the dynamic world of threat detection containment response
Download
Skip this Video
Download Presentation
The Dynamic World of Threat Detection , Containment & Response

Loading in 2 Seconds...

play fullscreen
1 / 17

The Dynamic World of Threat Detection, Containment Response - PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on

The Dynamic World of Threat Detection , Containment & Response. Opportunities and Challenges. The World of IT continues to evolve. IT owned. Static Management and Security Tools. Mobile. Network. Contained. Virtual. Servers. In house. User owned. Limitless. Data. Devices.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The Dynamic World of Threat Detection, Containment Response' - fritzi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
opportunities and challenges
Opportunities and Challenges

The World of IT continues to evolve

IT owned

Static Management and Security Tools

Mobile

Network

Contained

Virtual

Servers

In house

User owned

Limitless

Data

Devices

Physical

Dynamic Infrastructure

Cloud

Applications

Fixed

opportunities and challenges1
Opportunities and Challenges

The World of IT continues to evolve

IT owned

Static Management and Security Tools

Mobile

Network

Contained

Virtual

Servers

In house

User owned

Limitless

Data

Devices

Physical

Dynamic Infrastructure

Cloud

Applications

Fixed

visibility the enabler for security
Visibility: The Enabler for Security

Anatomy of an Attack

Cloaking

complete

Cloning &

‘go mobile’

Information

extraction

Attack

commences

Assessing the

infrastructure

Pilot probe

attack

Cloaking

starts

Data extraction or manipulation

Intrusion

commences

Identifying

targets

Window of Exposure

The “Golden Hour”

Damage & scale

assessment

Alert &

notification

Second-wave

detection

Security

established

Anomaly

detected

Elimination

Early stage

containment

Infrastructure

wide response

Attack

identified

two architectures two approaches
Two Architectures; Two Approaches

“Wall and Watch”

“Wall” – in band

“Watch” – out of band

  • Limit the opportunities
  • Block the known attacks
  • Monitor traffic profiles
  • Alert to anomalies
  • Broad-scale monitoring
  • Signature behavior
  • Leverage multiple measures
  • The front-line against the unknown
  • Limitations
  • Limitations
  • Requirements
  • Requirements
  • Risk of over-subscription
  • Famine or Feast: SPAN or TAP
  • Increasing tooling demand & expanding network scale
  • Highly available architecture
  • Line-rate performance
  • Infrequent configuration changes
  • Powerful filtering capability
  • Multi-point triangulation
  • The more pervasive, the greater the value
  • Single point of failure
  • Potential bottleneck
  • Dependent upon “Maintenance windows”
two architectures two approaches1
Two Architectures; Two Approaches

“Wall and Watch”

“Wall” – in band

“Watch” – out of band

  • Requirements
  • Requirements
  • Highly available architecture
  • Line-rate performance
  • Infrequent configuration changes
  • Powerful filtering capability
  • Multi-point triangulation
  • The more pervasive the greater the value
  • Limitations
  • Limitations
  • Risk of over-subscription
  • Famine or Feast: SPAN or TAP
  • Increasing tooling demand & expanding network scale
  • Single point of failure
  • Potential bottleneck
  • Dependent upon “Maintenance windows”
two architectures two approaches2
Two Architectures; Two Approaches

“Wall and Watch”

“Wall” – in band

“Watch” – out of band

  • Limitations
  • Limitations
  • Risk of over-subscription
  • Famine or Feast: SPAN or TAP
  • Increasing tooling demand & expanding network scale
  • Single point of failure
  • Potential bottleneck
  • Dependent upon “Maintenance windows”
networks were static and simple
Networks were Static and Simple

Application Performance

Network Management

Security

TOOLS

networks are dynamic and complex
Networks are Dynamic and Complex

Application Performance

Network Management

Security

TOOLS

networks demand a new a pproach
Networks demand a New Approach

Application Performance

ApplicationPerformance

Network Management

Network Management

TOOLS

Security

Security

CENTRALIZED

TOOLS

the fabric intelligence
The Fabric Intelligence

Packet Identification, Filtering and Forwarding

Packet Modification, Manipulation and Transformation

Physical

Deduplication

ABACCABACB

ABC

Packet Slicing

A B C

A B C

A B C

A B C

Application

Performance

Virtual

Time Stamp

Network

Management

Flow Mapping

Network

GigaSMART

Tools

Security

Dynamic power to control traffic selection

the benefits of visibility fabric
The Benefits of Visibility Fabric

Legacy Approach

Visibility Fabric

  • Pervasive
  • Simple
  • Cost Effective
  • Centralized
  • Scalable
  • Limited Visibility
  • Static
  • Expensive
  • Distributed
  • Constrained
enabling best of breed selections
Enabling Best-of-Breed Selections

Security

Application Monitoring

Network Management

Tools

Network

The Middleware with Any Network, and Any Tool

the advantages of gigamon gigabps
The Advantages of Gigamon – GigaBPS

Traffic offload – Application-aware traffic profile

the demand is clear
The Demand is Clear

Organization Size: Employees (000s)

Organization Revenue ($B)

Vertical

Independent Survey Results from December 2011

visibility fabric
Visibility Fabric

Addressing the Limitations

“Wall” – in band

  • Limitations
  • Heartbeat monitoring
  • Intelligent traffic distribution
  • Establishes a ‘Dynamic DMZ’ enabling rapid response
  • Single point of failure
  • Potential bottleneck
  • Dependent upon “Maintenance windows”

“Watch” – out of band

  • Limitations
  • “Flow Mapping” filtering
  • Selective traffic forwarding
  • Scalability to serve some of the largest networks on the planet
  • Risk of over-subscription
  • Famine or Feast: SPAN or TAP
  • Increasing tooling demand & expanding network scale
thank you
Thank you

Paul Hooper

Vice President, Gigamon

ad