1 / 17

The Dynamic World of Threat Detection , Containment & Response

The Dynamic World of Threat Detection , Containment & Response. Opportunities and Challenges. The World of IT continues to evolve. IT owned. Static Management and Security Tools. Mobile. Network. Contained. Virtual. Servers. In house. User owned. Limitless. Data. Devices.

fritzi
Télécharger la présentation

The Dynamic World of Threat Detection , Containment & Response

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Dynamic World of Threat Detection, Containment & Response

  2. Opportunities and Challenges The World of IT continues to evolve IT owned Static Management and Security Tools Mobile Network Contained Virtual Servers In house User owned Limitless Data Devices Physical Dynamic Infrastructure Cloud Applications Fixed

  3. Opportunities and Challenges The World of IT continues to evolve IT owned Static Management and Security Tools Mobile Network Contained Virtual Servers In house User owned Limitless Data Devices Physical Dynamic Infrastructure Cloud Applications Fixed

  4. Visibility: The Enabler for Security Anatomy of an Attack Cloaking complete Cloning & ‘go mobile’ Information extraction Attack commences Assessing the infrastructure Pilot probe attack Cloaking starts Data extraction or manipulation Intrusion commences Identifying targets Window of Exposure The “Golden Hour” Damage & scale assessment Alert & notification Second-wave detection Security established Anomaly detected Elimination Early stage containment Infrastructure wide response Attack identified

  5. Two Architectures; Two Approaches “Wall and Watch” “Wall” – in band “Watch” – out of band • Limit the opportunities • Block the known attacks • Monitor traffic profiles • Alert to anomalies • Broad-scale monitoring • Signature behavior • Leverage multiple measures • The front-line against the unknown • Limitations • Limitations • Requirements • Requirements • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale • Highly available architecture • Line-rate performance • Infrequent configuration changes • Powerful filtering capability • Multi-point triangulation • The more pervasive, the greater the value • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows”

  6. Two Architectures; Two Approaches “Wall and Watch” “Wall” – in band “Watch” – out of band • Requirements • Requirements • Highly available architecture • Line-rate performance • Infrequent configuration changes • Powerful filtering capability • Multi-point triangulation • The more pervasive the greater the value • Limitations • Limitations • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows”

  7. Two Architectures; Two Approaches “Wall and Watch” “Wall” – in band “Watch” – out of band • Limitations • Limitations • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows”

  8. Networks were Static and Simple Application Performance Network Management Security TOOLS

  9. Networks are Dynamic and Complex Application Performance Network Management Security TOOLS

  10. Networks demand a New Approach Application Performance ApplicationPerformance Network Management Network Management TOOLS Security Security CENTRALIZED TOOLS

  11. The Fabric Intelligence Packet Identification, Filtering and Forwarding Packet Modification, Manipulation and Transformation Physical Deduplication ABACCABACB ABC Packet Slicing A B C A B C A B C A B C Application Performance Virtual Time Stamp Network Management Flow Mapping Network GigaSMART Tools Security Dynamic power to control traffic selection

  12. The Benefits of Visibility Fabric Legacy Approach Visibility Fabric • Pervasive • Simple • Cost Effective • Centralized • Scalable • Limited Visibility • Static • Expensive • Distributed • Constrained

  13. Enabling Best-of-Breed Selections Security Application Monitoring Network Management Tools Network The Middleware with Any Network, and Any Tool

  14. The Advantages of Gigamon – GigaBPS Traffic offload – Application-aware traffic profile

  15. The Demand is Clear Organization Size: Employees (000s) Organization Revenue ($B) Vertical Independent Survey Results from December 2011

  16. Visibility Fabric Addressing the Limitations “Wall” – in band • Limitations • Heartbeat monitoring • Intelligent traffic distribution • Establishes a ‘Dynamic DMZ’ enabling rapid response • Single point of failure • Potential bottleneck • Dependent upon “Maintenance windows” “Watch” – out of band • Limitations • “Flow Mapping” filtering • Selective traffic forwarding • Scalability to serve some of the largest networks on the planet • Risk of over-subscription • Famine or Feast: SPAN or TAP • Increasing tooling demand & expanding network scale

  17. Thank you Paul Hooper Vice President, Gigamon

More Related