Gigamon Introduction

Corporate Overview
See what matters.™

Gigamon Visibility Platform provides pervasive visibility
into data in motion across your entire network, enabling
stronger security and network performance.
• Founded in 2004 • CEO: Paul Hooper

• IPO in 2013, NYSE: GIMO • Over 2,200 customers
• Headquarters: Santa Clara, CA, U.S. • Verticals: Federal, Financial Services, Healthcare,
Retail, Technology, Service Providers
• Global Offices: 20 countries
• Global Patents Issued: 35
• 680 employees
©2015 Gigamon. All rights reserved. 1

Who Deploys Gigamon?
GIGAMON’S SOLUTION HAS BEEN DEPLOYED AT MANY OF THE WORLD’S
LEADING ORGANIZATIONS, INCLUDING:
Customer data from FY2016. Based on 2016 Fortune list, Fortune is part of Time Inc. Samantha Sharf, "The World's Largest Tech Companies: Apple Beats Samsung, Microsoft And Alphabet," Forbes, May 26, 2016. Retrieved from:
“Top 50 Banks in the World," Banks around the World. June 30, 2016. Retrieved from: http://www.relbanks.com/worlds-top-banks/assets http://www.forbes.com/sites/samanthasharf/2016/05/26/the-worlds-largest-tech-companies-2016-apple-bests-samsung-microsoft-and-alphabet/#ed4f6fc89ee4
Laura Lorenzetti, "The 10 biggest health-care companies in the Fortune 500," Fortune, June 20, 2015. Retrieved from: "Stores Top Retailers 2016," Kantar Retail, National Retail Federation, 2016. Retrieved from: https://nrf.com/resources/annual-retailer-lists/top-100-retailers/stores-top-
https://gigamon.my.salesforce.com/00O14000008ef5s retailers-2016
Data Set: Top US Government Agencies by Contract Spending (FY 2016), GovWin from Deltek. Accessed Feb. 7, 2017. "The World's Biggest Public Companies," Forbes, June 2, 2016. Retrieved from: https://en.wikipedia.org/wiki/List_of_telephone_operating_companies

Gigamon Customers Today
ENTERPRISE FEDERAL SERVICE PROVIDER
HEALTHCARE
TECHNOLOGY INDUSTRIAL RETAIL FINANCE AND INSURANCE
1900+ 78 50
of the of the Top 100
End Customers
Fortune 100 Global SPs
As of Q4 2015

©2016 Gigamon. All rights reserved.
Ecosystem Partners who work with Gigamon
Network
Security and
Vulnerability
Management
Customer
Experience
Management
Network
Performance
Management
Application
Performance
Management
Network
Forensics/Big Data
Analytics

Turnkey Solutions today that needs Gigamon
• Multi Tier security architectures within the network
• Turnkey Security architecture (IPS/IDS, APT, DLP, NAC, FW, Forensic,
DPI, Web security, SIEM)
• Private Cloud / Public Cloud / Hybrid Cloud Visibility
• NPM / APM / Mobile Core CEM
• SOC/NOC visibility platform
• SDN Visibility (Cisco ACI, VMware NSX, OpenStack/KVM)
• Monitoring Centralization
• New Data Centre

Continuous Visibility Is at the Core of Security
EXAMPLE: GARTNER’S ADAPTIVE SECURITY ARCHITECTURE
Twelve Security Capabilities of the Gartner Adaptive (at the core of change) Security Architecture
Predict Adjust
Posture
Implement
Posture
Prevent
Risk-prioritized Harden Systems
Exposure Assessment
Anticipate Threats / Isolate Systems
Attacks Continuous
Baseline Systems and Visibility and Prevent Attacks
Adjust Monitor
Security Posture
Verification Posture
Users
Systems
Remediate System activity
Payload
Detect Incidents
Design / Model Network
Policy Change Confirm and
Prioritize Risk
Investigate
Incidents / Retrospective Contain Incidents
Analysis
Respond Detect
*Source: Gartner Data Center Infrastructure Operations and Management Conference, December 2016

