joint solution brief real-time threat protection with ... · traffic visibility: helps ensure all...
TRANSCRIPT
The ChallengeAdvanced persistent threats (APT) easily evade traditional security models and tools. Detecting multi-stage attacks that move laterally through the data center requires a pervasive, flexible and scalable security architecture. Adversaries will get into the network; the challenge is to detect, mitigate and stop their threat as soon as possible.
Integrated Solution FireEye Network Security combined with the Gigamon Security Delivery Platform offers customers flexible deployment options and scalability for optimal threat protection. With the Gigamon Security Delivery Platform enabling network-side visibility and options for both inline and out-of-band deployments, FireEye can detect and contain APTs quickly and efficiently.
Joint Solution Benefits• Scalable threat protection:
Distributes traffic from multiple network links across multiple FireEye appliances. Network upgrades don’t require tool upgrades.
• Comprehensive, adaptable traffic visibility: Helps ensure all physical, virtual and cloud network traffic is available to the FireEye appliances for swift analysis and action.
• Protect against network outages: Inline bypass protection maintains traffic continuity and minimizes maintenance windows.
• Decrypt SSL traffic once and send to multiple FireEye appliances for inspection and analysis.
IntroductionThe next generation of cyber attacks has changed radically from previous approaches. Targeted to get something valuable — sensitive or personal information, intellectual property, authentication credentials or insider information — the attacks can combine social engineering with multi-pronged technical approaches that individually are hard to detect, but together can be devastating. Each attack is multi-staged with steps to get in, to call back from the compromised network, to spread laterally, and to get valuables out. It is not enough to simply put up a firewall or intrusion prevention system to stop these attacks at the perimeter because legacy solutions often cannot spot or stop advanced persistent threat (APT) attacks.
There is no single, static, technical answer. A fast, robust and adaptable solution is needed. A solution that has comprehensive visibility across the network traffic; that can go from alert to fix in minutes and then scale service up or down as threats and needs evolve. The right solution is deployed wherever it is required, inline or out-of-band. It needs to have comprehensive visibility across the network to all traffic to protect valuable assets, keep malware away and help ensure security tools are used to their full potential.
By being vigilant and catching an incident early, security teams can reduce the overall impact — costly fixes, disrupted business, stolen information and damaged reputations.
The Gigamon and FireEye Joint SolutionFireEye Network Security combined with the Gigamon Security Delivery Platform offers customers flexible deployment options and scalability for optimal threat protection. With network-side visibility and options for both inline and out-ofband deployments, APTs can be spotted and contained quickly and efficiently.
FireEye and Gigamon have collaborated to offer customers the most flexible solution coupled with robust performance. The combination of FireEye Network Security and the Gigamon Security Delivery Platform architecture helps ensure traffic is analyzed and threats are detected in real time, allowing administrators to quarantine or delete harmful data before it damages their business operations. By tapping into the key points of the network the Gigamon Security Delivery Platform efficiently delivers traffic to FireEye Network Security Appliances, providing the visibility those devices need to do their job and allowing them maximum performance by ensuring duplicate and unnecessary traffic is filtered out before being sent for analysis.
Joint Solution Benefits• The Gigamon Security Delivery Platform provides visibility from physical, virtual and
cloud environments to FireEye Network Security appliances for inspection.• Move FireEye Network Security appliances between out-of-band and inline modes
with a single software command and without re-cabling, reducing change orders, network outages and deployment time.
• Deploy FireEye Network Security appliances inline using the Gigamon Security Delivery Platform Inline Bypass functionality to provide physical bypass traffic protection in the event of power loss and logical bypass traffic protection in the event of an inline tool failure.
J O I N T S O L U T I O N B R I E F
Real-Time Threat Protection with Enhanced Traffic Visibility
12/18
JOINT SOLUTION BRIEF | REAL-TIME THREAT PROTECTION WITH ENHANCED TRAFFIC VISIBILITY
Worldwide Headquarters 3300 Olcott Street, Santa Clara, CA 95054 USA+1 (408) 831-4000 | www.gigamon.com
© 2018 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
12/18
For more information on Gigamon and FireEye solutions, visit: www.gigamon.com and www.fireeye.com.
• The Gigamon Security Delivery Platform load balancing and aggregation features help ensure each FireEye Network Security appliance can be fully utilized regardless of network utilization and speed. Network upgrades don’t require tool upgrades.
• The Gigamon Security Delivery Platform Intelligently manages asymmetric traffic flows to ensure efficient performance of FireEye Network Security appliances.
• Decrypt SSL traffic for inspection, helping to expose malware hiding in SSL sessions.
Figure 1: Gigamon Security Delivery Platform and FireEye Network Security Joint Solution
Figure 2: Scaling Threat Prevention Tools with the Gigamon Security Delivery Platform
Signatureless, High-Accuracy Attack Detection with Low False Positive RatesPurpose built for security, the FireEye MVX engine detects multiple attack types:
• Known and unknown• Multiflow and multistage• Alarms that matter with low false positive rates
Internet
PublicCloud
RemoteSites
Routers
“Spine”Switches
“Leaf”Switches
VirtualizedServer Farm
Gigam
on Security Delivery Platform
INLIN
EO
UT-O
F-BAND
HeaderStripping
LoadBalancing
InlineBypass
SSLDecryption
POWERED BY
GigaSMART®
POWERED BY
GigaVUE-OS
NetFlowGeneration
Masking
FlowMapping®
ApplicationSession Filtering
De-duplication
ApplicationPacket Filtering
Clustering
PacketSlicing
Load Balancing
Out-of-Band to Inline
Scalability• Maximize tool e�cacy
• Increase scale of security inspection tools
• Integrate inline, out-of-band, flow-based tools and metadata
Monolithic Security Stack Gigamon Security Delivery Platform
Operational Agility• Add, remove and upgrade tools seamlessly
• Migrate tools from detection to prevention modes
• Consolidate multiple points of failure into a single, bypass-protected solution
FanPPS Rear
RdyPwr
M/S
Lock
PTPIEEE1588
StackMgmtPort
Mgmt
Con-sole
GigaVUE-HC2
1
1
2
3
4
X1 X3 X5 X7 X9 X11
X2 X4 X6 X8 X10 X12
X13 X15 X17 X19 X21 X23
X14 X16 X18 X20 X24GigaPORT-X24
X22
X1 X3 X5 X7 X9 X11
X2 X4 X6 X8 X10 X12
X13 X15 X17 X19 X21 X23
X14 X16 X18 X20 X24GigaPORT-X24
X22
X1X2
Rdy
Pwr BP
S-H
C0-
D25
B4G
X3X4
X5X6
X7X8
X9X10
X11X12
X13X14
X15X16
B MANET WORK 1
B MANET WORK 2
B MANET WORK 3
B MANET WORK 4
MO
DE
(M)
Off
= B
ypas
sO
n =
Inlin
e
SX / SR 62.5 um
PR
T-H
C0-
Q06
Rdy
Pwr
Q1 LNK
ENA
Q1 LNK
ENA
Q1 LNK
ENA
Q1 LNK
ENA
Q1 LNK
ENA
Q1 LNK
ENA
IPSWAN router
Next Gen Firewall
IPS
WAF
ATP
Core switch
ATP ATP ATP
IPS WAF