Man kann nur schützen was man sieht - oder Zentrales Entschlüsseln von SSL/TLS Verkehr Rethinking Security

Similar documents
The Gigamon Visibility Platform

Rethinking Security: The Need For A Security Delivery Platform

Solution Overview Gigamon Visibility Platform for AWS

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Product Brief GigaVUE-VM

Data Sheet Gigamon Visibility Platform for AWS

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Data Sheet GigaSECURE Cloud

Automated Traffic Visibility for SDDC Solution Guide

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

Use Cases Application And Service Monitoring Eliminate contention for network data. Centralize Netflow/IPFIX Generation

Use Cases Application And Service Monitoring Eliminate contention for network data. Centralize Netflow/IPFIX Generation

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Imperva SecureSphere Appliances

PCI DSS Compliance. White Paper Parallels Remote Application Server

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

SYMANTEC DATA CENTER SECURITY

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

BIG MON CONTROLLERS BIG MON ANALYTICS NODE. Multi-Terabytes L2-GRE 1/10/25/40/100G ETHERNET SWITCH FABRIC. Optional BIG MON BIG MON SERVICE NODES

Using Visibility To Turn The Tables on Cybercriminals

Features. HDX WAN optimization. QoS

1V0-642.exam.30q.

DDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud

McAfee Virtual Network Security Platform

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Policy Enforcer. Product Description. Data Sheet. Product Overview

CLOUDLENS PUBLIC, PRIVATE, AND HYBRID CLOUD VISIBILITY

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Gigamon Metadata Application for IBM QRadar Deployment Guide

Cisco Cloud Application Centric Infrastructure

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

The Why, What, and How of Cisco Tetration

75% 64% Data Sheet GigaVUE-HC1

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Cisco Tetration Analytics

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Security for the Cloud Era

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Securing the Software-Defined Data Center

Corrigendum 3. Tender Number: 10/ dated

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Enterprise & Cloud Security

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

The Evolution of Data Center Security, Risk and Compliance

SECURING THE MULTICLOUD

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

ADC im Cloud - Zeitalter

ARIA SDS. Application

AWS Reference Design Document

VISION ONE: SECURITY WITHOUT SACRIFICE

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Data-Driven DevOps: Bringing Visibility to Any Cloud, Any App, & Any Device. Erik Giesa SVP of Marketing and Business Development, ExtraHop Networks

Compare Security Analytics Solutions

GigaVUE-FM. Data Sheet

Software-Defined Secure Networks in Action

VMware Hybrid Cloud Solution

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Snort: The World s Most Widely Deployed IPS Technology

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Cisco Nexus Data Broker

SIEM: Five Requirements that Solve the Bigger Business Issues

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

The Next Opportunity in the Data Centre

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer

Validating the Security of the Borderless Infrastructure

25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles

SOC AUTOMATION OF THREAT INVESTIGATION

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Connection Logging. Introduction to Connection Logging


Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Securing Your Amazon Web Services Virtual Networks

Exam Name: VMware Certified Associate Network Virtualization

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Intelligent Edge Protection

Securing VMware NSX MAY 2014

Security+ SY0-501 Study Guide Table of Contents

Service Mesh and Microservices Networking

Disclaimer CONFIDENTIAL 2

Connection Logging. About Connection Logging

Qualys Cloud Platform

McAfee Cloud Workload Security Product Guide

Security Considerations for Cloud Readiness

Check Point 4800 with Gigamon Inline Deployment Guide

SIEM Product Comparison

Transcription:

Man kann nur schützen was man sieht - oder Zentrales Entschlüsseln von SSL/TLS Verkehr Rethinking Security Stepan Svihla Sr. Sales Engineer Central & Eastern Europe