Legacy Approaches Provide Limited Visibility
Public
Intrusion
Cloud: AWS
IPS
• Significant blind spots
Detection
Intrusion (Inline)
System Intrusion IPS
Detection
Detection
System
System
Internet IPS
(Inline)
(Inline)
• Extraordinary costs
• Contention for access to traffic
Data Loss
Prevention
Routers Anti-Malware
(Inline)
Anti-Malware • Inconsistent view of traffic
Data Loss Anti-Malware (Inline)
Data Loss “Spine”
Prevention (Inline)
Prevention Switches
• Blind to encrypted traffic
“Leaf”
• Too many false positives
Email Threat Switches Forensics
Detection
Email Threat Forensics
Detection Forensics
Email Threat Virtualized
Detection Server Farm
Poor architectural choices will lead to poor results!

Security Delivery Platform: “See Everything”
A FOUNDATIONAL BUILDING BLOCK TO EFFECTIVE SECURITY
Public
Cloud: AWS
Intrusion IPS
Detection
Intrusion IPS
(Inline) Anti-Malware Data Loss Intrusion Forensics Email Threat
System Intrusion IPS
Detection Internet IPS(Inline) (Inline) Prevention Detection Detection
(Inline)
Detection
System (Inline) System
System
Routers Anti-Malware
Data Loss
(Inline)
Anti-Malware
Prevention
Data Loss Anti-Malware (Inline)
Data Loss “Spine”
Prevention (Inline)
Prevention Switches
“Leaf” Physical, Virtual Metadata Application SSL Inline

Email Threat Switches andForensics
Cloud Engine Session Filtering Decryption Bypass
Detection (NetFlow / IPFIX)
Email Threat Forensics
Detection Forensics
Email Threat Virtualized
Detection Server Farm ü All tools still connected ü Enhanced tool efficiency
ü Fewer network touch points ü Decreased OPEX costs

GigaSECURE® Security Delivery Platform
THE INDUSTRY’S FIRST SECURITY DELIVERY PLATFORM
IPS Anti-Malware Data Loss Intrusion Forensics Email Threat

(Inline) (Inline) Prevention Detection Detection
System
On-prem
DC
Security Delivery Platform

Remote
Sites
Cisco ACI Private

Physical, Virtual Scalable
A complete Metadata
metadata Application
Isolation of SSL to
Visibility InlineInline
bypass for
Cloud
and Cloud
network-wide reach: Enginefor
extraction Session Filtering
applications for Decryption
encrypted Bypass
traffic for connected security
physical and virtual improved forensics targeted inspection threat detection applications
Public
Cloud
ü All tools still connected ü Enhanced tool efficiency
ü Fewer network touch points ü Decreased OPEX costs

Gigamon Data-in-Motion Visibility Platform
Tools & Applications
A
Security | Experience Management | Monitoring | Analysis
P
I
Orchestration GigaVUE-FM API

NSX Manager vCenter
Traffic Adaptive Application

De-duplication FlowVUE®
Packet Filtering Session Filtering
Intelligence
GTP Header NetFlow and
Masking
Correlation Stripping Metadata Generation
SSL
Slicing Tunneling
Decryption
Flow Mapping® Clustering Inline Bypass GigaStream®
Visibility
Nodes Intelligent Visibility Public Cloud Virtual Traffic Aggregators Network TAPs
Any Network
Data Center and Private Cloud | Public Cloud | Service Provider Networks | Remote Sites

TRACK 1:
Traffic Visibility for Network Monitoring
Pervasive Monitoring for Pervasive Visibility
WHAT IS DRIVING THIS EMERGING NEED?
• Increasing Security Threats

• You Cannot Secure What You Cannot See
• Distributed applications create east-west traffic patterns

• Dynamically changing traffic patterns demand better visibility
• Eliminate blind spots due to new encapsulations, encryption*

• E.g. VXLAN, SSL traffic
• Maintain visibility through network architecture changes and upgrades

• E.g. White Box, SDN, VMware NSX, Cisco ACI, OpenFlow
* ”Avoid These "Dirty Dozen" Network Security Worst Practices’, Andrew Lerner and Jeremy D'Hoinne, Gartner, January 2015

