-
Gigamon® 方案說明
資安新視界-資安訊息派送平台
Stanley Lin 林大鈞 Sales Engineer, Taiwan
[email protected]
智能流量疏導與視覺化平台領導者
mailto:[email protected]
-
2 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
成立於 2004 年美國加州,2005 年第一個產品交貨 – 2013年六月在NYSE IPO
創造了Data Access Network – 現在稱為 Unified Visibility Fabric 架構
多項專利技術 – 31 項專利, 28 項申請中
超過 2000 個集團大型客戶使用GigaVUE ,分布在 60 多個國家
美國開發與生產
超過 78 個世界 Fortune 100 公司已採用Gigamon的方案
Gigamon Inc. – 美商奇望 The Company. The Team. The Results.
-
3 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Gigamon – Visibility產業的領導者 GIGAMON是VISIBILITY的CISCO
• 較次大市場佔有率廠家成長率高出4倍 • 37.6% market share as per Gartner
“Gigamon is the market share leader in the
NPB market delivering Layer 2 through Layer
7 NPB visibility, filtering and correlation via its
GigaSMART platform”
- Gartner, Jan 2016
Year
Quarter Q1'15 Q2'15 Q3'15 Q4'15 Q1'16 Q2'16
Gigamon $46.85 $51.45 $56.65 $67.00 $67.20 $75.10
Ixia NVS $35.60 $28.80 $33.50 $32.50 $29.20 $30.20
Gigamon growth rate (YoY) 47.50% 47.60% 44.30% 30.70% 43.40%
46.00%
Ixia NVS growth rate (YoY) 47.10% 11.60% 12.00% -16.20% -18.00%
4.90%
2015 2016
-
4 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
資訊安全面對與過往不同的挑戰?
-
5 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Source: Gartner Trends Telecom Forecast (March 2014)
全年資安預算執行了數百億美元的安全防範 投資不可謂不多了
FIREWALL/VPN 設備
$6,721M
IPS
$1,520M 具資安功能 ROUTERS
$968M
企業網路安全設備
防毒, EMAIL;
WAF,NAC …
$9,209M
-
6 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
資安問題卻不斷發生 – 規模之大令人震驚
*http://variety.com/2014/film/news/sony-hack-unparalleled-cyber-security-firm-1201372889/
+http://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/
++http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/
“知名資訊科技公司「雅虎」,驚傳遭駭客攻擊,目前已有5億多筆用戶資訊全部被盜,也成為美國史上最大規模的個資外洩事件。” *
2016年9月
“…美國人事行政局 (OPM) 指出大約有
22.1M 個人資料已被盜用 … ” + 2015年
“美國第二大健保公司安泰公司, Anthem
Inc. , 正式宣佈約有8千萬客戶資訊被盜用 ” ++ 2015年
-
7 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
盗領事件的省思 – 看不到就無法發揮功效
ATM被遠端控制盗領,更顯示駭客已進化,在內網活動,無法使用現有資安防堵方式防禦!
-
8 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
• 當今網路資訊安全的架構趨勢已由防堵(Prevention)模式轉化為偵測與立即反應 (Detection &
Response) 模式
• 此種資安運作模式必須仰賴一套整合式的資安聯結架構, 以供各種不同資安設備的佈建與擴充
• GigaSECURE是業界首套資安訊息派送平台 (Security Delivery Platform) ,
此架構將轉化現有資安服務建置的方式 – 使資安設備更有防治效益, 更自動化, 更降低成本
給CIO與CSO組長的提醒
-
9 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Introducing GigaSECURE®
業界第一套資安訊息派送平台
SECURITY DELIVERY PLATFORM
9 © 2015 Gigamon. All rights reserved.