Corporate Overview THE ESSENTIAL ELEMENT OF YOUR SECURITY Gigamon is leading the convergence of networking and security. Our next generation network packet broker helps make threats more visible, deploy resources faster and maximize performance. HQ FOUNDED EMPLOYING SERVING NAMED Santa Clara California, USA 2004 707 employees Over 2,800 customers Market leader GLOBAL OFFICES CEO PATENTS VERTICALS 20 Countries *Feb 2018: Offices, employee and patent information **Q1 2018: Customer count Paul Hooper 51 Global patents issued Public Sector Financial Services Healthcare Retail Technology Service Providers 2018 Gigamon. All rights reserved. 2

Trusted by the World s Leading Organizations Gigamon Customers 7 of the top ten Global Banks 8 of the top ten largest Tech Companies 8 of the top ten Healthcare Providers 83 of the Fortune 100 10 of the top ten U.S. Federal Agencies 8 of the top ten Mobile Phone Network Operators Customer data from April 2018. List sources available upon request. 2018 Gigamon. All rights reserved. 3

Gigamon Customers Today Enterprise Federal Service Provider TECH GENERAL / MISC. RETAIL / SERVICE FINANCE HEALTH 2018 Gigamon. All rights reserved. 4

TM Gigamon Ecosystem Partners Security and Vulnerability Management Service Provider Performance Management Infrastructure 2018 Gigamon. All rights reserved. 5

The Data-in-Motion Dilemma Volume + Speed + Threats = Complexity + Risk + Cost Network Data Security tools do not scale as fast as data Volume Emergence of Big Data Data Center transition to 100Gb Internet of Things Machine to Machine 6.7ns available to process a network packet on a 100Gb link 6.8ZB of global data center traffic in 2016* 1.7PB of M2M traffic in 2017** Security Tool Time * Cisco Global Cloud Index: Forecast and Methodology, 2016 2021 White Paper. Cisco. Feb 2018. ** Statista Global machine-to-machine (M2M) data traffic from 2014 to 2019 (in petabytes per month) 2018 Gigamon. All rights reserved. 6

Today s Limitations Data Overload Yet Limited Visibility Irrelevant traffic Irrelevant traffic Irrelevant traffic SIEM APM / NPM IPS/APT/WAF LIMITED VISIBILITY LIMITED VISIBILITY LIMITED VISIBILITY DATA Physical, Virtual and Cloud Infrastructure 2018 Gigamon. All rights reserved. 7

New Levels of Security and Performance increased performance increased performance increased performance 141 Only relevant traffic 141 Only relevant traffic 141 Only relevant traffic IPS/APT/WAF SIEM APM / NPM 1 2 GigaSECURE SECURITY DELIVERY PLATFORM 3 Hell o Hel lo FULL VISIBILITY Hell o DATA He llo Physical, Virtual and Cloud Infrastructure He llo Hell o 2018 Gigamon. All rights reserved. 8

Classical Deployment Remote sites Internet Public cloud WAF 1 2 3 10 1112 IPS Firewall DLP 4 5 6 Routers Spine switches 13 1415 ATP SIEM 7 8 9 Leaf switches 16 1718 Forensics Virtualized server farm 2018 Gigamon. All rights reserved. 9

Security Delivery Platform Explained Remote sites Internet Public cloud 23 1 14 15 13 11 12 10 89 7 56 4 17 18 16 WAF ATP IPS SIEM DLP Forensics Firewall Routers SECURITY DELIVERY PLATFORM Spine switches Leaf switches Virtualized server farm Reach physical, virtual and cloud Metadata for improved forensics Targeted inspection Detection of encrypted threats Inline mode for visibility and control 2018 Gigamon. All rights reserved. 10

GigaSECURE Security Delivery Platform Remote sites Internet Public cloud 23 1 14 15 13 11 12 10 89 7 56 4 17 18 16 WAF ATP IPS SIEM DLP Forensics Firewall API Routers GIGASECURE SECURITY SECURITY DELIVERY DELIVERY PLATFORM PLATFORM Spine switches Leaf switches Virtualized server farm Reach Physical, physical, virtual Virtual and cloud and Cloud Metadata for improved Engine forensics Application Targeted Session inspection Filtering Detection SSL of encrypted Decryption threats Inline Inline mode for visibility Bypass and control 2018 Gigamon. All rights reserved. 11

