SSL-based attacks are on the rise and many phishing sites use fake SSL certificates to appear legitimate so that targets and infected machines will connect to them. Security analytics tools like Security Information and Event Management Systems (SIEMs) can spot these potentially harmful web communications by flagging inconsistencies in the fields of SSL certificates. Still, the certificate data needed for the detection can be difficult to retrieve pervasively and continuously from broad and distributed networks.
GigaSECURE can expedite anomaly detection by monitoring SSL certificate exchanges and providing metadata that includes indicators of potentially falsified certificates. Examples of the Gigamon-supplied metadata include, information about the issuing certificate authority, requested and responding domain names, dates of expiry, which ciphers are being used and whether the certificates are self-signed.
"Sifting through raw packet streams to identify malicious network activity can be a slow and cumbersome process in a world where real-time threat identification and remediation is critical," said Robert Lowe, Information Security Manager, Fannie Mae. "Gigamon's network visibility and new HTTP SSL certificate metadata capabilities provide an added layer of intelligence and the context needed to more quickly, effectively and efficiently protect both network infrastructure and data."
Certificate metadata lets Gigamon, together with its ecosystem partners in the security analytics and SIEM markets, leverage the network to shorten the time to detection and response.
“Organisations know that their network traffic contains a lot of potential intelligence that can help remediate breaches,” said Jai Balasubramaniyan, Director, Security Product Management, Gigamon. “Gigamon is revolutionising big data security analytics by uniquely extracting metadata from this data-in-motion and delivering it at network speeds to security technologies that use it to detect and remediate threats faster.”
Delivered as one pillar of the GigaSECURE Security Delivery Platform, the Metadata Engine generates the following security analytics enabling information:
- NetFlow/IPFIX records
- URL/URI information
- CDP/LLDP information
- SIP request information
- HTTP response codes
- DNS queries
- Certificate information