-
10 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
是該將主動權由攻擊者手上移轉至防禦者的時侯了
如何鎖定資安威脅: 現有的資安佈建面臨巨大挑戰 視別訊務有地點或時間的限制
Internet
Routers
“Spine”
Switches
“Leaf”
Switches
Virtualized
Server Farm
Intrusion
Detection
System
Data Loss
Prevention
Email Threat
Detection
IPS
(Inline)
Anti-Malware
(Inline)
Forensics
資安防禦的挑戰:
• 整體網路盲點太多無法全面視別
• 為達資安效能要求導致成本極高
• 資安設備爭奪訊務流量的取得
• 訊務流量無法保持一致性
• 加密封包無法快速解密
• 導致太多假警報 false positives
-
11 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Intrusion
Detection
System
Data Loss
Prevention
Email Threat
Detection
IPS
(Inline)
Anti-Malware
(Inline)
Forensics
全網可視性Visibility的革命: 資安訊息派送平台
Intrusion
Detection
System
Email Threat
Detection
IPS
(Inline)
Forensics
Data Loss
Prevention
Anti-Malware
(Inline)
Internet
Routers
“Spine”
Switches
“Leaf”
Switches
Virtualized
Server Farm
資安訊息派送平台 Security Delivery Platform
按應用程式類型 獨立識別,進行有
目標性的檢測
提供加密流量的 可視性,保障加密 流量不含有威脅
Inline bypass 為 多層資安架構環境
提供可視性
全網完整覆蓋: 實體網與虛擬網
不抽樣的統計數據 生成,改善資訊 的鑑職準確度
Security Delivery Platform: 創造高效益資安系統的基礎平台
-
12 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
GigaSECURE® 的效益 1. 增加工具本體效益 2. 全網可視性提高工具的偵測效果 3.
網路運作不受工具影響更穩定
全面性的訊務視別能力 精密篩選訊務供不同資安設備
大幅提昇資安設備效能
Legacy Approach Without Gigamon
Enterprise LAN
Security Tool Security Tool Security Tool Security Tool
Irrelevant
Traffic
Relevant
Traffic
With Gigamon Security Delivery Platform
Security Tool Security Tool Security Tool Security Tool
Enterprise LAN
Relevant
Traffic
• 只見局部網路點之訊務 • 無法控制要取得哪種訊務
• 資訊設備的效能無法善用
-
13 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
網路取證 / 大數據分析
應用性能管理
網路性能管理
Gigamon適用於各種不同資安, 分析設備應用
Network
資安與漏洞管理
用戶經驗分析系統
-
14 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Applications Gigamon
Applications
3rd Party Apps (e.g. Splunk, Viavi)
Applications & Tools Infrastructure,
User Community
Gigamon全範圍可視化方案 - Visibility Fabric™
Traffic
Intelligence
Visibility
Fabric Nodes (Pervasive visibility across
physical, virtual, remote
sites, and SDN
production networks)
Fabric
Services Flow Mapping®
Fabric Control
(Management)
Inline Bypass
GigaVUE-HD8 GigaVUE-HB1
GigaVUE-HC2 H S
eri
es
TA
Se
rie
s GigaVUE-TA10
GigaVUE-OS
on white box
GigaVUE-TA40
Vir
tua
l V
isib
ilit
y
GigaVUE-VM
TA
Ps
G-TAP
G-TAP A Series
G-TAP BiDi
Embedded TAPs
G S
eri
es
GigaVUE-2404
GigaVUE-420
G-SECURE-0216
GigaVUE-FM
Clustering
GigaVUE-HD4
G-TAP M Series
FabricVUE™ Traffic Analyzer
De-duplication
Slicing
FlowVUE™
Masking
GTP
Correlation
Header
Stripping Tunneling
SSL Decryption
Adaptive
Packet Filtering
Application
Session Filtering Time Stamping
AP
I
NetFlow & Metadata
Generation
AP
I
AP
I
AP
I
GigaVUE-TA100
-
15 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
資安訊息派送平台應用範例
-
16 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用一 : In-Line Bypass 增進資安運作效能與彈性 現有資安與網路的棘手問題
SiSi SiSi
Firewall1
Switch x 2
Switch x 2
Switch x 2
IPS1
WAF1
Firewall2
IPS2
WAF2
資安設備必須與網路頻寬同速率
任何資安設備的變動, 如新加/移除設備, 版本升級, 必導致網路運作停頓
任一資安設備問題導致整個網路運作受到影響
新增設備測試時, 必須以實際運作的流量做測試, 導致測試時網路運作受到斷斷續續的影響
Active-Standby
浪費一台工具
Inline
Bypass
-
17 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用一 : In-Line Bypass 增進資安運作效能與彈性 解決了資安與網路組的棘手問題
