Security inside out. The top seven reasons to optimize your network security model with a security delivery platform. See what matters.
This is not a USB drive. It is a delivery vehicle for uncontrolled data. Understand and control what s connecting to your network with a security delivery platform. See what matters. 2
A new vision of network security. Gain visibility into every previously hidden corner of your network, so you can simplify and automate. Volume Speed Threats Complexity Risk Cost Securing an IT network has become more daunting and complex than ever. With the emergence of big data, Internet of Things, and machine-to-machine communications, immense volumes of data speed faster and faster across physical, virtual, and cloud infrastructures, linking billions of devices. Add in a growing number and variety of critical threats, including those originating from inside your organization, from cyber-terrorism, from malware, and from ransomware... and the result is a domain of ever-increasing cost, complexity, and risk. 3
REASON 1: Legacy security models are no match for modern threats. Perimeter and endpoint-based approaches are incomplete. These outmoded models can t defeat zero-day attacks from outside. And they provide limited defense against inside threats. The simple trust model no longer applies. Gone are the days when every device was owned, controlled, and secured by IT. Bring Your Own Device (BYOD) and Bring Your Own Software (BYOS) blur the lines between what IT controls and what it does not. Trends like BYOD and BYOS may be good for productivity, but they re bad for security. Sixty-one percent of security breaches today are carried out by insiders: an employee, a contractor, or a business partner on site. * Legacy static security frameworks cannot adapt. Today s networks are anything but static. With near-universal mobility of users, devices, and apps, fixed, immutable choke points are things of the past. The dynamically expandable cloud makes perimeter boundaries even more fluid. * Dtex Systems: Insider Threat Intelligence Report. January 2017. 4
REASON 2: The anatomy of today s threats is increasingly complex. Today s large-scale breaches are complex. Many of these advanced persistent threats take place over multiple stages and extended periods of time, ranging from weeks to months. Threat stages Stage 1 RECONNAISSANCE A threat actor observes activity habits of network users to create profiles and attack strategies. Stage 2 PHISHING & ZERO DAY ATTACK Attacker draws first blood, typically with a phishing or drive by malware download attack that creates a backdoor into the user s system. If you look at a typical kill chain, the activities conducted by a particular actor go through a sequence of steps that are very hard to detect. These steps do not always happen in immediate succession, and can span a long period of time. An attack can remain dormant until it is reactivated, especially once it has opened a backdoor. Many of these activities can happen without breaching the security perimeter either because they involve trusted users, devices, or applications, or because that perimeter is subject to the mobility of these users, devices, or applications. Stage 3 BACK DOOR Malware establishes a firewallpermeable communications channel, with a remote command/control center, then uses it to download more malware and instructions. Stage 5 DATA GATHERING The malware identifies critical data and prepares it for exfiltration. Stage 4 LATERAL MOVEMENT Malware probes and propagates to other internal systems and opens other backdoors in case the initial one is detected and closed. Stage 6 EXFILTRATE Targeted data is stolen, en masse, through the various backdoors. The threat actor may then request ransom, expose information, or sell it. 5
REASON 3: Consequences can be persistent: You may be vulnerable to continuous attacks. System infection can persist. When a breach is extensive, the targeted organization often remains compromised. Even after a threat is detected and the network cleansed, some systems can remain infected making them vulnerable to continuous attack. Defeating SaaS s evil twin: malware-as-a-service. Such compromised systems are made available through sites offering malware-as-a service, an expanding dark web industry that gives individuals and organizations an easy and inexpensive way to mount crippling attacks, such as DDoS, at will. 6
This is not a smartphone. It is a transmission device that shares information about everything you do. See what matters. 7
REASON 4: Intrusions take a long time to detect... and they have a long lease on life. Complex, nuanced attacks infiltrate and lurk within hidden areas of today s networks, often taking weeks to detect and even longer to contain. Meanwhile, the attacker can wreak havoc on an organization s business by continuing to exfiltrate data. In addition, businesses can face serious consequences, from breach notification and reporting mandates to fines and potential litigation. Worse yet can be the impact on trust: leery customers are likely to take their business elsewhere. 15 168 The median number of days from intrusion to detection for internally detected breaches.* The median number of days from intrusion to detection for breaches detected and reported by external parties.* * Trustwave Holdings, Inc. 2016 Trustwave Global Security Report. 2016. 8
REASON 5: SecOps pros face a perfect storm of challenges.* It s tough to be in cybersecurity operations these days. High-profile attacks are headline news, and the sheer volume of alerts can make it challenging to know what needs attention. SecOps pros face an expanding portfolio of responsibilities spread across myriad functions, technologies and processes. Skilled resources are stretched thin, with too few people covering too many responsibilities. Simplifying and automating key security operations processes must be a priority, along with adopting the right security technology architecture. User devices and apps not static (BYOD, BYOS) Emergence of big data Encryption of enterprise traffic Appliance performance degrades due to SSL No visibility into lateral threat propagation Data center transition to 100G Machine-to-machine data Internet of things (IoT) A significant percentage of malware uses encryption Perimeter security enables breaches anywhere Minimal SecOps staff Inadequate security skills Insufficient automation Simple trust model dissolves with boundaries * Cisco: Global Cloud Index. Dec, 2016. ESG Research: Network Security Trends, Oct, 2016. 9
REASON 6: Security fundamentals have changed. How we address threats has not. Albert Einstein defined insanity as doing the same thing over and over again and expecting different results. Unchanged security models simply cannot handle completely new breeds of hackers and new types of threats. Commercialized hacking tools, malware-as-a-service, and sophisticated multidimensional attacks are all becoming commonplace. At the same time, there is more data speeding across networks, more devices connecting from more places, and more widespread use of encryption. The whack-a-mole approach of adding new tools to address each of these problems creates a patchwork quilt that cannot cover everything and slows time to detection and containment and increases cost and complexity. TIME-TO-DETECTION AND TIME- TO-CONTAINMENT ARE TOO SLOW FUNDAMENTALLY UNCHANGED SECURITY MODELS EVOLVING TRAFFIC PATTERNS AND MOBILITY RISING USE OF ENCRYPTION 10
REASON 7: Ad-hoc security deployments have unintended consequences. Proliferation of security tools. Too many network security appliances of diverse types, at more places in the network, increase complexity and costs. Inconsistent view of traffic. Security appliances tied in at specific network points are often blind to traffic from other parts of the network. They also miss mobile users and apps as they circulate to other parts of the infrastructure. Contention for access to traffic. Too many tools trying to access traffic from the same points in the network: only one actually gets through. Blindness to encrypted traffic. Many security appliances can t see encrypted traffic and malware increasingly uses encryption to take advantage of this deficiency. Extraordinary costs. Management costs and complexity are soaring due to the proliferation of security tools across the network. Too many false positives. More security appliances create more false positives for SecOps staff to wade through. 11
This is not a router. It is a connection to the rest of the world. See what matters. 12
How can you optimize security in a landscape with so many challenges? Given the challenges outlined here from legacy approaches to complex persistent threats or increased burdens on SecOps what is the best approach to improving your overall security posture? You need to automate, simplify, and boost efficiency of your security operations so that you gain better control while optimizing your existing investments in core security tools. Automate Simplify Boost Efficiency Command and control for workflow Visibility Change control Fewer tools Less cost Less management/ operational overhead Decrease SecOps load Identify framework gaps Auditing Testing 13
A security delivery platform transforms your approach to security. You can automate, simplify, and boost efficiency of your security operations with a security delivery platform. Only Gigamon delivers a security delivery platform that lets you manage, secure, and understand what s happening with data in motion across your entire network and allows you to optimize your existing investments in security tools that help keep your organization safe. Next-generation Firewall Advanced Persistent Threat Data Loss Prevention User Behavior Analytics Centralized Tools SIEM Email Threat Detection APIs On-prem Data Center Remote Sites GigaSECURE Security Delivery Platform Physical Virtual Cloud Powered by GigaSMART Cisco ACI Private Cloud GigaVUE visibility nodes Metadata engine Application session filtering SSL decryption Inline bypass Public Cloud 14
Adopt a Defender Lifecycle Model: Rethink network security with GigaSECURE. The industry s first and only bona fide security delivery platform. GigaSECURE connects to your physical and virtual network, supporting both inline and out-of-band tools across multiple network segments simultaneously. Security tools link directly into GigaSECURE at their customary interface speeds, and then receive a high-fidelity stream of relevant traffic from across the network infrastructure. GigaSECURE delivers visibility into the lateral movement of malware, speeds the detection of exfiltration activity, and can significantly reduce the overhead, complexity, and cost of securing your entire network physical, virtual, and cloud. The Gigamon Security Delivery Platform provides an essential visibility foundation that allows you to adopt a Defender Lifecycle Model and shift the advantage away from attackers back to you. Prevention Basic Hygiene: Firewall, Endpoint, Segmentation, etc. Inline Bypass SSL Decryption Defender Lifecycle Model Detection Building Context: Big Data and Machine Learning Metadata Engine Application Session Filtering SSL Decryption Automated Prediction Triangulating Intent: Artificial Intelligence and Cognitive Solutions Metadata Engine Application Session Filtering SSL Decryption Automated Containment Taking Action: Firewalls, IPS, Endpoints, Routers Inline Enforcement GigaSECURE Security Delivery Platform Physical Virtual Cloud 15
Leverage the power of the Gigamon ecosystem. No platform stands alone, and the Gigamon Security Delivery Platform is no exception. Together, Gigamon and its ecosystem partners address all of your visibility and security requirements, so you can focus on what matters to your business. 16
Visit: www.gigamon.com/campaigns/see-what-matters or contact us at 408.831.4000 2017 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the Untied States and/or other countries. Gigamon trademarks can be found at www.gigamon. com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 1056-02 06/17