Gigamon has introduced a new Defender Lifecycle Model to address the increasing speed, volume and polymorphic nature of network cyber threats. Focused on a foundational layer of pervasive visibility and four key pillars — prevention, detection, prediction and containment — the new model integrates machine learning, artificial intelligence (AI) and security workflow automation to shift control and advantage away from the attacker and back to the defender. Cybersecurity professionals today have come to terms with the inevitability of breaches, and cite two key factors:
- The speed of data traversing networks leaves insufficient time for decision-making on potential threats.
- The continuous growth in the number of attackers and the ecosystem of resources available to break through standard defenses and propagate undetected across most infrastructures.
The traditional security focus – instrumenting networks for prevention and concentrating resources on a perimeter that no longer can be defined – is increasingly ineffective in today’s environment. Organisations are hampered by limited visibility, extraordinary costs, growing infrastructure complexity and reliance on manual processes to address incidents.
“At 100Gb network speeds, the inter-packet gap of 6.7 nanoseconds surpasses an organisation’s ability to perform intelligent application security, threat detection or inspection,” said Shehzad Merchant, chief technology officer at Gigamon. “Security teams and technology are overwhelmed trying to manage and mitigate an increasing volume and variety of incidents. This machine-to-human fight favors the attacker leaving organisations severely disadvantaged.”
The Defender Lifecycle Model, with pervasive visibility into data-in-motion as its foundation, changes this dynamic and shifts to an automated machine-to-machine approach. It utilises a security delivery platform to deliver security services that can learn, detect, predict and contain threats throughout the attack lifecycle. The model integrates machine learning and AI-based technologies, while automating security workflows.
With this new model, security professionals can map out the role of various security products, gain a better understanding of overall security readiness and gaps and ultimately, strengthen their organisation’s overall security risk posture and efficiencies.
“The GigaSECURE? Security Delivery Platform provides the network visibility and control required for enterprises to implement the Defender Lifecycle Model,” said Ananda Rajagopal, vice president of products at Gigamon. “The platform provides the intelligence, scale and flexibility to integrate with security tools such as firewalls and intrusion prevention systems to automate and accelerate threat containment and mitigation.”
The industry recognises the need for integrated and automated security architectures. According to Gartner, “Strategies for business continuity and disaster recovery will fundamentally change as enterprise and information are spread everywhere. Continuous visibility and understanding of systems, services, assets and partners is needed as digital business infrastructure will be in a state of constant flux.”1
Gigamon continues to work with ecosystem partners including Cisco, Imperva, RSA and Vectra Networks to build out integrated security architectures that leverage the GigaSECURE Security Delivery Platform. The collaborative model is critical to help enterprises understand how to automate and eliminate human and process bottlenecks to more effectively stay ahead of threats.
“Automation is key for organisations to accelerate containment,” said Mike Adler, vice president of product for NetWitness Suite at RSA. “The ability to use security analytics to accurately identify advanced cybersecurity threats then to automatically contain these threats across the entire network is valuable to our joint customers.”
“Effective threat hunting and triage requires continuous visibility across the entire attack surface from cloud and data centre workloads to user and IoT devices,” said Mike Banic, vice president at Vectra. “With complete network visibility provided by the Gigamon Visibility Platform, Vectra artificial intelligence enables enterprises to scale real-time detection and accelerate responses to cyberattacks.”
“Siloed security systems and data cannot accelerate or provide a basis for advanced prevention, detection and remediation activities, nor for process-driven security management,” said Dan Cummins, senior analyst at 451 Research. “To address current threats and unseen risks ahead, organisations need to move towards a unified, collaborative and data-powered security framework that enables shorter cycle times for incident response and resolution while ensuring network performance and business continuity."