Network Visibility for Cyber

Fact: Experienced system engineers (like me) tend to be suspicious of any network management or monitoring tools that haven’t been stress tested in a live deployment for at least a decade. Yes, we fully understand the modern accelerated timescales of DevOps, and time-to-market delivery, and on-demand computing, and so on. But I’ll say it again: Mature engineers prefer solutions not born yesterday.

So, it was with great interest that I re-introduced myself to the network visibility solutions from Gigamon. I knew all about their network capture, traffic aggregation, and visibility appliances from my years in telecom, but I was less familiar with how these robust solutions extended to cyber security. What I discovered is that they’ve managed to combine the best of time-tested with new into their visibility solution.

My tour guide to the new Gigamon Security Delivery Platform was the Company’s Chief Marketing Officer, Kim DeCarlis. With nearly a quarter of a century of experience in our industry, Kim understands how cyber security solutions fit into enterprise, so I knew her insights would help me better position the role of Gigamon in modern hybrid architectures. Here is a summary of what I learned:

First, Kim reminded me that cyber security is best integrated into any architecture from within, rather than as an after-the-fact overlay. While network monitoring and visibility solutions have long since become embedded into enterprise and infrastructure fabric, their mission is rooted in traditional control and monitoring functions for traffic. This includes flow optimization, load balancing, de-duplication, and troubleshooting.

Security teams soon came to recognize, however, the importance of these functions for adjacent protection tasks on a network. Specifically, the visibility afforded network operators from powerful monitoring tools provided an effective base for more extensive security objectives. These included packet and session filtering, SSL/TLS decryption, and support for tunneling. Most network teams support these familiar functions today.

Kim explained that Gigamon has been at the forefront of these security tasks for years. But it's not been until recently, with the growth and intensity of serious, nation-state originated attacks, that the real value of embedded, integrated network monitoring and management has become fully known. “Security delivery platforms use their unique network vantage points to stop the most intense cyber breaches,” Kim explained.

The concept behind Gigamon’s platform is that traffic visibility at the network infrastructure level supports advanced data investigation. Security analytics at the application level can be superficial if network threats are ignored, often because traffic capacity can exceed the processing capability of commercial platforms. Mature network visibility solutions avoids these limitations: Gigamon tools scale to carrier speeds.

One area where network visibility addresses emerging threats is hybrid cloud. As the enterprise extends to SaaS across a range of public clouds, the supporting network provides a wealth of information about unusual flow patterns, unexpected HTTP response codes, and unwanted traffic. These indicators can be found in captured metadata – and network management tools are designed specifically for this task.

Kim and I spent time discussing whether Gigamon’s platform is visibility for cyber security, or cyber security for visibility – and we agreed that this question complicates the sales process. Regardless of the proper customer interpretation, advanced network analysis at line speed is a powerful means for addressing cyber security in modern hybrid architectures. I think this can be a real game-changer.

If you have responsibility for enterprise network visibility or security solutions, then I suggest you contact the Gigamon team and then share back with us what you learn.