Current Challenges Enterprises faced
• Non homogeneous networks (1Gb copper, 1/10/40Gb fiber)

• “Tsunami” of monitoring tools (for Network, Application, Security), high
cost
• Same Visibility for all Security tools (You can’t secure what you can’t see!)
• Visibility for Virtualization Infrastructure
• Multi Sites Visibility and monitoring without Higher CAPEX
• Reduced budget for all IT spending

ADDING TOOLS WITHOUT
Challenge 1 :
LIMITATION AND NO IMPACT
TO NETWORK
PERFORMANCE

Use Case: Eliminate SPAN Port Contention
FEW SPAN PORTS, MANY TOOLS
Without Gigamon With Gigamon
Intrusion
Detection
System (IDS)
Intrusion Detection
System (IDS) Application
Performance
Application Performance
Management Management
Switch with two SPAN

session limitation VoIP Analyzer
VoIP Analyzer Switch with
two SPAN
ports Packet
Packet Capture
Capture
Customer is unable to use all tools! Customer has complete visibility for all tools!

NOT OPTIMISING
Challenge 2 :
INVESTMENTS (TOOLS)

Use Case: Limited Access to Environment
(Multi network segments)
LIMITED TOOL PORTS, MANY SWITCHES

Switch 1 Switch 1
Switch 2 Switch 2
Switch 3 Switch 3
Analysis tool with Switch 4 Analysis tool with Switch 4

only 2 NICs ports only 2 NICs
Switch 5…n Switch 5…n
Limited Connectivity Pervasive Access – Can Connect to

to Full Environment All Points in the Environment

TOOLS ARE MADE OBSOLETE
Challenge 3 : WHEN NETWORK IS
UPGRADED

Use Case: Change Media and Speed (Future
proof to new network)
10, 40 OR 100GB TRAFFIC TO 1 OR 10GB TOOLS
GigaVUE® Matches Your Network to Your Tools

Intrusion Detection
System (IDS)
10Gb 1Gb
Application Performance
Management
VoIP Analyzer
Packet Capture Intrusion Application

VoIP Packet
Detection Performance
Monitor Capture
System Management
Customer migrates to a 10Gb network and Customer able to extend the life
1Gb monitoring tools become useless of their 1Gb network and security tools

MONITORING MULTI-SITES IN
Challenge 4 : MORE EFFECTIVE
ARCHITECTURE

Use Case: Optimize Tool Efficiency
(Centralization)
MAXIMIZE THE TOOL INVESTMENT BY CENTRALIZING,

Remote 1 Remote 1
Remote 2 Remote 2
Switch 1 Switch 1
Switch 2 Remote 3 Switch 2 Remote 3
Switch 3 Switch 3
Remote 4 Remote 4
Switch 4 Switch 4
Central
Central
Switch Switch
1 site per Tool – Tools not optimized Centralize the Tools for maximum efficiency

BLIND SPOTS WITHIN
Challenge 5 :
VMWARE TRAFFIC
(NOT ABLE TO BE DETECTED
BY TOOLS)

Visibility into Virtualized Workloads
CHALLENGES
VM VM VM VM VM VM
VIRTUALIZE
SERVER
SERVER
Hypervisor Hypervisor
SERVER SERVER
Switch
Switch
TRADITIONAL VISIBILITY VIRTUAL VISIBILITY CHALLENGES

• SPAN on Switch Ports • Blind spots for Intra-Host VM traffic
• Physical TAPs • Blind spots for Inter-Host VM traffic (blade center)

Virtual Visibility: More Important Than Ever
5 REASONS WHY YOU SHOULD CARE
1. Scope of security must cover virtualized workloads
2. Increasing VM density
3. Visibility into VM-VM traffic
4. Creating new virtual tool instances eats into compute capacity
5. Automated visibility after VM migration
GigaVUE-VM
IDS
VIRTUAL VIRTUAL VIRTUAL