Gigamon Data-in-Motion Visibility Platform Tools & Applications S ecurity E xperience M anagem ent P erform ance M onitoring A nalytics Tools and A pplications A PI Orchestration GigaVUE-FM API NSX Manager vcenter Traffic Intelligence Adaptive Packet Filtering Application Session Filtering De-duplication FlowVUE GTP Correlation Header Stripping Masking NetFlow and Metadata Generation Slicing SSL Decryption Tunneling Flow Mapping Clustering Inline Bypass GigaStream Visibility Nodes Intelligent Visibility Public Cloud Virtual Traffic Aggregators Network TAPs Any Network Data Center, Hybrid and Private Cloud Public Cloud Service Provider Networks Remote Sites 2018 Gigamon. All rights reserved. 12

RDY POWER TAP1 TAP2 TAP3 TAP4 ON/OF F USB RDY PWR FAN PTP PPS M/S Stack/PTP Mgnt / Con G1 / G2 G3 / G4 X1/X2 X3/X4 X5/X6 X7/X8 X9/X10 X11/X12 RDY POWER A1 B1 M1 A2 B2 M2 X1/X2 X3/X4 H/S The Core Product : Deployment Options Small Deployments Typical Data Center Deployments Large Data Center and Service Provider Deployments GigaVUE-HC1 10 / 100 / 1000Mb Copper 1 / 10Gb Fiber GigaVUE-HC2 10 / 100 / 1000Mb Copper 1 / 10Gb Fiber 40Gb & 100Gb Fiber GigaVUE-HC3 10Gb using breakouts* 40Gb Fiber 100Gb Fiber 2018 Gigamon. All rights reserved. 13

GigaVUE TA Series Features PORT EXPANSION Half-RU 16 x 10Gb patch panel option for 40Gb ports 12 x 10Gb Patch panel module for 16 M x 10Gb Series Patch Panel GigaVUE-TA10 G-TAP M Series PNL-M341 Patch Panel G-TAP M Series PNL-M343 Patch Panel GigaVUE-TA40 GigaVUE-TA100 2018 Gigamon. All rights reserved. 14

Use Cases

Eliminate SPAN Port Contention Few Span Ports, Many Tools Without Gigamon With Gigamon Switch with two SPAN session limitation Intrusion Detection System (IDS) Application Performance Management VoIP Analyzer Packet Capture Switch with two SPAN ports Intrusion Detection System (IDS) Application Performance Management VoIP Analyzer Packet Capture Customer is unable to use all tools! Customer has complete visibility for all tools! 2018 Gigamon. All rights reserved. 16

Limited Access to Environment Limited Tool Ports, Many Switches Without Gigamon With Gigamon Switch 1 Switch 1 Switch 2 Switch 2 Switch 3 Switch 3 Analysis tool with only 2 NICs Switch 4 Analysis tool with only 2 NICs Switch 4 Switch 5 n Switch 5 n Limited Connectivity to Full Environment Pervasive Access Can Connect to All Points in the Environment 2018 Gigamon. All rights reserved. 17

Run Multiple POCs in Parallel Accelerate Certification Of New Tools Without Gigamon With Gigamon POC #1 Vendor X Tool POC #2 Vendor Y Tool POC #3 Vendor Z Tool POC #1 Vendor X Tool Tool tested w/ NW Segment 4 weeks Tool tested w/ same NW Segment 4 weeks Tool tested w/ same NW Segment 4 weeks POC #2 Vendor Y Tool POC #3 Vendor Z Tool 1 month 2 month 3 month Customer performs each Proof-of-Concept (POC) serially at different times using different data 1 month 2 month 3 month Customer is able to run multiple POCs concurrently using same data 2018 Gigamon. All rights reserved. 18

Change Media and Speed 10, 40 Or 100Gbps Traffic To 1Gbps or 10Gbps Tools Without Gigamon Intrusion Detection System (IDS) With Gigamon GigaVUE Matches Your Network to Your Tools 10Gb 1Gb Application Performance Management VoIP Analyzer Packet Capture Intrusion Detection System Application Performance Management VoIP Monitor Packet Capture Customer migrates to a 10Gb network and 1Gb monitoring tools become useless Customer able to extend the life of their 1Gb network and security tools 2018 Gigamon. All rights reserved. 19

