Accelerate Time to Detection
To detect threats in a network you need to provide the right data to the right security tools. For most security teams, there’s simply too little time, too few resources and too much data to efficiently find potential security threats. With the increased use of SSL encryption, network virtualization and security segmentation, how do you ensure that your tools are receiving all the right information and not being overloaded?
The Gigamon Visbility and Analytics Fabric delivers only the specific type of data required by security and monitoring tools to assess the network for threats. The Gigamon next-generation network packet broker generates metadata and optimized data packets specifically tuned to the security tool that is receiving it to boost threat detection efficacy across the enterprise.
The Choice Is Yours: Metadata or Raw Packet Data
The Value of Metadata
Metadata provides summarized information about raw network packets based on Layer-4 and Layer-7 information. With it, organizations gain insight into:
- Critical details about the flow - for example, 5-tuple, protocol information
- Application-level insights based on Layer-7 traffic information
- Traffic flows across on-premises and public cloud infrastructures
Our Metadata Generation capability includes NetFlow, a network protocol used to collect statistics on IP traffic information, such as IP source, destination of traffic, class of service and causes of congestion. NetFlow provides insight into traffic types and usage patterns across systems, enabling enterprises to catch denial of service attacks, data extraction and other events that represent a security risk.
By offloading metadata generation to the Gigamon Visibility and Analytics Fabric, enterprises can:
- Save time and money by not sending raw data to analytics tools.
- Reduce false positives by separating signals from noise.
- Accelerate threat detection through proactive, real-time traffic monitoring versus reactive forensics.
- Reduce High CPU utilization issues in routers and switches.
The Value of Raw Packet Data
Although packet data contains valuable information, the exponential growth of data is causing tool overload. Detection tools, such as data loss prevention (DLP), intrusion detection system (IDS) and advanced threat prevention (ATP) tools, are unable to accurately assess all packets for threats.
The Gigamon Visibility and Analytics Fabric can gather raw data – from the edge to the core to the cloud – and optimize and deliver it to security tools to enhance their threat detection ability across the entire network. The Gigamon solution includes core intelligence and GigaSMART® applications that enable organizations to reduce the burden on their detection tools. For example:
- Flow Mapping® takes line-rate traffic and sends it through a set of user-defined map rules to security tools. Organizations can optimize tool performance and drive down costs.
- SSL/TLS Decryption helps manage increasing volumes of encrypted traffic. Organizations can ensure that tools focus on their primary functions while circumventing unnecessary appliance sprawl and related costs, complexity and the potential to introduce latency.
- De-duplication eliminates redundant packet information, speeding up forensics and malware detection and reducing the load required to store duplicate packets.
VIDEO
Operating the Right InfoSec Program
Tools do not have to do decryption. SSL decryption does it better.
WHITEPAPER
Gigamon Intelligent Flow Mapping
Learn how Flow Mapping provides granular control over distinct traffic streams to optimize tool performance.
ANALYST REPORT
Why Gigamon Should be on Your Radar for Security
Gigamon offers a next-generation network packet broker for security.
Our Partnership
IBM QRadar SIEM delivers analytics-based security intelligence to help security operations and incident response teams detect anomalies and defend against advanced threats.
Our Partnership
Phantom automates and orchestrates key stages of security operations from prevention and detection to triage and resolution.
Our Partnership
Splunk delivers analytics-based security intelligence to security operations and incident response teams.
Training: Using Metadata for Enhanced Security
Learn how the Gigamon Visibility and Analytics Fabric uses metadata to accelerate threat detection.
“The performance of the Gigamon Visibility and Analytics Fabric has been exceptional. I don’t even know where the ceiling is because we haven’t even come close to hitting it. Everything that we’ve wanted to do with the company’s solution, we’ve been able to do.”
Neil R. “Grifter” Wyler • Network Operations Center Lead • Black Hat
Related Pages
NETWORK VISIBILITY
Visibility and Analytics Fabric
Deliver a smarter, more proactive approach to monitoring and security.
TRAFFIC INTELLIGENCE
GigaSMART®
Optimize traffic sent to your tools.
TRAFFIC INTELLIGENCE
NetFlow and Metadata Generation
Use flow data to gain insights and take action.
USE CASE
Threat Prevention
Stop intrusions before they start.
- ©Gigamon 2020