Aligning NetOps with SecOps: An Interview with Paul Hooper, CEO of Gigamon

Hollywood is generally bad at representing technology accurately in cinema. One rare exception, however, is when movie scripts include those big network command centers with teams of experts seated behind glowing monitors trying to make sense of data. As most practitioners know, this really is how NetOps works in most environments, albeit with a growing percentage of operation done virtually, especially for smaller companies.

The reason NetOps is done in this manner centers on visibility. Managing the computing and networking infrastructure of an organization requires real-time understanding of flows, connections, changes, disruptions, anomalies, and on and on. You cannot manage what you cannot see – and operations centers optimize such required visibility. But these centers also provide the perfect means for attending to an additional important consideration: Security.

One of the leaders in our industry providing suites of tools enabling visibility for both NetOps and SecOps is Gigamon. For years, the company has provided solutions for collecting and interpreting data in the context of rapidly changing networks and infrastructure. We caught up with Paul Hooper, CEO of Gigamon to learn more about this important alignment of cybersecurity with network for clear, real-time views of data.

EA: How does the Gigamon platform enable this important convergence of network and security operations?

PH: The objective of our platform is to leverage speed and agility to deliver visibility to the single source of truth: Network data. We see the need for security and network operations to work together to ensure that businesses remains open, and to deal with a daily barrage of threats. Stated simply: Teams must work together within a common infrastructure. The GigaSECURE Security Delivery Platform provides next-generation network packet broker capabilities which provide a built-for-security solution that moves data to where it needs to go. We see just as much enthusiasm for the solution from security teams as from networking teams. Our goal is to provide the highest level of data visibility so that effective detection and remediation by the appropriate security tools can proceed as efficiently as possible.

EA: Last year, you acquired a security company called ICEBRG. How has the ICEBRG product complemented existing Gigamon solutions?

PH: The acquisition has been quite successful in supporting our customers. As you might recall, ICEBRG was a natural extension to the Gigamon portfolio. In addition to managing data in motion, our expanded platform with ICEBRG can now store rich network metadata and run cyber security applications on that data store – some of which we author and sell, and some that other security ecosystem partners create. ICEBERG originally built and sold a network traffic analytics solution that we now call Gigamon Insight. Gigamon Detect and Gigamon Investigate are the initial Insight applications.

EA: That sounds interesting. Can you tell me some more about Gigamon Insight?

PH: While the traffic traversing your network enables your global business, it is also the conduit of entry and exfiltration for an attacker. What Insight delivers is the ability to generate powerful intelligence regarding attack vectors – across both individual networks and a global customer base – from network data which we have long believed to be the ultimate source of truth. This intelligence is then leveraged by powerful analytics to detect patterns that help identify the most dangerous attacks and quickly signal the need for containment and remediation.

EA: Paul, what is the effect of cloud and virtualization on cybersecurity visibility for enterprise?

PH: As organizations move their computing and application workloads into the public cloud, they need to have the same visibility to network traffic that they do for their on-premises environments, both for security and network monitoring needs. The same is true for virtual infrastructure. SecOps and NetOps leaders want to use the same tools across these varied environments, and Gigamon can ensure they can do just that. The result is an effective security solution for hybrid cloud with visibility support to deal with growing protection and also compliance needs.

EA: What are some trends you’re observing in your work with network and security teams?

PH: Over the last few years I have been explaining the changes required to secure our personal, commercial, and federal data. Numerous vendors offer the latest mousetrap to solve this challenge. But I think the mice are becoming too smart to fall for the next trap. Perhaps it is time to disrupt our thinking and take a completely different approach to managing the protection of information. While the mousetrap may still have its place, it’s time to ditch the old approach and turn to some new thinking. Suppose, for example, that you could analyze the patterns of mice movement across a global grid of homes. Patterns would emerge and home entry methods with highest likelihood of success would appear. Having this knowledge in real-time could alert you to take preventive action before your infrastructure experiences the same outcome. Once the attack is underway, it’s too late for traditional security solutions. As soon as one attacker has penetrated the perimeter and traversed to your mission-critical data, their footprint may be difficult to detect, leaving you exposed. It’s time to consider a new element to your security arsenal. As an industry, we need to turn the tables on the mice.