The Core Product: Inline Bypass Overview SCALING INLINE SECURITY TOOLS E.g. WAN router E.g. Firewall IPS IPS WAF Scalability Maximize tool efficiency Increase scale of security inspection tools Integrate inline, out-of-band, flow-based tools and metadata E.g. IPS E.g. WAF E.g. AT P E.g. Core switch ATP ATP ATP Operational Agility Add, remove, and upgrade tools seamlessly Migrate tools from detection to prevention modes (and vice-versa) Consolidate multiple points of failure into a single, bypass-protected solution *IPS: Intrusion Prevention System WAF: Web Application Firewall ATP: Advanced Threat Prevention 2018 Gigamon. All rights reserved. 20

Example Use Case for GigaVUE-HC2 Intrusion Prevention Systems Internet NetFlow Collector Intrusion Detection System Edge Routers NetFlow Generation SSL Decryption GigaStream Email Inspection Data Loss Prevention Core Switches Out-of-Band Malware 2018 Gigamon. All rights reserved. 21

Gigamon Inline SSL Visibility Solution SSL Session Leg 2 (encrypted) Inline Tool Group (decrypted traffic) 3 1 SSL Session Leg 1 (encrypted) 2 Web Monitor Tool (decrypted traffic) Highlights Servers and clients located internally or externally Private keys not needed RSA, DH, PFS can be used Supports inline and out-of-band tools 2 Out-of-Band Tool (decrypted traffic) Encrypted traffic Decrypted traffic Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change. 2018 Gigamon. All rights reserved. 22

Gigamon SSL Decryption Key Benefits Automatic SSL / TLS detection on any port or application Scalable interface support (1Gb 100Gb) Decrypt once. Feed many tools Strong crypto support: PFS, DHE, Elliptic Curve ciphers Certificate validation and revocation lists: strengthens organizations security posture Strong privacy compliance: categorize URL before decryption 2018 Gigamon. All rights reserved. 23

Respecting Data Privacy: URL Categorization File sharing Website (e.g. Dropbox) Internet Webroot Banking Website (e.g. Citi) Health care Website (e.g. Aetna) Inline tool (decrypted traffic) Supports up to 83 Web categories (Finance, Government ) Flexible policies based on multiple parameters (IP, Ports, VLAN, domain, categories) Whitelists and blacklists with over 5000 domain names 2018 Gigamon. All rights reserved. 24

NetFlow/IPFIX Generation Without Gigamon With Gigamon Challenges: High impact on routers and switches for generating NetFlow records Routers / switches generate sampled NetFlow which is inadequate for security Some routers do not support NetFlow, others have proprietary flow methods Without NetFlow, you can only instrument parts of your network for Deep Packet Inspection (DPI) Generating NetFlow Information: With NetFlow, you know where you need to DPI. Enable end-to-end security enforcement with visibility into every flow Ideal to detect Command and Control communications Validated with I ndustry-leading SIEM and NetFlow forensics collectors 2018 Gigamon. All rights reserved. 25

NetFlow Usage Network Monitoring Security Application Monitoring Network and capacity planning User/group monitoring and trending Troubleshooting network capacity problems Validation of QoS / ToS parameters Anomalous network behavior detection Attack discovery and mitigation Identification of compromised hosts Application discovery Application performance and impact monitoring Cloud performance monitoring Accounting Billing & Charge back 2018 Gigamon. All rights reserved. 26

NetFlow Generation Application Standards-based Flow Summarization & Analytics Flow Metadata Unsampled (1:1) NetFlow / IPFIX generation to detect low-and-slow attacks Filter records based on configurable parameters to predetermined tools Offload NetFlow/IPFIX generation from overloaded network infrastructure SIEM and NetFlow Forensics Integration Enable end-to-end security enforcement with visibility into every flow Ideal to detect Command and Control communications Validated with industry-leading SIEM and NetFlow forensics collectors Advanced Information Elements Optionally export URL info into custom elements in generated records Export records to up to six collectors supporting NetFlow v5 / v9 and IPFIX Leverage LLDP / CDP information to pinpoint network source 2018 Gigamon. All rights reserved. 27