SiSi SiSi
Firewall1
Switch x 2
Switch x 2
Switch x 2
IPS1
WAF1
Firewall2
IPS2
WAF2
雙資安設備可同時運作, 提昇檢測容量
任何資安設備的變動, 如新加/移除設備, 版本升級, 並不影響網路運作
資安效能依網路實際流量配置而非網路頻寬而定
整合串接 Inline, 旁接 Out-of-Band, Flow-based 設備於 GigaSECURE®
平台一體架構
簡化資安連結架構
SiSi SiSi
heartbeats
heartbeats heartbeats
heartbeats
10G 10G
WAF IPS Firewall1 Firewall2
Inline
Bypass
-
18 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
• 把流量均衡分配到幾台設備上,擴大資安管理的規模
• 同時可加入頻外(out-of-band)分析工具,擴大資安管理的能力
應用一 : In-Line Bypass 增進資安運作效能與彈性 一對一、一對多
Port A1 Port B1
Inline
Bypass
-
19 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
• 合併多條線路的流量 (最多可以36條線路),轉發去同一台 inline 資安分析設備上
• VLAN標籤用來區分回路 (回到真正線路前會自動去掉)
應用一 : In-Line Bypass 增進資安運作效能與彈性 多對一、多對多
Port A1 Port B1 Port A2 Port B2
VLAN 101 VLAN 101
VLAN 102 VLAN 102
Inline
Bypass
-
20 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用一 : In-Line Bypass 增進資安運作效能與彈性 Application-Aware Bypass,
Serial Inline Tools
A1 B1 A2 B2 A3 B3
Application Aware Bypass Serial Inline Tools
• 依不同應用程式種類需要去篩選訊務流量至不同資安設備
• Inline訊務流量可以啟用Flow Mapping功能
• 對不同資安設備可建立專屬L2-L4篩選政策
• 對不需監的訊務流量直接Bypass
• 可提昇網路與應用程式效能
• 可同時送串聯訊務流量到多個資安設備介面
• 可以Bypass 有問題的資安設備而不會導致網路中斷
• 串聯設備一台斷線導致全部流量中斷
• 可任意增加/移除或昇級資安設備而不影響網路運作
A1 B1 A2 B2 A3 B3
Inline
Bypass
-
21 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用二
虛擬環境流量可視式
-
22 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
OS
DB
DB Server
Leaf
Core Core
Leaf Leaf
Spine
Leaf
Spine
應用二 : 虛擬環境流量可視式- GigaVUE-VM LIGHTWEIGHT VM,非侵入式的NFV架構流量收集
應用管理 APM
網路管理 NPM
資安檢測
工具集中 部署
GigaVUE-VM
• Flow Mapping™
• 按VM、tcp/udp 埠進行過濾 • 封包裁切 • 多通道方式送封包去中心設備
進階流量處理 • 去除重複封包 • 敏感資料遮罩 • Source Port標籤 • 表頭移除
• 時間戳記 • 應用特徵過濾 • NetFlow Generation
• SSL封包解密
Network
Tunnel Port
Tunneling
DB
GigaVUE-VM and
GIgaVUE® Nodes
所有分析工具與系統收到同一個源頭分發的數據,方便以後關聯分析,也提高了關聯分析準確性
-
23 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用二 : 虛擬環境流量可視式- GigaVUE-VM
GigaVUE-FM
Traffic
Policies
APM
NPM
Security
CEM
Tunneling
VDS, VSS, N1k
VMware ESXi VMware ESXi
VDS, VSS, N1k
• 只在主機Hypervisor 佈放建置 ⎻ GigaVUE-VM on every ESXi host
• 篩選所需流量輸出 ⎻ VDS, VSS, Nexus 1k
• 與vCenter整合, 可偵測vMotion自動找出所要監看的虛擬主機所在Hypervisor位置
GigaVUE-VM
GigaVUE-VM and
GIgaVUE® Nodes
-
24 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Spine (Nexus 9500)
Leaf (Nexus 9300)
New ACI Architecture
Virtualized Server Farm (UCS)
HYPERVISOR
VM VM
GigaVUE-VM
應用二 : 虛擬環境流量可視式- GigaVUE-VM Cisco ACI 架構亦可應用
Network
Transformation
Core (Nexus 7K)
Aggregation (Nexus 5K,
Catalyst 6K)
Access (Nexus 2K)
Server Farm
Traditional Architecture
SSL
Decryption
NetFlow
Generation
Adaptive
Packet
Filtering
Header
Stripping
GigaVUE-FM
VM Traffic
VXLAN=6000
VXLAN=5000
De-cap VXLAN
NetFlow / IPFIX
Centralized Tools
Application
Performance
Management
Customer
Experience
Management
Security
Network
Performance
Management
REST APIs
Closed Loop Monitoring
Inline
Bypass
G-TAP BiDi
(40Gb)
• 利用原有資安工具監看ACI架構流量
• 解析ACI 打包封包格式, 並去除VXLAN報頭再派送給工具設備
• 流量分類篩選再派送給工具設備, 提昇工具設備效益而無需更新資安設備
• 因而降低資安設備成本
-
25 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用三
