쫑콩아빠의 지금 이 순간...

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/tunneling-erspan-termination.html

Extend monitoring to remote sites and the cloud

The Tunneling feature is a licensable addition to the GigaSMART® engine that helps alleviate blindness of business-critical traffic at remote sites, virtualized data centers, or hosted in a public cloud. Tunneling is used in conjunction with Flow Mapping® technology to select traffic at remote sites that should be subject to additional inspection. That traffic subset can then be forwarded via IP/UDP or L2GRE encapsulation to centralized monitoring and security resources. Tunneling also works with GigaVUE-VM for VMware, GigaVUE-VM for OpenStack, and Visibility Platform for AWS to select and tunnel traffic from within virtual environments to the Gigamon® Visibility Platform via L2GRE tunnels. With Tunneling, physical networks can utilize cloud-based tools and load balance across multiple instances.

Benefits of the Tunneling feature

• Provides security teams with access to suspicious traffic anywhere within the organization, local or remote, physical or virtual.
• Eliminates the cost of deploying and managing tools at branch offices and remote sites.
• Preserves the processing power of hypervisors to handle workload, instead of management and monitoring.
• Immediately extends monitoring and security to new acquisitions or temporary installations until other arrangements can be made.
• Enables load balancing across multiple IP-addressable virtual and cloud-based tools.
• Allows operators to take advantage of existing Cisco NEXUS features by forwarding traffic via ERSPAN tunnels to the Gigamon Visibility Platform.

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/load-balancing.html

Logically divide traffic among ports

The Load Balancing feature is a licensable addition to the GigaSMART® engine that divides and distributes traffic among multiple tools, so network and security visibility can scale beyond the capacity a single tool can provide. Using effective load balancing techniques, traffic and requests can be distributed based on a variety of options: bandwidth, cumulative traffic, packet rate, connections, round robin, and stateless hashing.

Load Balancing allows operators to include any port in the node as a member of the tool group, as well as ports operating at different speeds. Operators can also use load balancing to weight server-traffic delivery on a per-port basis, to accommodate bandwidth differences or processing capabilities of attached tools, or match and load balance based on inner addressing within encapsulated and tunneled packets.

Benefits of the Load Balancing feature

• Helps scale network infrastructure by dividing traffic between two or more tools when volume exceeds a single tool or port's capacity.
• Improves efficiency by weighting traffic application delivery to match tool processing capabilities or port bandwidth capacity.
• Automatically redistributes traffic to remaining tools in case of tool failure. Automatically restores tool availability for new traffic upon failed tool recovery.
• Enables load balancing of encapsulated or tunneled traffic (GTP, GRE, or ERSPAN).
• GTP-aware load balancing helps mobile service providers ensure improved response time and performance for individual subscribers or groups.

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/masking.html

Protect sensitive data

The Masking feature of the GigaSMART® engine provides customizable data protection by overwriting specific packet fields with a set pattern. Sensitive information is safeguarded during network analysis.

Confidentiality and compliance are crucial for a broad range of government and private organizations alike. Regulations in the financial, insurance, and healthcare industries require that sensitive data be protected. Penalties for non-compliance of such regulations can be severe, resulting in fines or even imprisonment. Masking permanently obscures the data before sending it to security and monitoring tools. Regulatory and privacy compliance becomes easier because the sensitive data is never seen, processed or stored by these tools.

Benefits of the Masking feature:

• Supports compliance with stringent data protection regulations.
• Protects network and security engineers from inadvertently being exposed to sensitive or confidential data.
• Provides an added level of data protection in cases where network monitoring and analysis functions are outsourced.

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/packet-slicing.html

Eliminate unneeded packet data

The Packet Slicing feature of the GigaSMART® engine truncates packets while preserving the portion of the packet (the protocol headers) required for network analysis. Packet Slicing can parse variable header packets, starting slicing after a named header (IP, TCP, etc.) with or without VLAN and other tags. Thus, there's no need to rely on a fixed offset to slice packets.

Packet Slicing removes payload that may be irrelevant to network monitoring and security analysis. This reduces tool throughput and disk space while improving performance and data retention. It also removes sensitive data before it is stored, which makes regulatory and privacy compliance easier.

Benefits of the Packet Slicing feature

• Removes sensitive information from each packet, thus helping address compliance and confidentiality requirements.
• Improves tool performance by eliminating unnecessary transmission of unneeded packet payload.
• Increases storage capacity by giving tools more room to store the important portions of each packet.
• Increases data retention time on forensic or network recorders.
• Reduces needed disk space for backup traffic by up to 95%.

Packet Slicing: one of many GigaSMART features

GigaSMART® offers a number of other essential traffic intelligence services required for active visibility into infrastructure blind spots, including:

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/advanced-flow-slicing.html

Forward the First Set of Packets, then Slice or Drop the Rest

Inspecting long data flows hogs bandwidth and causes unnecessary processing burden on tools. (A flow is HTTP session or any general TCP/UDP session.)

GigaSMART® Advanced Flow Slicing application eliminates these issues by slicing  payloads and packets from long data flow. This allows network operation teams and service providers to forward the first set of packets in the flow, then slice or drop the rest — saving your bandwidth and increasing tool effectiveness.

Benefits of Advanced Flow Slicing:

• Reduces traffic sent to tools by more than 60% 
• Avoids costly tool upgrades to inspect unnecessary traffic
• Improves overall tool efficiency and effectiveness
• Retains complete visibility into each flow’s establishment

Advanced Flow Slicing is now part of our Gigamon NetVUE for Network Operations bundle.

How It Works

GigaSMART Advanced Flow Slicing reduces traffic sent to tools​ using a two-step intelligent slicing method:

1. You decide the first number of packets in a flow to analyze
2. Then either drop or slice subsequent packets in that flow

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/de-duplication.html

Data De-Duplication: Stop Overloading Your Tools with Duplicate Packets

Are duplicate packets weighing down your systems? Data duplication occurs when redundant copies of files and other data are generated within your network. Unfortunately, these additional copies take up vital storage space and computing power, decreasing network speed and efficiency.

With Gigamon, the problems associated with packet duplication are a thing of the past. Consider GigaSMART® De-duplication. GigaSMART De-duplication can revolutionize the way your business handles stored data.

What is De-duplication, and why is it important?

Even the most advanced networks and servers have only a finite amount of data storage. And that means if you want your system to run efficiently, you need to make sure that limited storage space isn’t being wasted on maintaining multiple copies of identical data — such as those created during a system backup. Data de-duplication is a process by which unnecessary duplicate data copies can be effectively eliminated from your system. Here’s how:

• Improve network speeds by eliminating redundant copies and duplicate packet storage
• Centralize data de-duplication and provide multiple tools with the same feed
• Gain better performance analytics and reduce false positive results
• Get faster, more accurate forensics and malware detection

Unburden your network from the weight of duplicate packets so it can run at hyper speed — packet de-duplication makes it all possible. Take advantage of our new bundled GigaSMART apps to optimize network visibility!

Don’t Let Duplicate Packets Drain Your Resources

Duplicate copies of packets can result in:

• Distorted results when analyzing your app or network performance
• False positives from your analysis tools for problems that don't exist
• Inaccurate flow data in NetFlow/IPFIX reports

Prevent packet duplication before it becomes a bigger issue for your network and security tools.

Selected Layer 3 and Layer 4 fields are configurable for duplicate detection, with detection intervals between 10-50,000 μs. Normal packet forwarding changes, such as the source and destination MAC addresses are ignored, ensuring the fidelity of transmitted packets.

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/ssl-tls-decryption.html

SSL/TLS as a Potential Threat Vector

SSL/TLS encryption is rising as enterprises face more stringent security mandates, need to ensure optimal SEO rankings, deploy more workloads to the cloud and make wider use of software-as-a-service (SaaS) applications. In fact, over 90 percent of internet traffic around the globe is now encrypted.[1]

Unfortunately, encryption isn’t limited to well-meaning parties. Consider that over 2.8 Million cyber-attacks in 2018 were hidden in encrypted traffic.[2] Cybercriminals use encryption to conceal malware, hide command-and-control traffic and cloak the exfiltration of stolen data.

