Gigamon unveiled its Metadata Engine for their GigaSECURE Security Delivery Platform (SDP).
The solution centrally generates and aggregates contextual information about network traffic. It sends that metadata to the security analytics devices that can leverage the information.
The company said its Metadata Engine will ‘super-charge’ security information and event management systems (SIEMs), enabling forensics solutions and user behavioral analytics products to connect to its GigaSECURE Security Delivery Platform and receive output of the Metadata Engine, that includes:
- NetFlow/IPFIX records
- URL/URI information
- SIP request information
- HTTP response codes
- DNS queries
- DHCP queries (future)
- Certificate information (future)
- Custom data (future)
“We want to enable our customers to drastically improve their security posture by taking advantage of the latest trends in security analytics,” said Shehzad Merchant, CTO, Gigamon. “By enabling both context and packet based security analytics, Gigamon’s customers benefit by improving their ability to uncover intruder threats faster.”
http://www.gigamon.com
Gigamon Launches Security Visibility Platform for Advanced Persistent Threats
Gigamon introduced its "GigaSECURE" Security Delivery Platform for providing pervasive visibility of network traffic, users, applications and suspicious activity, and then delivering it to multiple security devices simultaneously without impacting network availability.
The idea is to counter Advanced Persistent Threats (APTs) by leveraging a traffic visibility fabric to extract scalable metadata across a network, including cloud and virtual environments, and thereby empower third party security applications. This enables improved forensics and the isolation of applications for targeted inspection. The company also said its solution is also able to deliver visibility to encrypted traffic for threat detection. The architecture supports inline and out-of-band security device deployments.
Gigamon's GigaSECURE is comprised of scalable hardware and software elements:
The GigaSECURE platform already supports a broad ecosystem of security partners and their respective security functions, including:
Advanced Malware Protection: Check Point, Cisco, Cyphort, FireEye and Lastline;
Behavior Analytics: Damballa, Lancope, LightCyber and Niara;
Forensics/Analytics: ExtraHop, PinDrop, RSA and Savvius;
IPS: Check Point and Cisco;
NGFW: Check Point, Cisco, Fortinet and Palo Alto Networks;
Secure Email Gateways: Cisco;
SIEMs: LogRythm and RSA;
WAFs: Imperva.
https://www.gigamon.com/
The idea is to counter Advanced Persistent Threats (APTs) by leveraging a traffic visibility fabric to extract scalable metadata across a network, including cloud and virtual environments, and thereby empower third party security applications. This enables improved forensics and the isolation of applications for targeted inspection. The company also said its solution is also able to deliver visibility to encrypted traffic for threat detection. The architecture supports inline and out-of-band security device deployments.
Gigamon's GigaSECURE is comprised of scalable hardware and software elements:
- Infrastructure-wide reach via GigaVUE-VM and GigaVUE nodes;
- High-fidelity, un-sampled Netflow/IPFIX generation;
- Application Session Filtering;
- SSL decryption; and
- Inline bypass capabilities.
The GigaSECURE platform already supports a broad ecosystem of security partners and their respective security functions, including:
Advanced Malware Protection: Check Point, Cisco, Cyphort, FireEye and Lastline;
Behavior Analytics: Damballa, Lancope, LightCyber and Niara;
Forensics/Analytics: ExtraHop, PinDrop, RSA and Savvius;
IPS: Check Point and Cisco;
NGFW: Check Point, Cisco, Fortinet and Palo Alto Networks;
Secure Email Gateways: Cisco;
SIEMs: LogRythm and RSA;
WAFs: Imperva.
https://www.gigamon.com/