The ChallengeAdvanced persistent threats (APT) easily evade traditional security models and tools. Detecting multi-stage attacks that move laterally through the data center requires a pervasive, flexible and scalable security architecture. Adversaries will get into the network; the challenge is to detect, mitigate and stop their threat as soon as possible.

Integrated Solution FireEye Network Security combined with the Gigamon Security Delivery Platform offers customers flexible deployment options and scalability for optimal threat protection. With the Gigamon Security Delivery Platform enabling network-side visibility and options for both inline and out-of-band deployments, FireEye can detect and contain APTs quickly and efficiently.

Joint Solution Benefits• Scalable threat protection:

Distributes traffic from multiple network links across multiple FireEye appliances. Network upgrades don’t require tool upgrades.

• Comprehensive, adaptable traffic visibility: Helps ensure all physical, virtual and cloud network traffic is available to the FireEye appliances for swift analysis and action.

• Protect against network outages: Inline bypass protection maintains traffic continuity and minimizes maintenance windows.

• Decrypt SSL traffic once and send to multiple FireEye appliances for inspection and analysis.

IntroductionThe next generation of cyber attacks has changed radically from previous approaches. Targeted to get something valuable — sensitive or personal information, intellectual property, authentication credentials or insider information — the attacks can combine social engineering with multi-pronged technical approaches that individually are hard to detect, but together can be devastating. Each attack is multi-staged with steps to get in, to call back from the compromised network, to spread laterally, and to get valuables out. It is not enough to simply put up a firewall or intrusion prevention system to stop these attacks at the perimeter because legacy solutions often cannot spot or stop advanced persistent threat (APT) attacks.

There is no single, static, technical answer. A fast, robust and adaptable solution is needed. A solution that has comprehensive visibility across the network traffic; that can go from alert to fix in minutes and then scale service up or down as threats and needs evolve. The right solution is deployed wherever it is required, inline or out-of-band. It needs to have comprehensive visibility across the network to all traffic to protect valuable assets, keep malware away and help ensure security tools are used to their full potential.

By being vigilant and catching an incident early, security teams can reduce the overall impact — costly fixes, disrupted business, stolen information and damaged reputations.

The Gigamon and FireEye Joint SolutionFireEye Network Security combined with the Gigamon Security Delivery Platform offers customers flexible deployment options and scalability for optimal threat protection. With network-side visibility and options for both inline and out-ofband deployments, APTs can be spotted and contained quickly and efficiently.

FireEye and Gigamon have collaborated to offer customers the most flexible solution coupled with robust performance. The combination of FireEye Network Security and the Gigamon Security Delivery Platform architecture helps ensure traffic is analyzed and threats are detected in real time, allowing administrators to quarantine or delete harmful data before it damages their business operations. By tapping into the key points of the network the Gigamon Security Delivery Platform efficiently delivers traffic to FireEye Network Security Appliances, providing the visibility those devices need to do their job and allowing them maximum performance by ensuring duplicate and unnecessary traffic is filtered out before being sent for analysis.

Joint Solution Benefits• The Gigamon Security Delivery Platform provides visibility from physical, virtual and

cloud environments to FireEye Network Security appliances for inspection.• Move FireEye Network Security appliances between out-of-band and inline modes

with a single software command and without re-cabling, reducing change orders, network outages and deployment time.

• Deploy FireEye Network Security appliances inline using the Gigamon Security Delivery Platform Inline Bypass functionality to provide physical bypass traffic protection in the event of power loss and logical bypass traffic protection in the event of an inline tool failure.

J O I N T S O L U T I O N B R I E F

Real-Time Threat Protection with Enhanced Traffic Visibility

12/18

JOINT SOLUTION BRIEF | REAL-TIME THREAT PROTECTION WITH ENHANCED TRAFFIC VISIBILITY

Worldwide Headquarters 3300 Olcott Street, Santa Clara, CA 95054 USA+1 (408) 831-4000 | www.gigamon.com

© 2018 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

12/18

For more information on Gigamon and FireEye solutions, visit: www.gigamon.com and www.fireeye.com.

• The Gigamon Security Delivery Platform load balancing and aggregation features help ensure each FireEye Network Security appliance can be fully utilized regardless of network utilization and speed. Network upgrades don’t require tool upgrades.

• The Gigamon Security Delivery Platform Intelligently manages asymmetric traffic flows to ensure efficient performance of FireEye Network Security appliances.

• Decrypt SSL traffic for inspection, helping to expose malware hiding in SSL sessions.

Figure 1: Gigamon Security Delivery Platform and FireEye Network Security Joint Solution

Figure 2: Scaling Threat Prevention Tools with the Gigamon Security Delivery Platform

Signatureless, High-Accuracy Attack Detection with Low False Positive RatesPurpose built for security, the FireEye MVX engine detects multiple attack types:

• Known and unknown• Multiflow and multistage• Alarms that matter with low false positive rates

Internet

PublicCloud

RemoteSites

Routers

“Spine”Switches

“Leaf”Switches

VirtualizedServer Farm

Gigam

on Security Delivery Platform

INLIN

EO

UT-O

F-BAND

HeaderStripping

LoadBalancing

InlineBypass

SSLDecryption

POWERED BY

GigaSMART®

POWERED BY

GigaVUE-OS

NetFlowGeneration

Masking

FlowMapping®

ApplicationSession Filtering

De-duplication

ApplicationPacket Filtering

Clustering

PacketSlicing

Load Balancing

Out-of-Band to Inline

Scalability• Maximize tool e�cacy

• Increase scale of security inspection tools

• Integrate inline, out-of-band, flow-based tools and metadata

Monolithic Security Stack Gigamon Security Delivery Platform

Operational Agility• Add, remove and upgrade tools seamlessly

• Migrate tools from detection to prevention modes

• Consolidate multiple points of failure into a single, bypass-protected solution

FanPPS Rear

RdyPwr

M/S

Lock

PTPIEEE1588

StackMgmtPort

Mgmt

Con-sole

GigaVUE-HC2

1

1

2

3

4

X1 X3 X5 X7 X9 X11

X2 X4 X6 X8 X10 X12

X13 X15 X17 X19 X21 X23

X14 X16 X18 X20 X24GigaPORT-X24

X22

X1 X3 X5 X7 X9 X11

X2 X4 X6 X8 X10 X12

X13 X15 X17 X19 X21 X23

X14 X16 X18 X20 X24GigaPORT-X24

X22

X1X2

Rdy

Pwr BP

S-H

C0-

D25

B4G

X3X4

X5X6

X7X8

X9X10

X11X12

X13X14

X15X16

B MANET WORK 1

B MANET WORK 2

B MANET WORK 3

B MANET WORK 4

MO

DE

(M)

Off

= B

ypas

sO

n =

Inlin

e

SX / SR 62.5 um

PR

T-H

C0-

Q06

Rdy

Pwr

Q1 LNK

ENA

Q1 LNK

ENA

Q1 LNK

ENA

Q1 LNK

ENA

Q1 LNK

ENA

Q1 LNK

ENA

IPSWAN router

Next Gen Firewall

IPS

WAF

ATP

Core switch

ATP ATP ATP

IPS WAF