IDS VM1 ANTI- APM VM
MALWARE
ANTI-MALWARE
HYPERVISOR HYPERVISOR
SERVER SERVER
APM
LEGACY APPROACH MODERN APPROACH

GigaVUE-VM - Virtual Workload Monitoring
EXTENDING VISIBILITY INTO VIRTUAL DATA CENTERS
• Small footprint ‘Virtual Tap’ guest VM appliance • Access, Select, Transform, and Deliver Virtual traffic
• Visibility into Hosted Applications • Visibility into Physical to Virtual traffic
Advanced Traffic Intelligence

• De-duplication • Time Stamping
Centralized
• Packet Masking • Load Balancing
tools
• Packet Slicing • NetFlow Generation
• Header Stripping • SSL Decryption
Core Core
Application
GigaVUE-VM Performance
• Flow Mapping™
• Filter on VM, application ports
• Packet slicing at any offset Spine Spine
Network
• Tunneling for multi-tenant
Tunnel Port
DB Server Network
Performance
Leaf Leaf Leaf Leaf
DB
OS
Tunneling Security

Software-Defined Visibility for
Challenge 6 : Software-Defined Networking
(SDN) Infrastructure

Software-Defined Visibility with Cisco ACI
TOOL CENTRALIZATION WITH VISIBILITY FABRIC
REST APIs
Closed Loop Monitoring
GigaVUE-FM
• All tools are still Traditional Architecture New ACI Architecture Centralized Tools
connected
VM Traffic
• Fewer network Application
Performance
Inline
touch points Bypass VXLAN= Management
6000
• Increased tool SSL
Decryption Customer
performance Core Spine NetFlow
VXLAN= Experience
Management
5000
(Nexus 7K) (Nexus 9500) Generation
• Cost savings Aggregation Application
(Nexus 5K, Session
Catalyst 6K) G-TAP BiDi Filtering De-cap Security
Network
Leaf (40Gb) VXLAN
Access Transform- Header
(Nexus 2K) ation (Nexus 9300) Stripping
Network
GigaVUE-VM NetFlow / Performance
IPFIX Management
Server Farm Virtualized Server Farm (UCS)
VM VM
HYPERVISOR

Software-Defined Visibility Vmware NSX (and
ESXI)
REST APIs
NSX Manager vCenter
Software-Defined Visibility
API Integration
GigaVUE-FM Centralized Tools

VM Traffic
Virtual Networks Security

Powered by VMware NSX
Anti-Malware
VXLAN=6000
IDS
SSL
Decryption DLP
NetFlow / IPFIX VXLAN=5000 NetworkAPM

Forensics
Internet Generation
APT
Application
Session Filtering
Monitoring
Adaptive De-cap VXLAN
Packet Filtering Application Performance
TAPs Header Network Performance

Stripping
NetFlow / IPFIX Customer Experience
Filtered and Sliced Virtual Traffic
GigaVUE-VM

High-Level Overview
ACI Fabric
Centralized
GigaVUE -FM Tools
SPINE1 SPINE2
De-dupe Header
Stripping
Lock
Pwr
Rdy M/S IBM Tealeaf
PRT-HC0-Q06
PRT-HC0-Q06
PPS Fan Rear
PTP
IEEE Rdy Q1 LNK Q1 LNK Q1 LNK Q1 LNK Q1 LNK Q1 LNK Rdy Q1 LNK Q1 LNK Q1 LNK Q1 LNK Q1 LNK Q1 LNK
GigaVUE-HC2
1588
Stack Pwr ENA ENA ENA ENA ENA ENA Pwr ENA ENA ENA ENA ENA ENA
Mgmt
Port
1 3
SMT-HC0-X16
Mgmt
SilverTail
Rdy
Con-
sole H/S
Pwr X1 X3 X5 X7 X9 X11 X13 X15

X2 X4 X6 X8 X10 X12 X14 X16
GigaVUE-HC2
2 4
QSF-502 module
between TA40 to HC2
Leaf Leaf 40gb
1 2
Leaf
3
Uses x-over MPO-LC
connector
PinDrop
Riverbed
ARX
QSB-501 BiDi module
between TA40 and
TAP-506 DynaTrace
BiDi
Live A Live A Live A Live A
1
4
3
Live B Live B Live B Live B
G-TAP BiDi
G-TAP BiDi
G-TAP BiDi
G-TAP BiDi
TAP-506
Out A Out A Out A Out A
6
5
8
7
Out B Out B Out B Out B
TAP-506
TAP-506
TAP-506
TAP-506

QUESTIONS?

