View
4
Download
0
Category
Preview:
Citation preview
Top Five Reasons You Need anElemental Shift in Your Security
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
2
It’s Time for a New Vision of Network Security Securing an IT infrastructure — across physical, virtual and cloud environments — has become more daunting and complex than ever.
The emergence of big data, the internet of things and machine-to-machine communications has not only produced increasing volumes of data and network speeds, but also an increasing number, variety and sophistication of critical threats, including cyberterrorism, malware, ransomware and those originating from inside your organization. Add those up and what do you get? A domain of ever-increasing complexity, risk and cost.
So, when faced with the question of how well the status quo network security architecture serves your business and your customers and the answer is, “not well enough,” it’s time for elemental shift in security.
Today’s threat environment demands change
Data volume Network speeds Proliferatingthreats
RiskComplexity Cost
3
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
CYBERTHREATS CONSTANTLY EVOLVE.Here are Five Reasons Your Defenses Should, Too.
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
4
Perimeter and Endpoint-Based Approaches Are Only the First Step Organizations have done what they’re supposed to do: Deploy the latest firewalls and the most advanced intrusion detection systems. So why are breaches still happening? The answer is that security postures continue to rely on the same old principles. Today organizations need more than a collection of single-featured tools.
The Simple Trust Model No Longer AppliesLong gone are the days when every device was owned, controlled and secured by IT. Trends like Bring Your Own Device (BYOD) and Bring Your Own Software (BYOS) blur the lines between what IT controls and what it doesn’t. While BYOD and BYOS may be good for productivity, they’re bad for security. Sixty-one percent of security breaches today are carried out by insiders: an employee, a contractor or a business partner on site.*
Legacy Static Security Frameworks Cannot Adapt Today’s networks are anything but static. With near-universal mobility of users, devices and apps, fixed, immutable choke points are things of the past. The dynamically expandable cloud makes perimeter boundaries even more fluid.
REASON 1:Legacy Security Models Are No Match for Modern Threats
*”Dtex Systems: Insider Threat Intelligence Report.” January 2017.
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
5
Complex, nuanced attacks infiltrate and lurk within hidden areas of today’s networks, often taking weeks to detect and even longer to contain. Meanwhile, the attacker can wreak havoc on an organization’s business by continuing to exfiltrate data.
The costs can be severe — and expensive: Businesses may be forced to comply with breach notification and reporting mandates, face litigation and pay hefty fines. It can also have a negative impact on trust. Ultimately, leery customers might be inclined to take their business elsewhere.
The median number of days from intrusion to detection for internally detected breaches.*
The median number of days from intrusion to detection for breaches detected and reported by external parties.*
*Trustwave Holdings, Inc. “2017 Trustwave Global Security Report.” 2017. https://www2.trustwave.com/CPN-2017-06-GSR_GSR-Success-Page.html?aliId=1884558783
REASON 2:The Costs from Intrusions Are Unacceptably High
16
65
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
6
It’s tough to be in security operations (SecOps) these days. High-profile attacks are headline news, and the sheer volume of alerts can make it challenging to prioritize what needs attention first. SecOps face an expanding portfolio of responsibilities spread across myriad functions, technologies and processes.
Network security today depends on strong communication and collaboration between SecOps and network operations (NetOps) staff* — two teams that have historically operated as separate entities and often, at odds. Skilled resources are typically stretched thin across both groups, with too few people covering too many responsibilities — and they need a better way to work together.
Simplifying key security operations processes and adopting the right security technology architecture are essential to driving the convergence of these teams and ultimately, to improving overall network security and performance.
Evolving threats and increasing attack surface
Surging volumes of data to be analyzed
High cost of security tool sprawl
Difficulty accessing data across physical, virtual and cloud environments
Speed mismatch of security tools and network
Slow rollout and expansion of security initiatives
Complex security stack to manage by limited staff
Rollout of security tools impacting network uptime
Use of encryption to hide threats
*Ganguli, Sanjit and Orans, Lawrence. “Align NetOps and SecOps Tool Objectives With Shared Use Cases,” Gartner Research, September 2017. https://www.gigamon.com/resources/resource-library/analyst-industry-reports/ar-gartner-align-netops-secops-tool-objectives.html
REASON 3:Security Pros Face a Perfect Storm of Challenges
7
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
ADDING MORE TOOLS TO KEEP OUT THE BAD GUYS IS EXPENSIVE AND IT WON’T WORK
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
8
Rising costs. Management and capital expenditure (CapEx) costs are soaring due to the proliferation of security tools across the network.
Inconsistent view of traffic. Security appliances tied in at specific network points are often blind to traffic from other parts of the infrastructure.
Added complexity. SecOps teams are unable to orchestrate or load balance data across security tools.
Lost time. Time-constrained staff must manage tools individually and coordinate with NetOps to upgrade or make changes to security tools.
Contention for traffic. Too many tools are trying to access traffic from the same network points while the full volume of traffic at those points oversubscribes the tool.
Blindness to encrypted traffic. Many security appliances can’t see encrypted traffic, and malware increasingly uses encryption to hide.
Too many false positives. More security appliances create an excess of false positives for SecOps staff to wade through.
REASON 4:Ad-Hoc Security Deployments Have Long-Term Consequences
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
9
It’s been said that insanity can be defined as “doing the same thing over and over again and expecting different results.” Unchanged security models simply cannot handle completely new breeds of hackers and new types of threats. Commercialized hacking tools, malware-as-a-service and sophisticated multidimensional attacks are all becoming commonplace. At the same time, there is more data speeding across networks, an increasing burden on already overloaded security tools and a shortage of skilled security professionals.
The “whack-a-mole” approach of adding new tools to address each of these problems creates a patchwork quilt that cannot cover every scenario and only increases cost and complexity.
Unchanged security models
Surging volumes of traffic
SecOps and NetOps at odds
Blind spots
REASON 5:Exploits Have Changed. Defenses Haven’t.
10
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
FASTER NETWORKS AND MORE SOPHISTICATED THREATS DEMAND AN ELEMENTAL CHANGE IN SECURITY
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
11
Build a More Secure BusinessSo, what’s the best approach to improving your overall network security posture?
Answer: You need more than a collection of single-featured security tools. Instead, you need an intelligent and integrated approach, starting with a security delivery platform that can help simplify and boost the efficiency of security operations, speed the detection of threats and optimize existing investments in security tools.
The GigaSECURE® Security Delivery Platform from Gigamon lets you access the data you need across your entire infrastructure — in on-premises, virtual and cloud environments. As a next-generation packet broker purpose-built for security, it orchestrates the movement of data to security tools in ways you may not have known are possible.
• Deploy and manage analytics inline and out of band
• Upgrade and make changes to security tools without impacting network availability
• Align NetOps and SecOps
• Evaluate and roll out new technology easily
• Access data across the network — in on-premises, virtual and cloud environments
• Scale security at the speed of your network, even at 100Gb
• Deliver relevant data to the right security tools for faster detection
• Eliminate blind spots where threats may be hiding
• Stop tool sprawl with fewer tools for lower CapEx
• Maximize tool efficiency
• Decrease SecOps load
• Load balance data across tools to leverage existing investments
• Reduce operational expenditures related to maintenance downtime
Simplify Operations
Uncover Threats Faster
Control Costs
12
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
UNTIL NOW, SECURITY HAS NEVER HAD AN ELEMENT THIS POWERFUL
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
13
GigaSECURE is a vital element that bonds with your entire network ecosystem to make it more resilient, agile and secure. It connects to your physical, virtual and cloud networks, supporting both inline and out-of-band tools across multiple network segments simultaneously.
Security tools link directly into GigaSECURE, eliminating the need to wait for maintenance windows or coordinating with NetOps for deployment. Tools receive a high-fidelity stream of relevant traffic from across your network infrastructure at a speed they can manage.
With security-specific capabilities, like load balancing, inline bypass, metadata and secure sockets layer (SSL) decryption, GigaSECURE helps you scale security with network upgrades while avoiding tool oversubscription, stopping tool sprawl and improving efficiency.
Transform Security with the GigaSECURE Security Delivery Platform
GigaSECURE® Security Delivery Platform
InlineBypass
Powered by GigaSMART®
Physical,Virtual and Cloud
ApplicationSession Fltering
MetadataEngine
SSLDecryption
On-premData Center
RemoteSites
Cisco ACI
PrivateCloud
PublicCloud
APIs
Centralized Tools
Data
WebApplication
Firewall
IntrusionPrevention
System
Data LossPrevention
Forensics AdvancedThreat
Prevention
SecurityInformation and
Event Management
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
14
Many organizations have implemented GigaSECURE to successfully feed critical data to different types of security tools — whether prevention, detection or the emerging space of prediction. However, there’s a much broader aspect to what a security delivery platform can enable.
The very nature of polymorphic threats means that you can no longer afford to build security silos where one security device does not interact with another, and excessive human intervention can no longer be required.
The opportunity to create the security architecture built for the future has arrived. It’s about an entire Defender Lifecycle Model, which encompasses four stacks: prevention, detection, prediction and containment. Across every tool in every one of those stacks, the imperative is to level the playing field with automation.
The Defender Lifecycle Model shifts control and advantage away from the attacker and back to you, the defender, by making security a machine-to-machine fight, not a person-to-machine fight. This is how your security architecture gets transformative.
The Defender Lifecycle Model: Make Security a Machine-to-Machine Fight
Physical Virtual Cloud
GigaSECURE Security Delivery Platform
PreventionBasic Hygiene:
Firewall, Endpoint,Segmentation, etc.
DetectionBuilding Context:
Big Data and Machine Learning
PredictionTriangulating Intent:
Artificial Intelligence and Cognitive Solutions
ContainmentTaking Action: Firewalls, IPS,
Endpoints, Routers
Inline BypassSSL Decryption
Metadata EngineApplication Session Filtering
SSL Decryption
Metadata EngineApplication Session Filtering
SSL Decryption
InlineEnforcement
Automated Automated
Defender Lifecycle Model
eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY
15
The Power of the Gigamon EcosystemNo platform stands alone, and GigaSECURE is no exception. Together, Gigamon and its ecosystem partners address all of your data access and security requirements so you can focus on what matters to your business.
© 2018 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the Untied States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Visit: www.gigamon.com or contact us at 408.831.4000
1056-06 07/18
There’s a New Element Ready to Help You Build a More Secure Business
#TheEssentialElement
Recommended