Metadata Engine Without Gigamon With Gigamon Volume, types and amount of data overwhelm SIEMs Metadata Engine Benefits: High Performance Cost Savings Full visibility, better security 2018 Gigamon. All rights reserved. 28

Metadata Extensions - URL and Response Codes URL & HTTP RESPONSE CODES Identify suspicious communication to malicious servers Uncover Denial of Service & compromise of internal web servers Key Benefits Export URL collection from HTTP & SIP messages Detect possible server compromise with Redirects Detect potential DoS attacks if server unavailable Baseline normal activity and detect anomalies EXTRACTED FIELDS All Response codes including: 100 Continue 101 Switching Protocols 200 OK 201 Created 202 Accepted 203 Non-Authoritative Information (since HTTP/1.1) 204 No Content 301 Moved Permanently 302 Found 400 Bad Request 401 Unauthorized 402 Payment Required 403 Forbidden 404 Not Found 406 Not Acceptable 409 Conflict 2018 Gigamon. All rights reserved. 29

Metadata Extensions - DNS DNS EXTRACTED FIELDS C&C Bots DNS Discover malicious communications to C&C servers using DNS transactions dnsidentifier dnsopcode dnsresponsecode dnsqueryname dnsresponsename dnsresponsettl dnsresponseipv4addr dnsresponseipv6addr dnsdatalen Key Benefits Uncover domain lookups for malicious C2 servers Identify endpoints beaconing to C2 servers Identify suspicious DNS servers with low TTLs Identify rogue DNS servers in the network 2018 Gigamon. All rights reserved. 30

Metadata Extensions - Certificate Anomalies HTTPS CERTIFICATES Analyze HTTPS certificates for bad or suspicious certificates EXTRACTED FIELDS sslcertificatesubject sslcertificatevalidnotbefore sslcertificatevalidnotafter sslcetificateserialnumber sslcertificatesignaturealgorithm sslcertificatesubjectpubalgorithm sslcertificatesubjectpubkeysize sslcertificatesubjectaltname sslservernameindication Key Benefits Identify expired certificates in network Identify self signed certificates in network Identify certificates using weak cipher algorithms Identify anomalies and mismatches in certificate fields 2018 Gigamon. All rights reserved. 31

VMware ESX and NSX Visibility into virtualized Data Ceneter and the Private Cloud

Network Traffic Visibility For Cross Network Workloads Challenges VM VM VM VM VM VM SERVER SERVER VIRTUALIZE Hypervisor Hypervisor HOST HOST Switch Switch TRADITIONAL VISIBILITY SPAN on Switch Ports Physical TAPs VIRTUAL VISIBILITY CHALLENGES Blind spots for Inter-Host VM traffic Blind spots for Intra-Host VM traffic (blade center) Security and Application Monitoring are forcing considerations!!! 2018 Gigamon. All rights reserved. 33

Virtual Visibility: More Important Than Ever 5 REASONS WHY YOU MUST CARE 1. Security no longer an after-thought during virtualization 2. Increasing VM density with mission-critical workloads 3. Visibility into VM-VM traffic needed for Security and Application Performance Monitoring (APM) 4. Creating new virtual instances of tools affects workload performance 5. Automated visibility after VM migration GigaVUE-VM IDS VIRTUAL IDS VM1 VIRTUAL ANTI- MALWARE VIRTUAL APM VM VIRTUAL SWITCH HYPERVISOR HOST VIRTUAL SWITCH HYPERVISOR HOST ANTI-MALWARE APM 2018 Gigamon. All rights reserved. 34