TRACK 2:
Security Delivery Platform
Gigamon GigaSECURE: Supported by the security
alliances
GIGAMON ECOSYSTEM PARTNERS (WEFIGHTSMART.COM)
“…our joint customers will benefit from “Even the best security appliance “…Gigamon’s high performance “…a robust and systematic framework to
some of the most advanced security will fail to deliver if it does not security delivery platform is deliver pervasive network visibility to
technology available.” get the right traffic,…” the right match…” security appliances…”
“…critical manageability and “…To be effective, a security appliance “…a security delivery platform “…Together, Lancope and Gigamon
control to traffic and needs to be able to access the right addresses the real need for pervasive, enable customers to solve today’s
flow visibility.” network traffic…” high fidelity visibility…” tough security challenges."
“…much needed operational “…allows joint customers to leverage “…efficient access to traffic flows and “…significantly increasing the efficiency
efficiency to the task of ensuring Gigamon's Security Delivery Platform to high fidelity meta-data from anywhere and effectiveness of [business]
pervasive visibility for security tools.” effectively extend and access the in the network…” security teams…”
critical data flows …”
“…GigaSECURE Security Delivery Platform “…Gigamon’s Security Delivery Platform

sheds light on insider initiated threats, it can “… access to high fidelity network traffic is will allow Savvius's products to continue
provide complementary visibility to the network a vital step in the implementation of to provide the insight
traffic that Palo Alto Networks sees… “ advanced protections…" our customers depend on...”

FW, IPS, APT, WAF and more
Challenge 7 :
inline security tools to come. Its
getting difficult to manage and
impact my network performance

Inline
Inline Bypass to Scale Security Delivery

Bypass
SOLVING PAIN POINTS OF BOTH SECURITY & NETWORK TEAMS

Inline

Bypass

Inline

Bypass
No service
Service continue

Inline

Bypass
Maximize tool
efficiency
Increase scale of
security monitoring
Add, remove, and upgrade

tools seamlessly
Consolidate multiple points of failure

into a single, bypass-protected solution
Integrate Inline, Out-of-Band, and Flow-based tools

via the GigaSECURE® Security Delivery Platform

Inline Solution with FireEye
Internet
FireEye (NX or EX)
HC2
Edge Routers
* Gigamon solve asymmetric routing

Core Switches FireEye (PX)

Case Study: Enterprise Account
SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM
• Inline Tools: SourceFire IPS, Imperva WAF
Background • Out-of-Band tools: FireEye, ExtraHop
& Challenge • Needed many-to-one inline inspection, APP aware intelligence and capture
the same traffic for out-of-band security functions like FireEye and ExtraHop
• GigaSECURE®: Inline bypass technology to provide many-to-one

(1x10Gband 3x1Gb links) inline inspection
Solution • APP aware capability only delivers WEB traffic to Imperva for inspection
• Capture same Internet traffic and send to out-of-band FireEye, ExtraHop
• Use one SourceFire appliance to protect 4 different physical links

Results & with different media/speed
Key Benefits • Feed same Internet traffic to both inline and out-of-band tools
• Significantly simplified security operations: upgrade any security tool at will

Case Study: Enterprise Account
SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM

Challenge 8 : SSL Decryption

Need for Visibility into SSL
>80% of enterprise traffic will be encrypted through 20191
80% performance degradation of security appliances due to SSL2
33% of malware uses encryption3
Visibility into SSL traffic leaving an organization (Internet servers, cloud services)
1 Source: Gartner “Predicts 2017: Network and Gateway Security”, December 13 2016.
2 Source: SSL Performance Problems, NSS Labs
3 Source: 2016 Trustwave Global Security Report

Challenges with SSL Solutions in Market
Today
THREE APPROACHES TO DECRYPTING SSL / TLS TRAFFIC
Web Proxies Or Firewalls Load Balancers Dedicated SSL Decryptors
Inline
Tool(s)
Decryptor
FW Proxy Inline Tool(s)
• Low Performance • Limited traffic selection • Limited traffic selection

• Cannot feed other tools • Weak inline bypass • Limited interfaces creates
appliance sprawl

SSL Decryption on Gigamon Products
Encrypted Traffic Decrypted / Unencrypted Traffic
1 • Corporate servers Clients Internet Servers
• Enterprise has server keys

• RSA key exchange 3 RSA/DH
• Supported Since 2014
Internet
2 • Corporate servers
Active, Inline Passive, Out-of-Band
• Diffie-Hellman (DH) key exchange Appliance(s) Appliance(s)
Network
• Emerging TLS 1.3 standard NGFW
Forensics
• Need to be inline to decrypt SSL
IPS Anti-malware
3 • Internet Servers or SaaS services

• Enterprise does not have server keys
• Need to be inline to decrypt SSL
1 RSA 2 DH, PFS
Corporate Servers
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.
? Clients

Introducing Inline SSL Solution
FIRST INLINE SSL SOLUTION INTEGRATED
IN A VISIBILITY PLATFORM
Malware and its actions lay hidden in the night

Then came Gigamon Inline SSL and all was light
Any forward-looking indication of plans for products is preliminary
©2015 Gigamon. All rights reserved. and all future release dates are tentative and subject to change. 45
Gigamon Inline SSL Visibility Solution
SSL Session
Leg 2 Inline Tool Group
(encrypted) (decrypted traffic)
3
Web Monitor Tool Highlights

(decrypted traffic)
• Servers and clients located internally
1 or externally
SSL Session 2 • Private keys not needed
Leg 1 • RSA, DH, PFS can be used
(encrypted) • Supports inline and out-of-band tools
2
Out-of-Band Tool
(decrypted traffic) Encrypted traffic
Decrypted traffic

TOO MUCH “RUBBISH
Challenge 9 :
TRAFFIC”
(NOT RELEVANT TO SOME
SECURITY TOOLS)

Use Case: Tool Efficiency
TOOLS RECEIVED IRRELEVANT TRAFFIC, REDUCE EFFICIENCY
Security Tool
Irrelevant Security Tool

Traffic
Relevant
Traffic
Switch Relevant
Switch Traffic
Relevant and Irrelevant traffic is passed to the Tool Only relevant traffic is passed to the Tool!
=> efficiency of Tool reduced!

Application Session Filtering (ASF)
- Eliminating Unnecessary Traffic from Burdening Security Tools
- “Google Search on network traffic”
Application
Application Session Filtering (ASF) Session Filtering
4 3 2 1 Video
NETFLIX NETFLIX NETFLIX NETFLIX Monitor
4 4 3 3 2 2 1 1 4 3 2 1 Email
NETFLIX Exchange NETFLIX Exchange NETFLIX Exchange NETFLIX Exchange Exchange Exchange Exchange Exchange Monitor
Application
Session Filtering
2 2 1 1
NETFLIX Exchange NETFLIX Exchange Collector
• Filter all traffic corresponding to an application session even though signature may only be in one packet
• Maintains session integrity when delivering traffic to tools

Case Study: George Washington University
“
The ability to filter out irrelevant traffic based on regular expression
at line speed makes security more effective.
// Mike Gyler, Director, InfoSec, George Washington University
BACKGROUND • Streaming Services (Netflix & Hulu) consumed 50% of network bandwidth
& CHALLENGE • Security sensors were being overloaded
SOLUTION • GigaVUE® H Series & GigaSMART ® with Application Session Filtering
• Filtered out all Hulu/Netflix including entire sessions

RESULTS &
• Significant expansion in threat detection coverage
KEY BENEFITS
• Video streaming dropped from top 5 to 25 in list of high bandwidth apps

