Gigamon Fortifies Security Analytics with Certificate Metadata

Gigamon’s Metadata Generation Engine Enables Faster Detection of Attacks That Leverage Falsified Certificates

Santa Clara, Calif. and Las Vegas, Nev. (August 3, 2016)Gigamon Inc. (NYSE: GIMO), the leader in traffic visibility solutions, today announced that the Metadata Engine, a key part of the GigaSECURE® Security Delivery Platform (SDP), can now generate Hypertext Transfer Protocol (HTTP) Secure Sockets Layer (SSL) certificate metadata. Gigamon’s GigaSECURE expedites the time to detection of potentially malicious web servers and unwanted SSL communications by providing security analytics technologies with the information they need to identify invalid SSL certificates.

SSL-based attacks are on the rise and many phishing sites use fake SSL certificates to appear legitimate so that targets and infected machines will connect to them. Security analytics tools like Security Information and Event Management Systems (SIEMs) can spot these potentially harmful web communications by flagging inconsistencies in the fields of SSL certificates. Still, the certificate data needed for the detection can be difficult to retrieve pervasively and continuously from broad and distributed networks.

GigaSECURE can expedite anomaly detection by monitoring SSL certificate exchanges and providing metadata that includes indicators of potentially falsified certificates. Examples of the Gigamon-supplied metadata include, information about the issuing certificate authority, requested and responding domain names, dates of expiry, which ciphers are being used and whether the certificates are self-signed.

"Sifting through raw packet streams to identify malicious network activity can be a slow and cumbersome process in a world where real-time threat identification and remediation is critical," said Robert Lowe, Information Security Manager, Fannie Mae. "Gigamon's network visibility and new HTTP SSL certificate metadata capabilities provide an added layer of intelligence and the context needed to more quickly, effectively and efficiently protect both network infrastructure and data."

Certificate metadata lets Gigamon, together with its ecosystem partners in the security analytics and SIEM markets, leverage the network to shorten the time to detection and response.

“Organizations know that their network traffic contains a lot of potential intelligence that can help remediate breaches,” said Jai Balasubramaniyan, Director, Security Product Management, Gigamon. “Gigamon is revolutionizing big data security analytics by uniquely extracting metadata from this data-in-motion and delivering it at network speeds to security technologies that use it to detect and remediate threats faster.”

Delivered as one pillar of the GigaSECURE Security Delivery Platform, the Metadata Engine generates the following security analytics enabling information:

  • NetFlow/IPFIX records
  • URL/URI information
  • CDP/LLDP information
  • SIP request information
  • HTTP response codes
  • DNS queries
  • Certificate information

To explore the capabilities of the GigaSECURE Security Delivery Platform and learn more about the Metadata Engine, stop by booth 1307 at Black Hat USA 2016 or visit: https://www.gigamon.com/products/technology/netflow-and-metadata-generation

Follow @Gigamon and #BHUSA16 on Twitter for the latest updates from the event.

Gigamon

Gigamon (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. Gigamon’s Visibility Fabric™ and GigaSECURE, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprise, government, and service provider networks operate more efficiently and effectively. See more at www.gigamon.com, the Gigamon Blog, or follow Gigamon on Twitter, LinkedIn, or Facebook.