The IT security environment has changed significantly over the past decade. Ten years ago, network security was certainly challenging but straightforward. Most organizations had a single network ingress/egress entry point and protected it with a high performance firewall.
Today, the environment is completely different. Technologies like Internet of Things, cloud computing, software defined networking, BYOD and mobility have made IT much more complicated than ever before. The increase in IT complexity means more attack surfaces and more entry points that need to be protected. IT is now facing an asymmetric challenge where the security team must protect dozens or even hundreds of entry points where hackers merely have to find one way in. Putting a firewall at every possible entry point, which includes branch offices, wireless access points, consumer devices and IoT endpoints would be prohibitively expensive and complicated to manage.
Adding to the security challenge is the fact that network speeds keep increasing, particularly in the data center where 100Gigabit Ethernet network devices have recently become available. Faster speeds mean more packets being pushed through the network but the time between packets is also reduced so security tools need to process more packets, faster to be effective.
The rise in complexity combined with the exponential growth in network speeds has rendered traditional security methods about as effective as TSA. It’s my belief that security leaders need to fundamentally change the way they approach security and this means more than just investing in more vendors. The 2015 ZK Research Security Survey (I am an employee of ZK Research) revealed that large enterprises now have an average of 32 security vendors, which makes a complicated situation even worse.
To combat this problem, last year Gigamon (Gigamon is a ZK Research client) announced its GigaSECURE security delivery platform (SDP). Think of an SDP as a layer that sits between the network infrastructure and the security tools. The SDP can sort the data, time-stamp it, de-duplicate information, generate NetFlow and then pass the right data on to the various security tools plugged into the SDP.
Modern security has become a game of big data and analytics. The more, accurate data the tools have, the better the results. Gigamon’s SDP aggregates data, normalizes it and ensures the performance of the security tools is optimized. Because of this, the company now has over 35 security partners that leverage its data.
This week at the RSA security show, Gigamon announced the introduction of a Metadata Engine for it’s SDP. The Metadata Engine builds on the SDP and boosts the performance of security and event management systems (SEIM) by improving the speed of detection to help businesses find and expedite responses to breaches. There is a tremendous amount of data generated by networks and Gigamon’s Metadata Engine will aggregate a wide variety of information, or “network big data” and pass it on to the analytic platforms to be analyzed to gain new insights. Big data and analytic platforms have transformed the way companies do business and has the potential to change IT security.
The SIEMs, forensic engines and behavioral analytic tools can connect into Gigamon’s SDP and receive Metadata Engine data that includes:
- NetFlow/IPFIX records
- URL/URI information
- SIP request information
- HTTP response codes
- DNS queries
Future data include:
- DHCP queries
- Certificate information
- Custom data
As part of the launch, Gigamon announced a number of SIEM and security analytic partners including FlowTraq, Lancope (a Cisco company), LogRhythm, Niara, Plixr and SevOne.
Gigamon’s Metadata Engine should help organizations significantly improve their ability to find and remediate threats by providing a much greater level of network data and context to the security analytic tools. Legacy security methods will not work in this current environment. Many businesses are trying to use analytics as a way of modernizing security but these tools are only as good as the data fed into them. Gigamon’s SDP and Metadata Engine will ensure these tools are given the best information to provide the right insights quickly.