Data Sheet GigaSECURE Cloud

Similar documents
Data Sheet Gigamon Visibility Platform for AWS

Solution Overview Gigamon Visibility Platform for AWS

Product Brief GigaVUE-VM

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

GigaVUE-FM. Data Sheet

Automated Traffic Visibility for SDDC Solution Guide

SYMANTEC DATA CENTER SECURITY

Cisco Cloud Application Centric Infrastructure

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

Cisco CloudCenter Solution Use Case: Application Migration and Management

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Check Point vsec for Microsoft Azure

Silver Peak EC-V and Microsoft Azure Deployment Guide

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Use Cases Application And Service Monitoring Eliminate contention for network data. Centralize Netflow/IPFIX Generation

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Veritas Backup Exec. Powerful, flexible and reliable data protection designed for cloud-ready organizations. Key Features and Benefits OVERVIEW

McAfee Public Cloud Server Security Suite

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

DevOps and Continuous Delivery USE CASE

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

MarkLogic Server. MarkLogic Server on Microsoft Azure Guide. MarkLogic 9 January, 2018

EBOOK. NetApp ONTAP Cloud FOR MICROSOFT AZURE ENTERPRISE DATA MANAGEMENT IN THE CLOUD

Modernize Your Backup and DR Using Actifio in AWS

Securing Your Amazon Web Services Virtual Networks

Securing Your Microsoft Azure Virtual Networks

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Best Practices in Securing a Multicloud World

The threat landscape is constantly

Features. HDX WAN optimization. QoS

Simplify Hybrid Cloud

HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY

VMware Hybrid Cloud Solution

Symantec Cloud Workload Protection

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

AWS Reference Design Document

EdgeConnectSP The Premier SD-WAN Solution

Cloud Confidence: Simple Seamless Secure. Dell EMC Data Protection for VMware Cloud on AWS

Enabling Efficient and Scalable Zero-Trust Security

Live traffic feeds are increasingly being used by the modern enterprise to gain visibility for security and operations management

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

UX - User Experience: Multi-Cloud Network Visibility

Address new markets with new services

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Software Defined Storage for the Evolving Data Center

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Pulse Secure Application Delivery

Qualys Cloud Platform

VMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS

Deploying Cisco SD-WAN on AWS

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

VMware vrealize Suite and vcloud Suite

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Cisco Tetration Analytics

Cloud Services. Infrastructure-as-a-Service

Cloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer

#techsummitch

OPEN COMPUTE PLATFORMS POWER SOFTWARE-DRIVEN PACKET FLOW VISIBILITY, PART 2 EXECUTIVE SUMMARY. Key Takeaways

The Gigamon Visibility Platform

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

CLOUDLENS PUBLIC, PRIVATE, AND HYBRID CLOUD VISIBILITY

Enhanced Threat Detection, Investigation, and Response

Check Point 4800 with Gigamon Inline Deployment Guide

Dimension Data IaaS Services. Gary Ramsay

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Citrix Tech Zone Citrix Product Documentation docs.citrix.com November 13, 2018

and public cloud infrastructure, including Amazon Web Services (AWS) and AWS GovCloud, Microsoft Azure and Azure Government Cloud.

Accelerate Your Enterprise Private Cloud Initiative

Network Behavior Analysis

BIG MON CONTROLLERS BIG MON ANALYTICS NODE. Multi-Terabytes L2-GRE 1/10/25/40/100G ETHERNET SWITCH FABRIC. Optional BIG MON BIG MON SERVICE NODES

Deploy F5 Application Delivery and Security Services in Private, Public, and Hybrid IT Cloud Environments

SOLUTION BRIEF NETWORK OPERATIONS AND ANALYTICS. How Can I Predict Network Behavior to Provide for an Exceptional Customer Experience?