SSL decryption: East- West- Traffic Decryption of East-West-Traffic within vmware Complete Visibility Architecture tweaking GigaVUE-VM GigaVUE-VM IDS HYPERVISOR HYPERVISOR ANTI-MALWARE HOST HOST APM 2018 Gigamon. All rights reserved. 35

GigaVUE-VM Light Footprint Virtual Machine, Not Kernel Module 2018 Gigamon. All rights reserved. 36

GigaVUE-VM: Virtual Workload Monitoring Enhanced for Software Defined Data Centers (SDDC) Virtual Traffic Policies vcenter integration Bulk GigaVUE-VM onboarding Virtual traffic policy creation Internet Tunneling SERVER I SERVER II Private Cloud GigaVUE-FM Automatic migration of monitoring policies Application Performance Network Management Security Production Network Tools and Analytics 2018 Gigamon. All rights reserved. 37

Key Benefits Securing Virtual Traffic in the Software Defined Data Center Visibility into inter-host or intra-host virtual traffic Pervasive Visibility Virtual + Physical Automated Visibility into virtual traffic with dynamic service insertion Help preserve investment of your security and monitoring infrastructure 2018 Gigamon. All rights reserved. 38

Amazon Web Services Visibility into Public Cloud

Visibility Hot Spots in a Sample Web Application East-West Hot Spots North-South Hot Spots 2018 Gigamon. All rights reserved. 40

Public Cloud Visibility Challenges and Gigamon Solution AWS AWS Region Region VPC ELB VPC ELB Web Tier ELB Tool Tier Gigamon Visibility Platform Web Tier ELB Visibility Tool Tier Tier GigaVUE-FM App Tier App Tier RDS RDS Tool Tier AZ AZ Inability to access all traffic Discreet vendor monitoring agents per instance Impacts workload and VPC performance Increases complexity Static visibility with heavy disruption Consistent way to access network traffic Distribute traffic to multiple tools Customize traffic to specific tools Elastic Visibility as workloads scale-out Elastic Load Balancing (ELB) Subnet Instances Tool Amazon Relational Database Service (RDS) Availability Zone (AZ) 2018 Gigamon. All rights reserved. 41

Deployment Examples: Hybrid Cloud Visibility Preserve Tool Investment AWS Region On-premise Data Center VPC ELB Web Tier 3 Visibility Tool Tier Tier Amazon EC2 APIs Amazon CloudWatch 1 2 GigaVUE-FM 1 2 Integrate with Amazon APIs Deploy Visibility Tier ELB App Tier RDS 3 Tool Tier 4 4 Tunneling Tool Tier 3 4 Copy EC2 instance traffic Aggregate and distribute customized traffic to tools AZ Elastic Load Balancing (ELB) Subnet Instances Tool Amazon Relational Database Service (RDS) Availability Zone (AZ) VPN Gateway VPN Connection Router Data Center 2018 Gigamon. All rights reserved. 42

2016 Gigamon. All rights reserved. Deployment Examples: Multi-VPC Visibility 2018 Gigamon. All rights reserved. 43

Multi-Cloud Deployments

Multi-cloud: Centralized Visibility and Security PRESERVE TOOL INVESTMENT Applications SecOps VPC Applications Web tier Visibility tier Tool tier Visibility tier Web tier Web tier Visibility tier GigaVUE-FM App tier Amazon CloudWatch Azure API Management AWS Direct Connect Azure ExpressRoute On-Premises Data Center Security, Performance Management, and Analytics Tools 2018 Gigamon. All rights reserved. 45

Multi-cloud: Hybrid Cloud Visibility PRESERVE TOOL INVESTMENT Elastic Load Balancing Web tier Visibility tier Amazon CloudWatch On-Premises Data Center GigaVUE-FM Azure API Management Visibility tier Azure Load Balancing Web tier Elastic Load Balancing Azure Load Balancing App tier Amazon RDS Tool tier Tunneling Tool Tier Tunneling Tool tier App tier Azure SQL Database Availability Zone Region Virtual Network 2018 Gigamon. All rights reserved. 46

2018 Gigamon. All rights reserved. 47

2018 Gigamon. All rights reserved. 48

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback