Top Five Reasons You Need an. Elemental Shift in Your Security

Transcription

1 Top Five Reasons You Need an Elemental Shift in Your Security

2 It s Time for a New Vision of Network Security Securing an IT infrastructure across physical, virtual and cloud environments has become more daunting and complex than ever. The emergence of big data, the internet of things and machine-to-machine communications has not only produced increasing volumes of data and network speeds, but also an increasing number, variety and sophistication of critical threats, including cyberterrorism, malware, ransomware and those originating from inside your organization. Add those up and what do you get? A domain of ever-increasing complexity, risk and cost. So, when faced with the question of how well the status quo network security architecture serves your business and your customers and the answer is, not well enough, it s time for elemental shift in security. Today s threat environment demands change Data volume Network speeds Proliferating threats Complexity Risk Cost 2

3 CYBERTHREATS CONSTANTLY EVOLVE. Here are Five Reasons Your Defenses Should, Too. 3

4 REASON 1: Legacy Security Models Are No Match for Modern Threats Perimeter and Endpoint-Based Approaches Are Only the First Step Organizations have done what they re supposed to do: Deploy the latest firewalls and the most advanced intrusion detection systems. So why are breaches still happening? The answer is that security postures continue to rely on the same old principles. Today organizations need more than a collection of single-featured tools. The Simple Trust Model No Longer Applies Long gone are the days when every device was owned, controlled and secured by IT. Trends like Bring Your Own Device (BYOD) and Bring Your Own Software (BYOS) blur the lines between what IT controls and what it doesn t. While BYOD and BYOS may be good for productivity, they re bad for security. Sixty-one percent of security breaches today are carried out by insiders: an employee, a contractor or a business partner on site. * Legacy Static Security Frameworks Cannot Adapt Today s networks are anything but static. With near-universal mobility of users, devices and apps, fixed, immutable choke points are things of the past. The dynamically expandable cloud makes perimeter boundaries even more fluid. * Dtex Systems: Insider Threat Intelligence Report. January

5 REASON 2: The Costs from Intrusions Are Unacceptably High Complex, nuanced attacks infiltrate and lurk within hidden areas of today s networks, often taking weeks to detect and even longer to contain. Meanwhile, the attacker can wreak havoc on an organization s business by continuing to exfiltrate data. The costs can be severe and expensive: Businesses may be forced to comply with breach notification and reporting mandates, face litigation and pay hefty fines. It can also have a negative impact on trust. Ultimately, leery customers might be inclined to take their business elsewhere The median number of days from intrusion to detection for internally detected breaches. * The median number of days from intrusion to detection for breaches detected and reported by external parties. * * Trustwave Holdings, Inc Trustwave Global Security Report

6 REASON 3: Security Pros Face a Perfect Storm of Challenges Evolving threats and increasing attack surface Surging volumes of data to be analyzed It s tough to be in security operations (SecOps) these days. High-profile attacks are headline news, and the sheer volume of alerts can make it challenging to prioritize what needs attention first. SecOps face an expanding portfolio of responsibilities spread across myriad functions, technologies and processes. Network security today depends on strong communication and collaboration between SecOps and network operations (NetOps) staff * two teams that have historically operated as separate entities and often, at odds. Skilled resources are typically stretched thin across both groups, with too few people covering too many responsibilities and they need a better way to work together. Simplifying key security operations processes and adopting the right security technology architecture are essential to driving the convergence of these teams and ultimately, to improving overall network security and performance. High cost of security tool sprawl Difficulty accessing data across physical, virtual and cloud environments Speed mismatch of security tools and network Slow rollout and expansion of security initiatives Complex security stack to manage by limited staff Rollout of security tools impacting network uptime Use of encryption to hide threats * Ganguli, Sanjit and Orans, Lawrence. Align NetOps and SecOps Tool Objectives With Shared Use Cases, Gartner Research, September

7 ADDING MORE TOOLS TO KEEP OUT THE BAD GUYS IS EXPENSIVE AND IT WON T WORK 7

8 REASON 4: Ad-Hoc Security Deployments Have Long-Term Consequences Rising costs. Management and capital expenditure (CapEx) costs are soaring due to the proliferation of security tools across the network. Inconsistent view of traffic. Security appliances tied in at specific network points are often blind to traffic from other parts of the infrastructure. Added complexity. SecOps teams are unable to orchestrate or load balance data across security tools. Lost time. Time-constrained staff must manage tools individually and coordinate with NetOps to upgrade or make changes to security tools. Contention for traffic. Too many tools are trying to access traffic from the same network points while the full volume of traffic at those points oversubscribes the tool. Blindness to encrypted traffic. Many security appliances can t see encrypted traffic, and malware increasingly uses encryption to hide. Too many false positives. More security appliances create an excess of false positives for SecOps staff to wade through. 8