VISIBILITY INTO CLOUD COMPUTING

Cisco Nexus Data Broker

Securely Access Services Over AWS PrivateLink. January 2019

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

DATACENTER AS A SERVICE. We unburden you at the level you desire

75% 64% Data Sheet GigaVUE-HC1

Benefits of Extending your Datacenters with Amazon Web Services

Use Cases Application And Service Monitoring Eliminate contention for network data. Centralize Netflow/IPFIX Generation

Design and deliver cloud-based apps and data for flexible, on-demand IT

Cloud Computing An IT Paradigm Changer

Ten things hyperconvergence can do for you

IXIA PHANTOM VTAP WITH TAPFLOW FILTERING

TALK THUNDER SOFTWARE FOR BARE METAL HIGH-PERFORMANCE SOFTWARE FOR THE MODERN DATA CENTER WITH A10 DATASHEET YOUR CHOICE OF HARDWARE

Enabling Long Distance Live Migration with F5 and VMware vmotion

Hybrid Cloud Management: Transforming hybrid cloud delivery

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

I D C T E C H N O L O G Y S P O T L I G H T. V i r t u a l and Cloud D a t a Center Management

Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate

Transcription:

Data Sheet GigaSECURE Cloud Intelligent network traffic visibility that enables enterprises to extend their security posture to Microsoft The rapid evolution of Infrastructure-as-a-Service (IaaS) brings instant advantages of economies of scale, elasticity, and agility to organizations seeking to modernize their IT infrastructures. Migrating workloads into the public cloud, however, introduces a new set of shared responsibilities and challenges primarily to manage, secure and understand all of its data now traversing the public cloud. The obvious challenges include inability to access all traffic in support of threat detection/response, application and network performance for the workloads. Current security and monitoring tools that operate in public clouds lack complete access to this data-in-motion. Highlights üüreduce risk One platform for across entire IT environment: one consistent method to acquire network traffic and apply traffic intelligence before distributing to multiple tools üüincrease ROI Re-use existing security tools across entire infrastructure üücost savings Leverage traffic intelligence to deliver the right traffic to the right tools üüensure SLA Tight integration with APIs to automatically detect instance changes in Virtual Networks (VNets) üücentralized visibility for security monitoring of all VNets in an enterprise Whereas a multi-agent approach to visibility is an option to address these challenges as shown in the Figure below on the left, such an approach overloads compute instances, increases application and bandwidth costs and forces an architecture redesign when adding new security and monitoring tools. An efficient and optimal solution is to use GigaSECURE Cloud as shown in the Figure below on the right. Web Tier App Tier SQL Database Virtual Network Tool Tier GigaSECURE Cloud GigaSECURE Cloud is an intelligent network traffic visibility solution that acquires, optimizes and distributes selected traffic to security and monitoring tools, enabling enterprises to extend their security posture to and accelerate the time to detect and mitigate threats to applications, while helping assure compliance. Web Tier App Tier SQL Database Virtual Network Tool Tier Visibility Tier üügain insight into traffic traversing VNets to effectively deliver summarized, critical data to security and monitoring tools 1

Accelerate Application Migration to the Cloud Using GigaSECURE Cloud, security architects can ensure an effective security posture, thereby accelerating the on-boarding of applications to. GigaSECURE Cloud, as shown below, acquires traffic with a single, lightweight agent installed on the workloads, i.e. Virtual Machines. The platform integrates with APIs to discover the cloud infrastructure, deploys visibility nodes in the Virtual Networks (VNets) that collect aggregated traffic from all the agents, and applies advanced traffic intelligence prior to sending selected traffic to security and monitoring tools. Internet APIs Web Tier REST APIs Business Tier Configure Policies NetFlow/IPFIX Data Tier Tunneling On Premises or Cloud Tools Virtual Network With this solution, organizations can take advantage of: Increased security: Centralized visibility for security monitoring of all VNets in an enterprise. Security operations and incident response teams can use network visibility to rapidly detect and respond to threats, vulnerabilities and compliance violations across the enterprise. Reduced data costs: Optimize costs with up to 100% visibility for security without increasing load on compute instances as more security tools are deployed. Acquire traffic once from compute instances and leverage traffic intelligence to optimize data to multiple tools. Specifically, with NetFlow, up to 99% reduction in data to tools can be achieved. 1 Operational efficiency: A common platform across the entire IT environment enables consistent insight into network traffic in as that in on-premises infrastructure. Acquire network traffic with minimal impact to VM utilization and apply traffic intelligence before distributing to multiple tools for analysis. Operational agility: Rapidly detect changes in VNets being monitored. Automatic Target Selection: A patented method to automatically extract network traffic of interest anywhere in the infrastructure being monitored without having to specify the specific target compute instances to monitor. Flexibility to perform the analysis of traffic anywhere. Automate and orchestrate visibility using open REST APIs 1 Based on Gigamon internal testing, November 2017 2