Given the amount of encrypted traffic, including with the latest TLS 1.3 cryptographic protocol, the threat vector it now poses and the importance of traffic inspection for a  Zero Trust Posture, you need a way to efficiently decrypt SSL traffic, share it with tools and then re-encrypt it.

What is SSL Decryption/TLS Decryption?

To protect vital data, businesses and other organizations implement Transport Layer Security (TLS), commonly referred to as the superseded Secure Socket Layer (SSL), to encrypt data as it is exchanged over IP networks. SSL/TLS creates a secure channel between the server and the end users’ computer or other devices as they exchange information over the internet.

TLS is an industry standard based on a system of trusted rules and certificates issued by certificate authorities and recognized by servers. SSL was replaced by the TLS standard in 2015. In 2018, TLS 1.3 was standardized which mandates the use of Perfect Forward Secrecy for maximum security. Up to 40 percent of large enterprises have already instituted this latest incarnation.[3]

While protecting data, encryption also blinds network security and application monitoring tools. The decryption of SSL/TLS traffic is crucial for these tools. However, it is extremely computationally intensive and can introduce network latency.

The best architecture minimizes the decryption required to inspect all relevant traffic while offering legal and privacy controls. The centralized approach to decrypting SSL offered by Gigamon, decrypt once and feed all tools, provides such an architecture.

REQUEST A DEMO

GigaSMART Decryption

GigaSMART® SSL/TLS Decryption is a licensed application that enables information security, NetOps and applications teams to obtain complete visibility into SSL/TLS traffic regardless of protocol or application, so that they can monitor application performance, analyze usage patterns and secure their networks against data breaches and threats using encrypted communications.  Gigamon supports both inline/Man in the middle and passive/out-of-band decryption of SSL/TLS, meeting the diverse needs of your organization. Gigamon supports the latest TLS 1.3.

• SSL/TLS detection on any port or application
• 10 Mb to 100Gb interface support
• Decrypt once, share with any tools as many times as you need
• Strong crypto support including Diffie-Hellman Ephemeral, Elliptic Curves, Poly1305/ChaCha20
• Power controls over certificate validation, extending Certificate Revocation Lists and Online Certificate Status Protocol (OCSP)
• Integration with the Venafi Trust Protection Platform™ to centralize key management and validation
• Meet privacy and compliance requirements: included support for URL categorization

Take advantage of our new bundled GigaSMART apps and stay secure!

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/netflow-generation.html

NetFlow: Gain Visibility. Take Control.

NetFlow is an efficient method for delivering basic Layer 2–4 network traffic data to analysis tools. But extracting high-quality NetFlow using routers and switches can severely strain resources, leading to dropped packets. Other problems include reduced accuracy by relying on sampling and restricted interoperability due to limited format options.

The GigaSMART® NetFlow module overcomes these roadblocks by automatically generating NetFlow records and exporting them to your SIEMS, storage platforms and other tools. NetFlow from Gigamon has these advantages: 

• Offloads NetFlow generation load from routers and switches
• Provides full fidelity NetFlow intelligence vs. information derived from sampled packets
• Supports all formats, including IPFIX and CEF

Gigamon NetFlow provides network and security teams with visibility into traffic types across systems, including multi-cloud environments. This helps organizations catch denial of service attacks, data exfiltration and other security-related activities. Similarly, network- and application-performance management (NPM and APM) tools can quickly troubleshoot and remediate user experience concerns and ensure SLAs. 

NetFlow is now part of our new bundled GigaSMART apps offer.

Want to take NetFlow to the next level?

Expand your metadata choices to over 5,000 attributes and obtain Layer 7 insights. These include details on hundreds of social media, database, ICS, financial and many other types of applications. Find out how using Gigamon Application Metadata Intelligence.