9 REASON 5: Exploits Have Changed. Defenses Haven t. It s been said that insanity can be defined as doing the same thing over and over again and expecting different results. Unchanged security models simply cannot handle completely new breeds of hackers and new types of threats. Commercialized hacking tools, malware-as-a-service and sophisticated multidimensional attacks are all becoming commonplace. At the same time, there is more data speeding across networks, an increasing burden on already overloaded security tools and a shortage of skilled security professionals. The whack-a-mole approach of adding new tools to address each of these problems creates a patchwork quilt that cannot cover every scenario and only increases cost and complexity. Unchanged security models Surging volumes of traffic SecOps and NetOps at odds Blind spots 9

10 FASTER NETWORKS AND MORE SOPHISTICATED THREATS DEMAND AN ELEMENTAL CHANGE IN SECURITY 10

11 Build a More Secure Business So, what s the best approach to improving your overall network security posture? Answer: You need more than a collection of single-featured security tools. Instead, you need an intelligent and integrated approach, starting with a security delivery platform that can help simplify and boost the efficiency of security operations, speed the detection of threats and optimize existing investments in security tools. The GigaSECURE Security Delivery Platform from Gigamon lets you access the data you need across your entire infrastructure in on-premises, virtual and cloud environments. As a next-generation packet broker purpose-built for security, it orchestrates the movement of data to security tools in ways you may not have known are possible. Simplify Operations Uncover Threats Faster Control Costs Deploy and manage analytics inline and out of band. Upgrade and make changes to security tools without impacting network availability. Align NetOps and SecOps. Evaluate and roll out new technology easily. Access data across the network in on-premises, virtual and cloud environments. Scale security at the speed of your network, even at 100Gb. Deliver relevant data to the right security tools for faster detection. Eliminate blind spots where threats may be hiding. Stop tool sprawl with fewer tools for lower CapEx. Maximize tool efficiency. Decrease SecOps load. Load balance data across tools to leverage existing investments. Reduce operational expenditures related to maintenance downtime. 11

12 UNTIL NOW, SECURITY HAS NEVER HAD AN ELEMENT THIS POWERFUL 12

13 Transform Security with the GigaSECURE Security Delivery Platform The GigaSECURE Security Delivery Platform is a vital element that bonds with your entire network ecosystem to make it more resilient, agile and secure. It connects to your physical, virtual and cloud networks, supporting both inline and out-of-band tools across multiple network segments simultaneously. Web Application Firewall Advanced Threat Prevention Centralized Tools Intrusion Prevention System Security Information and Event Management Data Loss Prevention Forensics Security tools link directly into the GigaSECURE Security Delivery Platform, eliminating the need to wait for maintenance windows or coordinating with NetOps for deployment. Tools receive a high-fidelity stream of relevant traffic from across your network infrastructure at a speed they can manage. GigaSECURE Security Delivery Platform Powered by GigaSMART APIs With security-specific capabilities, like load balancing, inline bypass, metadata and secure sockets layer (SSL) decryption, the GigaSECURE Security Delivery Platform helps you scale security with network upgrades while avoiding tool oversubscription, stopping tool sprawl and improving efficiency. Physical, Virtual and Cloud Metadata Engine Application Session Fltering Data SSL Decryption Inline Bypass Private Cloud Public Cloud On-prem Data Center Remote Sites Cisco ACI 13

14 The Defender Lifecycle Model: Make Security a Machine-to-Machine Fight Many organizations have implemented the GigaSECURE Security Delivery Platform to successfully feed critical data to different types of security tools whether prevention, detection or the emerging space of prediction. However, there s a much broader aspect to what a security delivery platform can enable. Prevention Basic Hygiene: Firewall, Endpoint, Segmentation, etc. Defender Lifecycle Model Detection Building Context: Big Data and Machine Learning Prediction Triangulating Intent: Artificial Intelligence and Cognitive Solutions Containment Taking Action: Firewalls, IPS, Endpoints, Routers The very nature of polymorphic threats means that you can no longer afford to build security silos where one security device does not interact with another, and excessive human intervention can no longer be required. Automated Automated The opportunity to create the security architecture built for the future has arrived. It s about an entire Defender Lifecycle Model, which encompasses four stacks: prevention, detection, prediction and containment. Across every tool in every one of those stacks, the imperative is to level the playing field with automation. Inline Bypass SSL Decryption Metadata Engine Application Session Filtering SSL Decryption Metadata Engine Application Session Filtering SSL Decryption GigaSECURE Security Delivery Platform Physical Virtual Cloud Inline Enforcement The Defender Lifecycle Model shifts control and advantage away from the attacker and back to you, the defender, by making security a machine-to-machine fight, not a person-to-machine fight. This is how your security architecture gets transformative. 14

15 The Power of the Gigamon Ecosystem No platform stands alone, and the GigaSECURE Security Delivery Platform is no exception. Together, Gigamon and its ecosystem partners address all of your data access and security requirements so you can focus on what matters to your business. 15

16 There s a New Element Ready to Help You Build a More Secure Business Visit: or contact us at #TheEssentialElement 2018 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the Untied States and/or other countries. Gigamon trademarks can be found at All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice /18