Gigamon unveiled its Metadata Engine for their GigaSECURE Security Delivery Platform (SDP).
The solution centrally generates and aggregates contextual information about network traffic. It sends that metadata to the security analytics devices that can leverage the information.
The company said its Metadata Engine will ‘super-charge’ security information and event management systems (SIEMs), enabling forensics solutions and user behavioral analytics products to connect to its GigaSECURE Security Delivery Platform and receive output of the Metadata Engine, that includes:
- NetFlow/IPFIX records
- URL/URI information
- SIP request information
- HTTP response codes
- DNS queries
- DHCP queries (future)
- Certificate information (future)
- Custom data (future)
Gigamon also announced a number of ecosystem partners supporting this approach: FlowTraq, Lancope, now a Cisco company, LogRhythm, Niara, Plixer and SevOne.
“We want to enable our customers to drastically improve their security posture by taking advantage of the latest trends in security analytics,” said Shehzad Merchant, CTO, Gigamon. “By enabling both context and packet based security analytics, Gigamon’s customers benefit by improving their ability to uncover intruder threats faster.”
Gigamon Launches Security Visibility Platform for Advanced Persistent Threats
Gigamon introduced its “GigaSECURE” Security Delivery Platform for providing pervasive visibility of network traffic, users, applications and suspicious activity, and then delivering it to multiple security devices simultaneously without impacting network availability.
The idea is to counter Advanced Persistent Threats (APTs) by leveraging a traffic visibility fabric to extract scalable metadata across a network, including cloud and virtual environments, and thereby empower third party security applications. This enables improved forensics and the isolation of applications for targeted inspection. The company also said its solution is also able to deliver visibility to encrypted traffic for threat detection. The architecture supports inline and out-of-band security device deployments.
Gigamon’s GigaSECURE is comprised of scalable hardware and software elements:
- Infrastructure-wide reach via GigaVUE-VM and GigaVUE nodes;
- High-fidelity, un-sampled Netflow/IPFIX generation;
- Application Session Filtering;
- SSL decryption; and
- Inline bypass capabilities.
Gigamon also highlighted its Application Session Filtering (ASF), a new, patent-pending GigaSMART application that can identifies applications based on signature or patterns that appear within a packet or packets. Once positively identified, ASF extracts the entire session corresponding to the matched application flow from the initial packet to the last packet of the flow, even if the match occurs well after the first packet. This allows an administrator to forward specific “traffic of interest” to security appliances thereby optimizing their operational efficiency and improving overall performance.
The GigaSECURE platform already supports a broad ecosystem of security partners and their respective security functions, including:
Advanced Malware Protection: Check Point, Cisco, Cyphort, FireEye and Lastline;
Behavior Analytics: Damballa, Lancope, LightCyber and Niara;
Forensics/Analytics: ExtraHop, PinDrop, RSA and Savvius;
IPS: Check Point and Cisco;
NGFW: Check Point, Cisco, Fortinet and Palo Alto Networks;
Secure Email Gateways: Cisco;
SIEMs: LogRythm and RSA;
WAFs: Imperva.
