Gigamon has introduced the industry’s first visibility solution to support SSL/TLS decryption for high speed 100Gb and 40Gb networks. Part of the GigaSECURE Security Delivery Platform, the solution empowers companies to decrypt and re-encrypt their data once and inspect it with multiple best-of-breed security tools. This helps to expose hidden threats in SSL/TLS sessions, reduce security tool overload, and extend the value and return-on-investment (ROI) of existing security tools. “Traditional network security architectures are ineffective at supporting the explosive growth in high speed traffic and, more importantly, at identifying and stopping malware and data exfiltration that use encryption,” said Ananda Rajagopal, vice president of products for Gigamon. “Many security and monitoring tools become overloaded in 100Gb network environments, so it’s clear a new approach is needed. Our new solution enables enterprises to stop the sprawl by redeploying security tools from the edge of their network to the core, where it’s easier to spot lateral attacks and more quickly identify threats.”
Malware leverages SSL/TLS encryption to hide and avoid inspection. A Trustwave 2017 report[ii] estimates that 36 percent of malware samples analysed used some form of encryption. In 40Gb and 100Gb networks, decrypting, exposing and identifying hidden threats in encrypted traffic is increasingly more challenging since most security and monitoring tools do not support such speeds. In addition, a tool-by-tool approach is very complex, costly and inefficient. Research from NSS Labs[iii] indicates a performance degradation of up to 80 percent when security tools decrypt traffic and perform their specific security function. “By utilising Check Point’s Infinity architecture, which manages Next-Generation Threat Prevention gateways worldwide, Gigamon provides world-class performance and a resilient security architecture, enabling inline SSL protection for our largest customer deployments,” said Jason Min, head of business and corporate development, Check Point Software. “Our partnership with Gigamon delivers optimal performance and advanced threat prevention which is critical for enterprises in this era of veiled cyber threats.”
“It’s great to see the ‘decrypt once, inspect many times’ architectural approach that Gigamon is taking to inline SSL decryption. It’s an efficient approach that will help our customers and solution provider community take advantage of whichever security solutions best suit their business need,” said Matt Rochford, vice president of the cybersecurity group in Arrow Electronics’ enterprise computing solutions business.
The expansion of the GigaSECURE Security Delivery Platform is a continuation of the Gigamon security strategy which debuted in 2015 and was extended with metadata and public cloud visibility last year. This year the company announced its inline SSL/TLS decryption solution and introduced the Defender Lifecycle Model. When implemented, the Defender Lifecyle Model empowers cybersecurity professionals to use continuous network visibility to control and automate tasks between best-of-breed security tools in the continuum of prevention, detection, prediction and containment. Recently the company announced the extension of its public cloud offerings and new applications for Splunk and Phantom in support of the Defender Lifecycle Model. Gigamon continues to build on its vision with the expansion of its security offerings for both public cloud and on-premises infrastructure. GigaSECURE, a Security Delivery Platform
This solution includes:
- GigaVUE® visibility nodes, such as the GigaVUE-HC2 or GigaVUE-HC3.
- GigaSMART® module corresponding to the selected visibility node.
- An inline bypass module to provide resiliency in 10, 40 or 100Gb networks.
- Ability to activate desired security modules including SSL/TLS Decryption, Application Session Filtering, and NetFlow/Metadata Generation.