Platform Components GigaSECURE Cloud is comprised of multiple components that enable traffic acquisition, traffic aggregation, intelligence and distribution along with single-pane-of-glass orchestration and management of the solution. G-vTAP Agent The G-vTAP agent is a lightweight agent deployed in an VM. The agent mirrors traffic from the production instance and sends the mirrored traffic to GigaVUE V Series nodes. GigaVUE V Series The GigaVUE V Series are visibility nodes in an VNet that aggregate, select traffic of interest, optimize and distribute acquired traffic to multiple tools located anywhere. The provides centralized orchestration and management in, other public clouds (e.g. AWS) and other on-premises implementations across entire enterprises. The traffic policies can be configured using a simple drag-and-drop user interface. G-vTAP Controller and GigaVUE V Series Controller To support flexible deployment models such as hybrid deployments and multi-vnet deployments at scale, GigaSECURE Cloud leverages a controller-based architecture to proxy the command-and-control APIs while preserving existing Network Address Translation (NAT) or IP addressing schemes. The G-vTAP Controller is used to proxy commands from to the G-vTAP agents. The GigaVUE V Series Controller is used to proxy commands from to the GigaVUE V Series nodes. APIs G-vTAP Controller GigaVUE V Series Controller G-vTAPs VM Tunneling Target VM app to be monitored On Premises or Cloud Tools Control Traffic Monitored Data Traffic 3

Features and Benefits Solution Component G-vTAP Agent Lightweight agent deployed on a VM. Mirrors traffic and sends to GigaVUE V Series in visibility tier. GigaVUE V Series Visibility nodes that aggregate, select, optimize, and distribute traffic. Centralized management and orchestration. Key Features and Benefits Minimize Agent Overload Deploy one agent per VM vs. multiple agents per VM, i.e. one per security tool. This approach lowers impact on VM CPU utilization. Reduce Application Downtime Avoids need to redesign infrastructure to add new tool agents as applications scale out in or as more operational tools are added. Scalability As VMs scale out due to demand, the agent automatically scales due to the integration between, APIs. Minimize Production Changes Option to use either the production Network Interface (NIC) or a separate NIC to mirror the workload traffic. The separate NIC option allows customers to preserve application traffic policies. Traffic Aggregation Acquire and aggregate traffic from multiple VMs. The traffic is acquired from the VMs using VXLAN tunnels. Traffic Intelligence: Select, Optimize and Distribute Flow Mapping : Select Layer 2-Layer 4 traffic of interest with a variety of policies. Criteria can include IP addresses/subnets, TCP/UDP ports, protocols, instance tags etc. Advanced policies using overlapping rules and nested conditions can be specified. GigaSMART NetFlow and IPFIX generation: Generate flow records from any type of network traffic to determine IP source and destination of traffic, class of service, causes of congestion, etc. Header Transformation: Modify key content in the packet header to ensure security and segregation of sensitive information. This capability also enables support for overlapping subnets and protecting privacy of sensitive information in regulated environments. Other GigaSMART traffic intelligence functions: Optimize selected traffic by applying GigaSMART traffic intelligence to slice, sample, and mask packets to reduce tool overload. Distribute optimized traffic to multiple tools anywhere. Service Chaining Service chain multiple traffic intelligence operations dynamically based on tool needs. Elastic Scale and Performance Automatic Target Selection: Automatically extract traffic of interest anywhere in the infrastructure being monitored. Automatically scales based on varying number of VMs without lowering performance of visibility node. Centralized Orchestration and Management Centralized orchestration and single-pane-of-glass visualization of the platform across entire infrastructure public, private and hybrid. Traffic policies are defined using simple drag-and-drop user interface. Uses Software-Defined Networking constructs to configure traffic policies. Automation Tight integration with APIs to detect VM changes in the VNet and automatically adjust the visibility tier. Open REST APIs published by can be consumed by tools to dynamically adjust traffic received or to orchestrate new traffic policies. Topology View Auto discovery and end-to-end topology visualization of visibility tier and VM instances. 4

