offload – Application-aware traffic profile
The Demand is Clear Organization Size: Employees (000s) Organization Revenue ($B) Vertical Independent Survey Results from December 2011
Visibility Fabric Addressing the Limitations “Wall” – in band • Limitations • Heartbeat monitoring • Intelligent traffic distribution • Establishes a ‘Dynamic DMZ’ enabling rapid response • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows” “Watch” – out of band • Limitations • “Flow Mapping” filtering • Selective traffic forwarding • Scalability to serve some of the largest networks on the planet • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale