“Given the multitude and magnitude of breaches around the world, it is no surprise that the industry needs to reexamine how security is architected and deployed,” said Scott Haugdahl, senior architect at Blue Cross Blue and Shield of Minnesota. “A Security Delivery Platform gives security administrators an advantage that they’ve never had until now by allowing them to gain pervasive, multi-tier visibility into malware and breaches within the environment.”
A Security Delivery Platform: Addressing the Threat Within
Reversing the asymmetry between the network attacker and defender has been an elusive industry goal. An attacker needs but one vulnerability to exploit, whereas a defender needs to protect all aspects of their infrastructure. Once inside, a cybercriminal often goes unnoticed for months, as detecting their presence is akin to finding a needle in a haystack.
A Security Delivery Platform tips the scales back in the favor of network defenders by dramatically enhancing the deployment architecture of security systems and third party security applications through new capabilities that include:
· Providing network wide reach, including cloud and virtual environments;
· Offering scalable metadata extraction for improved forensics;
· Isolation of applications for targeted inspection;
· Delivering visibility to encrypted traffic for threat detection; and
· Supporting inline and out-of-band security device deployments.
“The increasing network complexity and the ad hoc approach to security appliance deployments have resulted in blind spots, extraordinary costs, security device contention for access to traffic and too many false positives,” said Jon Oltsik, senior principal analyst at ESG. “A Security Delivery Platform helps eliminate many of the security architectural deficiencies that have led to so many high-profile breaches.”
GigaSECURE – The Industry’s First Security Delivery Platform
GigaSECURE is comprised of scalable hardware and software elements that provide security administrators with unparalleled visibility and capability for bolstering the effectiveness of their third party security systems and instrumentation. Key features of GigaSECURE include:
· Infrastructure-wide reach via GigaVUE-VM and GigaVUE® nodes;
· High-fidelity, un-sampled Netflow/IPFIX generation;
· Application Session Filtering;
· SSL decryption; and
· Inline bypass capabilities.
In particular, Application Session Filtering (ASF), a new, patent-pending GigaSMART application, provides a powerful filtering engine that identifies applications, based on signature or patterns that appear within a packet or packets that form the application flow of network traffic. Once positively identified, ASF extracts the entire session corresponding to the matched application flow from the initial packet to the last packet of the flow, even if the match occurs well after the first packet. This allows an administrator to forward specific “traffic of interest” to security appliances thereby optimising their operational efficiency and improving overall performance.
“One of the greatest threats to an enterprise today comes from the threat within,” said Karin Shopen, product marketing Director at Palo Alto Networks. “Because the GigaSECURE Security Delivery Platform sheds light on insider initiated threats, it can provide complementary visibility to the network traffic that Palo Alto Networks sees and can help customers further enforce security policies on traffic that might otherwise go unseen.”
“To be effective, a security appliance needs to be able to access the right network traffic stream,” said Ed Barry, VP Cyber Security Coalition at FireEye. “The GigaSECURE Security Delivery Platform addresses that challenge by providing the relevant, necessary traffic to the appropriate security device, without impacting the production network.”
GigaSECURE – Broad Support and Interoperability Across the Security Ecosystem
The GigaSECURE platform already supports a broad ecosystem of security devices and their respective security functions, including:
· Advanced Malware Protection: Check Point, Cisco, Cyphort, FireEye and Lastline;
· Behavior Analytics: Damballa, Lancope, LightCyber and Niara;
· Forensics/Analytics: ExtraHop, PinDrop, RSA and Savvius;
· IPS: Check Point and Cisco;
· NGFW: Check Point, Cisco, Fortinet and Palo Alto Networks;
· Secure Email Gateways: Cisco;
· SIEMs: LogRythm and RSA;
· WAFs: Imperva.
“The industry is facing a new challenge in security – how to detect, mitigate and remediate the threat from within,” said Todd Weber, VP of partner research and strategy at Accuvant and FishNet Security, soon to be Optiv. “It’s no longer of a question of stopping a breach at the perimeter or host level. One of the things that organisations need is pervasive visibility that gives security personnel the insights to see everything in their network in order to quickly contain and remediate suspicious traffic.”
“As a solutions provider to the government and large enterprises, our customers expect us to furnish not just products but solutions that have been designed for long-term benefit,” said Ryan Morris, Sr. director of operations at BAI Federal. “With the GigaSECURE Security Delivery Platform enhancing our customers’ options for architecting security, we consider it a timely and essential addition to the security arsenal.”