Other Use Cases for ASF
“GOOGLE SEARCH ON NETWORK TRAFFIC”
• Customer is using all web traffic (SSL and non SSL) on port 8080. Separate using ASF
• Identify data found in SSL certificate such as subject field
• SSL with a specific cypher suite (insecure versions)
• Filter traffic from specific internal/external domains
• Filter traffic from custom applications developed in an enterprise
• iSCSI Control plane traffic (initiation, termination)
• Kerberos: Search for Kerberos traffic (possibly specific exchanges such as TGT and Service
Tickets) and send to a tool doing user authentication and user control
• DNS records: Filter transactions based on regular Expression from DNS response

Challenge 10 : Metadata (NetFlow)

NetFlow Generation Application
STANDARDS-BASED FLOW SUMMARIZATION & ANALYTICS
Enterprise / DC
Customer
Experience
Management
(CEM)
Application
Performance
Service Provider
Metadata
Flow Mapping®
Generation
Security
• Transforms packet data across multiple devices into NetFlow records

• Advanced filters for custom exports to one or multiple NetFlow collectors, performance, and security monitors
• Combined flow analytics with packet-level analytics
NetFlow Generation
• Increase infrastructure efficiencies and broaden visibility by

offloading NetFlow Generation to the Visibility Fabric
• Generate NetFlow records without sampling to facilitate true
response and root cause capability
• Simultaneously provide flow statistics and raw packets to a
variety of monitoring, analysis, and security tools in an
integrated traffic visibility solution
• Export records to up to six (6) collectors supporting
NetFlow v5/v9 and IPFIX
• Expose unique information elements (IE) such as URL

NetFlow Generation
STANDARDS-BASED FLOW SUMMARIZATION & ANALYTICS
Optimize • Offload NetFlow Generation to the Visibility Fabric™ increases infrastructure efficiencies
Production • Out-of-Band solution completely eliminates the risk of dropping production traffic on busy
Network routers or switches as a result of generating NetFlow
End-to-End
• Unsampled NetFlow record generation to facilitate true response and root cause capability
Traffic and
• Integrated traffic visibility solution with NetFlow Generation simultaneously provides both flow
Flow
and packet statistics to a variety of monitoring, analysis, and security tools
Visibility
Enhanced • Summarized NetFlow statistics across remote sites

Remote • Optional drill-downs into raw packet analytics for detailed troubleshooting
Monitoring and root-cause analysis
• Gain comprehensive network visibility from multiple network observation points

Enhanced
• Enable end-to-end security enforcement with visibility into every flow
Operational
• Filter records based on configurable parameters to predetermined tools
Efficiency
• Leverage LLDP / CDP information to identify NetFlow source

Problem Statement
VOLUME, TYPES AND AMOUNT OF DATA OVERWHELM SIEMS
Low
Performance
1010101000
1110010101
DNS, SSL,
0100011100
1010101000
High
HTTP, RDP,
1010101000
PowerShell
1110010101 Costs
0100011101
Low Visibility
SIEM Poor Security
Network

Gigamon Metadata Advantage
VOLUME, TYPES AND AMOUNT OF DATA OVERWHELM SIEMS
High
Performance
1010101000
1110010101
DNS, SSL,
0100011100
1010101000 DNS, SSL, Low
HTTP, RDP,
1010101000
PowerShell
1110010101 HTTP, RDP Costs
0100011101
Metadata Full Visibility

SIEM Better Security
Engine
Network

DNS
PERFORMANCE IMPACT WITH LOGGING
DNS LOGGING
Local
DNS
Server SIEM
Low High
Performance Costs
• High impact on DNS Server

• Impact on network
performance
• Lots of logs to index,
USERS WITHIN THE ORGANIZATION
high costs

DNS Metadata
HIGH PERFORMANCE
Local
DNS
Server SIEM
DNS High Low

Metadata Performance Costs
1. No impact on DNS Server

2. Original authoritative request


DNS Architecture
LOSS OF FIDELITY
Internet Root DNS Server
s
request
Lookup vil.com
.e
for www
2.2.2.2 → www.evil.com
DMZ DNS Server
Lookup requests
Local Domain SIEM
Network 2.2.2.2
Controller + DNS
Low Visibility
Poor Security
www.evil.com
• SIEM does not see original DNS request
• Logs from proxies reduce visibility of actual
1.1.1.1 DNS transactions

