Secure Government with Gigamon · ˜ Support inline (e.g., WAFs, IPSes) and out-of-band (e.g.,...
Transcript of Secure Government with Gigamon · ˜ Support inline (e.g., WAFs, IPSes) and out-of-band (e.g.,...
Secure Government with GigamonVisibility into networks has never been more critical...1
WITHOUT Gigamon
Ad Hoc, Complex Security Deployments3
Risk1/3 of organizations have tools to inspect SSL-encrypted threats2
WITH Gigamon
GigaSECURE®:4
#GigamonTransformsSecuritywww.gigamon.com
Increasing ThreatVectors
Rising Useof Encryption
Perimeterless andCloud Environments
Changing Traf�cPatterns and Mobility
2 It’s time to rethink network security because...
Routers
“Spine”Switches
“Leaf”Switches
VirtualizedServer Farm
RemoteSites
PublicCloud:AWS
Internet
GigaSECURE Security Delivery Platform
Physical, Virtualand Cloud
ApplicationSession Filtering
SSLDecryption
InlineBypass
Anti-Malware(Inline)
Data LossPrevention
IntrusionDetectionSystem
Forensics Email ThreatDetection
IPS(Inline)
Improvedforensics
Targetedinspection
Detection ofencrypted threats
Connected securityapplications
API
AdvancedPersistent Threat
Data LossPrevention
User BehaviorAnalytics
SIEM Email ThreatDetection
Next-GenerationFirewall
MetadataEngine
A completenetwork-wide reach
PublicCloud:AWS
VirtualizedServer Farm
Anti-Malware(Inline)
AdvancedPersistent Threat
Anti-Malware(Inline)
AdvancedPersistent Threat
Anti-Malware(Inline)
AdvancedPersistent Threat
Data LossPrevention
SIEM /Big DataData Loss
PreventionSIEM /
Big DataData LossPreventionData LossPrevention
IntrusionDetectionSystem
User BehaviorAnalyticsIntrusion
DetectionSystem
IntrusionDetectionSystemIntrusion
DetectionSystem
User BehaviorAnalytics
ForensicsSIEM
ForensicsForensics
ForensicsSIEM
Email ThreatDetection
Email ThreatDetection
Email ThreatDetection
Email ThreatDetection
Email ThreatDetection
Email ThreatDetection
IPS(Inline)
Next-GenerationFirewall
Next-GenerationFirewall
Routers
“Spine”Switches
“Leaf”Switches
InternetRemote
Sites
© 2016-2017 Gigamon. All rights reserved. 1 Dan Conde, “Understanding the State of Network Security Today,” Enterprise Strategy Group, Jan 2017. Retrieved from https://www.gigamon.com/lp/esg-network-security-trends/index.html.2 “2016 Cyberthreat Defense Report (CDR),” CyberEdge Group, Jan 2016. Retrieved from https://cyber-edge.com/2016-cdr/3 Larry Ponemon, “2016 Ponemon Institute Cost of a Data Breach Study,” Ponemon Institute, June 2016. Retrieved from https://securityintelligence.com/media/2016-cost-data-breach-study/
Cost$4 million average costof a data breach3
Complexity85% of respondents feel NetSec is harder now than it was 2 years ago1
Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
“Across all industries (...), government organizations received the lowest security scores. It tracked 35 major data breaches among all government organizations between April 2015 to April 2016.” - SecurityScorecard - 2016 U.S. Government Cybersecurity Report.
© 2016-2017 Gigamon. All rights reserved.
Government and Military are Prime TargetsGovernment hacks and security breaches are skyrocketing. The federal sector has proven to be a prime target for malicious and covert cyber attacks.
Security, performance, forensic, and analyzer tools are only as effective as the communications and network traf�c they can see. A limited visibility into network traf�c will limit the ef�cacy of the security tool.
Data center consolidation, network upgrades to 10Gb, 40Gb, or 100Gb, the move to cloud and virtualization, big data analysis, and the need to comply with federal requirements, including the DHS’ Continuous Diagnostics & Mitigation (CDM), have dramatically increased the dif�culty for network and security managers to gain clear visibility into networks, leaving gapping holes in the execution of their security plans.
Certi�cationsRecent certi�cations Gigamon has earned to best serve the federal marketplace include:• Department of Defense Approved Product List (UC-APL)• DISA STIG and IPv6 compliant• FIPS 140—2 Validated• NIAP Common Criteria • Trade Agreement Act Compliant (TAA)• NEBS 3 compliant• Authorized to operate in US Department of Defense’s (DoD) Joint Regional Security Stack (JRSS)
and many other DoD, intelligence community and civilian agency networks
Contracts Gigamon works with industry partners to offer our products and services through a wide variety of federal government contracting vehicles, including:• General Services Administration Schedules Program (GSA) Schedule 70• NASA's Solutions for Enterprise-Wide Procurement (SEWP)• Several others
Government Codes CAGE: 4XKN9DUNS: 362737251
The GigaSECURE Security Delivery PlatformThe GigaSECURE Security Delivery Platform bridges legacy security tools with the architecture of the future. Whether for a single tool in one location or to extend the visibility across other agency locations, virtualized environments, and clouds, Gigamon has intelligent solutions available today.
As the leader in traf�c visibility solutions, Gigamon provides pervasive and continuous visibility across all network traf�c. GigaSECURE®, the industry’s �rst Security Delivery Platform delivers advanced intelligence to optimize your security tools and help adhere to appropriate network use, surface anomalies, normalize threats, and turn the tables on cyber attackers.
Features and Bene�ts� Continuous traf�c visibility across physical and virtual environments
� Eliminate the dependence on identifying static choke points within your network.
� Detect malware in encrypted communication channels
� Ensure the protection of sensitive encrypted data.
� Generate detailed �ow and session intelligence based on actual traf�c, not just a sample.
� Deliver only relevant traf�c streams to the right security appliances.
� Support inline (e.g., WAFs, IPSes) and out-of-band (e.g., IDSes, sandboxes, SIEMs) deployments.
� Load balance inline and out-of-band security appliances
� Bypass inline security appliances to preserve security posture in the event of failure.
� Reduce overhead, complexity, and costs associated with security deployments.
6077-03 04/17