Minimum Requirements for the GigaSECURE Cloud Components Table 1: Recommended Minimum Compute Specifications Solution Component Minimum VM Type Description G-vTAP Agent Standard_B1ms Linux: Available as an RPM or Debian package. Windows: Available for Windows Server 2008/2012/2016 G-vTAP Controller Standard_B1ms Command-and-Control component for the G-vTAP agents GigaVUE V Series Node Standard_D2s_v3 Supports throughput up to 1000 Mbps. ENI 1: Data IP (mirrored traffic from G-vTAP) ENI 2: Tunnel IP (traffic to tools or on prem GigaVUE H/W) ENI 2: Management IP (commands from the controller) GigaVUE V Series Controller Standard_B1ms Command-and-Control component for the V Series Nodes Standard_D4s_v3 needs to be able to access both the controller instances for relaying the commands. automatically spins up additional V Series nodes based on a pre-defined configuration in the user interface. For on-premises requirements and ordering information, please refer to the Data Sheet. Based on the number of virtual TAP points, GigaVUE V Series nodes will be auto-launched by. Ordering Information, Renewals GigaSECURE Cloud, with all the solution components, can be consumed using the following options: Bring Your Own License (BYOL) GigaSECURE Cloud can be purchased as a subscription from Marketplace and Government (US). Table 2 below lists the SKUs for procurement. Table 2: Part Numbers for the Solution Part Number GFM-AZU-100 GFM-AZU-1000 Description Monthly Term license for traffic visibility up to 100 virtual TAP points in. Min Term is 3 months and includes Elite support Monthly Term license for traffic visibility up to 1000 virtual TAP Points in. Min Term is 3 months and includes Elite support Marketplace Metered GigaSECURE Cloud can be purchased as a subscription from the marketplace for 100 virtual tap points on an hourly basis. In this option, meters and charges the usage of the solution. Customers can register with Gigamon to obtain 24x7 Elite Support for no additional charge. 5

Note: Virtual TAP Point: Any end point from which traffic can be mirrored using the G-vTAP agent, for example, an NIC in an VM. A single VM could have multiple NICs that can be tapped. For example, if an application uses ten VMs with two NICs each, then the total Virtual TAP Points are 20. Try-and-Buy: Launch the BYOL offering in Marketplace for a 10 G-vTAP agent, 30-day trial of our solution. Refer to the ordering section to purchase additional term-based subscription. Licensing: Licenses are activated from. Renewal: For the BYOL model, notifies the customer of the term license expiration with advance notice of 30 days. Contact Gigamon for renewals. For a limited time immediately following introduction, Gigamon may offer GigaSMART NetFlow and IPFIX generation functionality with the purchase of GFM-AZU-100 or GFM-AZU-1000 at no additional charge. Support and Services Gigamon offers a range of support and maintenance services. For details regarding Gigamon s Limited Warranty and its Product Support and Software Maintenance Programs, visit www.gigamon.com/support-and-services/overview-and-benefits Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 4144-01 04/18 3300 Olcott Street, Santa Clara, CA 95054 USA +1 (408) 831-4000 www.gigamon.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback