Five Reasons for an Elemental Shift in Security...away from the attacker and back to you, the defender, by making security a machine-to-machine fight, not a person-to-machine fight

Top Five Reasons You Need anElemental Shift in Your Security

eBOOK • THE TOP FIVE REASONS YOU NEED AN ELEMENTAL SHIFT IN YOUR SECURITY

2

It’s Time for a New Vision of Network Security Securing an IT infrastructure — across physical, virtual and cloud environments — has become more daunting and complex than ever.

The emergence of big data, the internet of things and machine-to-machine communications has not only produced increasing volumes of data and network speeds, but also an increasing number, variety and sophistication of critical threats, including cyberterrorism, malware, ransomware and those originating from inside your organization. Add those up and what do you get? A domain of ever-increasing complexity, risk and cost.

So, when faced with the question of how well the status quo network security architecture serves your business and your customers and the answer is, “not well enough,” it’s time for elemental shift in security.

Today’s threat environment demands change

Data volume Network speeds Proliferatingthreats

RiskComplexity Cost

3


CYBERTHREATS CONSTANTLY EVOLVE.Here are Five Reasons Your Defenses Should, Too.


4

Perimeter and Endpoint-Based Approaches Are Only the First Step Organizations have done what they’re supposed to do: Deploy the latest firewalls and the most advanced intrusion detection systems. So why are breaches still happening? The answer is that security postures continue to rely on the same old principles. Today organizations need more than a collection of single-featured tools.

The Simple Trust Model No Longer AppliesLong gone are the days when every device was owned, controlled and secured by IT. Trends like Bring Your Own Device (BYOD) and Bring Your Own Software (BYOS) blur the lines between what IT controls and what it doesn’t. While BYOD and BYOS may be good for productivity, they’re bad for security. Sixty-one percent of security breaches today are carried out by insiders: an employee, a contractor or a business partner on site.*

Legacy Static Security Frameworks Cannot Adapt Today’s networks are anything but static. With near-universal mobility of users, devices and apps, fixed, immutable choke points are things of the past. The dynamically expandable cloud makes perimeter boundaries even more fluid.

REASON 1:Legacy Security Models Are No Match for Modern Threats

*”Dtex Systems: Insider Threat Intelligence Report.” January 2017.


5

Complex, nuanced attacks infiltrate and lurk within hidden areas of today’s networks, often taking weeks to detect and even longer to contain. Meanwhile, the attacker can wreak havoc on an organization’s business by continuing to exfiltrate data.

The costs can be severe — and expensive: Businesses may be forced to comply with breach notification and reporting mandates, face litigation and pay hefty fines. It can also have a negative impact on trust. Ultimately, leery customers might be inclined to take their business elsewhere.

The median number of days from intrusion to detection for internally detected breaches.*

The median number of days from intrusion to detection for breaches detected and reported by external parties.*

*Trustwave Holdings, Inc. “2017 Trustwave Global Security Report.” 2017. https://www2.trustwave.com/CPN-2017-06-GSR_GSR-Success-Page.html?aliId=1884558783

REASON 2:The Costs from Intrusions Are Unacceptably High

16

65

https://www2.trustwave.com/CPN-2017-06-GSR_GSR-Success-Page.html?aliId=1884558783


6

It’s tough to be in security operations (SecOps) these days. High-profile attacks are headline news, and the sheer volume of alerts can make it challenging to prioritize what needs attention first. SecOps face an expanding portfolio of responsibilities spread across myriad functions, technologies and processes.

Network security today depends on strong communication and collaboration between SecOps and network operations (NetOps) staff* — two teams that have historically operated as separate entities and often, at odds. Skilled resources are typically stretched thin across both groups, with too few people covering too many responsibilities — and they need a better way to work together.

Simplifying key security operations processes and adopting the right security technology architecture are essential to driving the convergence of these teams and ultimately, to improving overall network security and performance.

Evolving threats and increasing attack surface

Surging volumes of data to be analyzed

High cost of security tool sprawl

Difficulty accessing data across physical, virtual and cloud environments

Speed mismatch of security tools and network

Slow rollout and expansion of security initiatives

Complex security stack to manage by limited staff

Rollout of security tools impacting network uptime

Use of encryption to hide threats

*Ganguli, Sanjit and Orans, Lawrence. “Align NetOps and SecOps Tool Objectives With Shared Use Cases,” Gartner Research, September 2017. https://www.gigamon.com/resources/resource-library/analyst-industry-reports/ar-gartner-align-netops-secops-tool-objectives.html

REASON 3:Security Pros Face a Perfect Storm of Challenges

https://www.gigamon.com/resources/resource-library/analyst-industry-reports/ar-gartner-align-netops-secops-tool-objectives.html

7


ADDING MORE TOOLS TO KEEP OUT THE BAD GUYS IS EXPENSIVE AND IT WON’T WORK


8

Rising costs. Management and capital expenditure (CapEx) costs are soaring due to the proliferation of security tools across the network.

Inconsistent view of traffic. Security appliances tied in at specific network points are often blind to traffic from other parts of the infrastructure.

Added complexity. SecOps teams are unable to orchestrate or load balance data across security tools.

Lost time. Time-constrained staff must manage tools individually and coordinate with NetOps to upgrade or make changes to security tools.

Contention for traffic. Too many tools are trying to access traffic from the same network points while the full volume of traffic at those points oversubscribes the tool.

Blindness to encrypted traffic. Many security appliances can’t see encrypted traffic, and malware increasingly uses encryption to hide.

Too many false positives. More security appliances create an excess of false positives for SecOps staff to wade through.