DNS Metadata
HIGH FIDELITY & BETTER SECURITY
Internet Root DNS Server
s
request
Lookup vil.com
.e
for www
DMZ DNS Server

Lookup requests
Local om
Domain ww.evil.c SIEM
Network 2.2.2.2 .1→ w
Controller + DNS 1.1.1
Full Visibility
Better Security
DNS
www.evil.com Metadata
Gigamon captures original DNS request and
infected endpoint is identified
1.1.1.1


New Upcoming DNS Metadata Enhancements
GIGAVUE-OS 5.0
Extension Purpose
Data Length Detect exfiltration of data using large size DNS packets
Canonical Name Track other domain names used by C&C servers
Multiple collects Handle multiple responses for DNS requests
Additional fields Numerous header, query, response, authority fields in DNS

Gigamon and Splunk
FASTER TIME TO DISCOVERY AND RESPONSE, HIGHER ROI FROM SIEM AND IPS
High Value Use Cases

• NetFlow
• Extended metadata
• Complete visibility
• Manage from Splunk
• Filtering means only high-
value data sent to Splunk

QUESTIONS?

Gigamon Introduction

Uploaded by

Copyright:

Available Formats

Gigamon Introduction

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Gigamon Introduction

Uploaded by

Copyright:

Available Formats

What are Gigamon's main products and services?

What are Gigamon's main products and services?

Who are Gigamon's main customers?

Who are Gigamon's main customers?

Corporate Overview

See what matters.™

• Founded in 2004 • CEO: Paul Hooper

©2015 Gigamon. All rights reserved. 1

©2015 Gigamon. All rights reserved. 2

©2015 Gigamon. All rights reserved. 3

©2015 Gigamon. All rights reserved. 4

©2015 Gigamon. All rights reserved. 5

©2015 Gigamon. All rights reserved. 6

Poor architectural choices will lead to poor results!

“Leaf” Physical, Virtual Metadata Application SSL Inline

©2015 Gigamon. All rights reserved. 8

IPS Anti-Malware Data Loss Intrusion Forensics Email Threat

Security Delivery Platform

Cisco ACI Private

©2015 Gigamon. All rights reserved. 9

Orchestration GigaVUE-FM API

Traffic Adaptive Application

Flow Mapping® Clustering Inline Bypass GigaStream®

©2015 Gigamon. All rights reserved. 10

• Increasing Security Threats

• Distributed applications create east-west traffic patterns

• Eliminate blind spots due to new encapsulations, encryption*

• Maintain visibility through network architecture changes and upgrades

©2015 Gigamon. All rights reserved. 12

• Non homogeneous networks (1Gb copper, 1/10/40Gb fiber)

©2015 Gigamon. All rights reserved. 13

©2015 Gigamon. All rights reserved. 14

Without Gigamon With Gigamon

Switch with two SPAN

©2015 Gigamon. All rights reserved. 15

©2015 Gigamon. All rights reserved. 16

Without Gigamon With Gigamon

Analysis tool with Switch 4 Analysis tool with Switch 4

Switch 5…n Switch 5…n

Limited Connectivity Pervasive Access – Can Connect to

©2015 Gigamon. All rights reserved. 17

©2015 Gigamon. All rights reserved. 18

Without Gigamon With Gigamon

GigaVUE® Matches Your Network to Your Tools

Packet Capture Intrusion Application

©2015 Gigamon. All rights reserved. 19

©2015 Gigamon. All rights reserved. 20

Without Gigamon With Gigamon

©2015 Gigamon. All rights reserved. 21

©2015 Gigamon. All rights reserved. 22

TRADITIONAL VISIBILITY VIRTUAL VISIBILITY CHALLENGES

©2015 Gigamon. All rights reserved. 23

VIRTUAL VIRTUAL VIRTUAL

LEGACY APPROACH MODERN APPROACH

Advanced Traffic Intelligence

©2015 Gigamon. All rights reserved. 25

©2015 Gigamon. All rights reserved. 26

Closed Loop Monitoring

©2015 Gigamon. All rights reserved. 27