Seeing Encrypted Virtual Traffic without Decryption

0:00

Welcome to the Gigamon Tech Hub video series.

0:05

Hi, my name is Yazhini Rajesh, and in this video, we will cover Gigamon breakthrough technology, Precryption. 

0:11

What if I told you you could now access encrypted data without decryption? Yes, you heard it right. Let's see how to do this.

0:19

Now, using Gigamon Fabric Manager, we’re going to see the before and after Precryption. So, I'm going to go into my monitoring session here, and I have my container up traffic, which is basically my IPv4 traffic going into two tools—one is FireShark, and the other is Security Onion.

0:36

So, Security Onion is a tool that allows the user to monitor their network, and if any alerts happen, it tells the user “Hey, this is a malware file that has been detected, or a suspicious route access that's been detected, or so on.”

0:51

So, now what I'm going to do is I'm going to make sure that my Precryption is turned off. So, go into options and scroll down; my Precryption is currently turned off.

1:00

So, I'm going to go into this IRS malware site that I have and download this file.

1:08

Now, if I come back to my Security Onion and refresh, I'm not going to see any alerts here. This is for the past 4 minutes. So, I'm going to come back here, turn on Precryption and deploy this.

1:19

So, now if I go back to my website, the malware site that I have, and download it again. So, I'm just going to download this again. Now if I go back to my Security Onion, I'll be able to see that a malware was detected.

1:35

So, I'm going back to my Security Onion tool, and if I hit refresh, I can see that a suspicious root axis was detected, and a malware file was detected as well.

1:47

This is how Precryption helps reveal concealed thread activity in the cloud.

1:54

To watch the full Tech Hub series, check out gigamon.com/techhub.