REASON 4:Ad-Hoc Security Deployments Have Long-Term Consequences


9

It’s been said that insanity can be defined as “doing the same thing over and over again and expecting different results.” Unchanged security models simply cannot handle completely new breeds of hackers and new types of threats. Commercialized hacking tools, malware-as-a-service and sophisticated multidimensional attacks are all becoming commonplace. At the same time, there is more data speeding across networks, an increasing burden on already overloaded security tools and a shortage of skilled security professionals.

The “whack-a-mole” approach of adding new tools to address each of these problems creates a patchwork quilt that cannot cover every scenario and only increases cost and complexity.

Unchanged security models

Surging volumes of traffic

SecOps and NetOps at odds

Blind spots

REASON 5:Exploits Have Changed. Defenses Haven’t.

10


FASTER NETWORKS AND MORE SOPHISTICATED THREATS DEMAND AN ELEMENTAL CHANGE IN SECURITY


11

Build a More Secure BusinessSo, what’s the best approach to improving your overall network security posture?

Answer: You need more than a collection of single-featured security tools. Instead, you need an intelligent and integrated approach, starting with a security delivery platform that can help simplify and boost the efficiency of security operations, speed the detection of threats and optimize existing investments in security tools.

The GigaSECURE® Security Delivery Platform from Gigamon lets you access the data you need across your entire infrastructure — in on-premises, virtual and cloud environments. As a next-generation packet broker purpose-built for security, it orchestrates the movement of data to security tools in ways you may not have known are possible.

• Deploy and manage analytics inline and out of band

• Upgrade and make changes to security tools without impacting network availability

• Align NetOps and SecOps

• Evaluate and roll out new technology easily

• Access data across the network — in on-premises, virtual and cloud environments

• Scale security at the speed of your network, even at 100Gb

• Deliver relevant data to the right security tools for faster detection

• Eliminate blind spots where threats may be hiding

• Stop tool sprawl with fewer tools for lower CapEx

• Maximize tool efficiency

• Decrease SecOps load

• Load balance data across tools to leverage existing investments

• Reduce operational expenditures related to maintenance downtime

Simplify Operations

Uncover Threats Faster

Control Costs

12


UNTIL NOW, SECURITY HAS NEVER HAD AN ELEMENT THIS POWERFUL


13

GigaSECURE is a vital element that bonds with your entire network ecosystem to make it more resilient, agile and secure. It connects to your physical, virtual and cloud networks, supporting both inline and out-of-band tools across multiple network segments simultaneously.

Security tools link directly into GigaSECURE, eliminating the need to wait for maintenance windows or coordinating with NetOps for deployment. Tools receive a high-fidelity stream of relevant traffic from across your network infrastructure at a speed they can manage.

With security-specific capabilities, like load balancing, inline bypass, metadata and secure sockets layer (SSL) decryption, GigaSECURE helps you scale security with network upgrades while avoiding tool oversubscription, stopping tool sprawl and improving efficiency.

Transform Security with the GigaSECURE Security Delivery Platform

GigaSECURE® Security Delivery Platform

InlineBypass

Powered by GigaSMART®

Physical,Virtual and Cloud

ApplicationSession Fltering

MetadataEngine

SSLDecryption

On-premData Center

RemoteSites

Cisco ACI

PrivateCloud

PublicCloud

APIs

Centralized Tools

Data

WebApplication

Firewall

IntrusionPrevention

System

Data LossPrevention

Forensics AdvancedThreat

Prevention

SecurityInformation and

Event Management


14

Many organizations have implemented GigaSECURE to successfully feed critical data to different types of security tools — whether prevention, detection or the emerging space of prediction. However, there’s a much broader aspect to what a security delivery platform can enable.

The very nature of polymorphic threats means that you can no longer afford to build security silos where one security device does not interact with another, and excessive human intervention can no longer be required.

The opportunity to create the security architecture built for the future has arrived. It’s about an entire Defender Lifecycle Model, which encompasses four stacks: prevention, detection, prediction and containment. Across every tool in every one of those stacks, the imperative is to level the playing field with automation.

The Defender Lifecycle Model shifts control and advantage away from the attacker and back to you, the defender, by making security a machine-to-machine fight, not a person-to-machine fight. This is how your security architecture gets transformative.

The Defender Lifecycle Model: Make Security a Machine-to-Machine Fight

Physical Virtual Cloud

GigaSECURE Security Delivery Platform

PreventionBasic Hygiene:

Firewall, Endpoint,Segmentation, etc.

DetectionBuilding Context:

Big Data and Machine Learning

PredictionTriangulating Intent:

Artificial Intelligence and Cognitive Solutions

ContainmentTaking Action: Firewalls, IPS,

Endpoints, Routers

Inline BypassSSL Decryption

Metadata EngineApplication Session Filtering

SSL Decryption

Metadata EngineApplication Session Filtering

SSL Decryption

InlineEnforcement

Automated Automated

Defender Lifecycle Model


15

The Power of the Gigamon EcosystemNo platform stands alone, and GigaSECURE is no exception. Together, Gigamon and its ecosystem partners address all of your data access and security requirements so you can focus on what matters to your business.

© 2018 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the Untied States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Visit: www.gigamon.com or contact us at 408.831.4000

1056-06 07/18

There’s a New Element Ready to Help You Build a More Secure Business

#TheEssentialElement

http://www.gigamon.com

Documents

Five Reasons for an Elemental Shift in Security...away from the attacker and back to you, the defender, by making security a machine-to-machine fight, not a person-to-machine fight