If you're familiar with Gigamon, you likely know them as the market-leading vendor in the emerging "visibility fabric" space. The company's products provide businesses with pervasive and intelligent network data across physical and virtual environments. The GigaVUE portfolio delivers the appropriate network traffic to management tools and platforms. I've often said that "you can't manage what you can't see," and Gigamon provides the necessary visibility data so organizations can improve the management of their IT infrastructure.
However, Gigamon's information can also be used to help businesses improve their security posture. If you can't manage what you can't see, then it stands to reason that you can't secure what you can't see. One of the challenges with traditional security approaches is that it primarily focuses on preventing breaches, but once the perimeter has been penetrated, there's no way to detect it or remediate against it.
Also, security devices can be overwhelmed with data when all network traffic is sent to them. For example, why send all network traffic to an email filtering tool just to have it process the data and then drop all non-email traffic? Or better yet, why not just send it emails with attachments and hyperlinks, since that's where the malicious traffic comes from?
Another challenge is that many security tools sample the data at different rates. Some capture all data, some every few seconds, and some every few minutes. This causes inconsistent information and creates equally inconsistent threat information.
Gigamon's visibility infrastructure solves these challenges. This morning, the company announced an architecture called GigaSECURE, which is a security delivery platform (SDP). GigaSECURE can be thought of as the security equivalent of GigaVUE, a visibility platform for network management.
GigaSECURE is a timely release, as I believe that it's time for IT and security leaders to re-examine how to architect security. The perimeter is disappearing, and constantly throwing more money, tools, and people to solve an increasingly complex problem has diminishing returns. This ad hoc approach of adding more and more disparate systems and appliances is a good strategy, but it's not good enough today. It's time for businesses to understand and admit that breaches will occur; the question is, what happens after they do?
The key to solving the above security challenges and finding breaches faster is visibility. If the organization has the ability to see all the traffic across the network, then it can look for anomalies that can quickly identify possibly malicious traffic. Equally important, the traffic can be quarantined to minimize the “blast radius” of the threat. Contained traffic can't cause any additional harm, so it's important to keep the threat isolated as quickly as possible.
A security delivery platform enables the necessary visibility by providing the following:
- Pervasive visibility that spans all portions of the network.
- Visibility intelligence through the manipulation of traffic to direct the right traffic to the appropriate security device.
- Better scalability for security tools. The traffic manipulation removes the overhead of traffic processing from the appliance and enables it to do what it does best.
Additionally, the SDP reduces the requirement to have security appliances everywhere. Instead, security tools can be placed at strategic locations and the SDP can direct network-wide traffic to it. This has obvious cost advantages but also makes the management of security tools easier as IT no longer needs to manage a sprawl of devices.
Security and business leaders must accept the world for what it is today, and that is one where breaches are going to occur. Understanding that, the question for the security team is when a breach occurs, how it takes to find it and how its can impact be minimized. The GigaSECURE SDP can enable threat detection, containment, and remediation, particularly for threats inside the network. A security delivery platform should be considered as important to a security architecture as a firewall or any other security appliance.