全網Packets level, NetFlow / IPFIX Generation
-
26 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用三 : 全網NetFlow / IPFIX Generation 資安訊息派送平台產生不同需要的NETFLOW
METADATA內容
• 1:1式NetFlow/IPFIX的輸出, 可增進 “慢速攻擊” 的偵測
• 可依不同資安設備設定不同篩選條件的NetFlow記錄
• 可以Offload資料傳輸交換器產生NetFlow/IPFIX的負擔
• 經由全流量Flow的視別可達成全域性 (End-to-End) 的資安防禦
• 對於利用資料傳遞通訊流程的攻擊方式特別有效地偵測
• 與市面領先之SIEM廠家或NetFlow統計鑑識設備商均有結合運作範例
Advanced Information
Elements
• 可以選用輸出URL訊息至所產生的客製化格式中如
• 至多可以同時輸出6個不同NetFlow v5/v9 and IPFIX的接收/分析設備
• 可結合LLDP/CDP 定位資料傳輸來源介面
Flow Metadata
SIEM and NetFlow
Forensics Integration
NetFlow / IPFIX
Generation
-
27 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
* Planned
應用三 : 全網NetFlow / IPFIX Generation
Uncover Denial of Service & compromise of internal web
servers
HTTP Response Codes
Discover malicious communications to C&C servers using DNS
transactions
DNS Discovery*
DNS C&C
Bots
Analyze HTTPS certificates to discover bad/suspicious
certificates
HTTPS Certificate Anomalies*
Correlate Kerberos and DHCP logs to map “who” (user) with “what”
(hostname and IP)
Mapping User, Hostname & IP Address*
Metadata
User
Machine IP
NetFlow / IPFIX
Generation
Any forward-looking indication of plans for products is
preliminary and all future release dates are tentative and subject
to change.
-
28 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用三 : 全網NetFlow / IPFIX Generation NETFLOW/IPFIX應用在資安偵測的範例
6 5 4 3 2
Phishing & zero
day attack Back door
Lateral
movement
Data
gathering Exfiltrate
1
Reconnaissance
Patient zero
analysis with
HTTP, HTTPS
and DNS
analysis
C&C analysis
with URL, HTTP,
SSL certificate
and DNS
analysis
Anomaly based
detection
through flow,
login, and
session analysis
URL, volumetric, HTTP / HTTPS, SSL
certificate, DNS analysis
NetFlow / IPFIX
Generation
-
29 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用三 : 全網NetFlow / IPFIX Generation 讓資安工具設備更快速地偵測問題所在
DNS query and
response information
DHCP query and
response information
URL access
Information
HTTP request,
response information
SSL certificate
information
Kerberos and user
login information
Server, application
connectivity information
User flow records
and session information
Intrusion
Detection
System
Data Loss
Prevention
Email Threat
Detection
IPS
(Inline)
Anti-Malware
(Inline)
Forensics
GigaVUE-VM and
GIgaVUE® Nodes
Application
Session Filtering
SSL
Decryption
Inline
Bypass
Context and Intent-based
Big Data Analytics
NetFlow / IPFIX
Generation
Metadata Engine
NetFlow / IPFIX
Generation
-
30 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
業界支持
GIGAMON NETFLOW / IPFIX GENERATION
Currently
Available
Currently
Available
In
progress
In
progress
In
progress
Currently
Available
In
progress
NetFlow / IPFIX
Generation
-
31 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Necessary And Sufficient?
Metadata 能協助快速定位
-
32 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Necessary And Sufficient?
Full Packet Stream 能找出攻擊內容與源頭
-
33 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Full Packet Stream ASF – 應用辨識 SESSION FILTERING
Application
Session Filtering
通用收集器 1 1 2 2
1 1 2 2 3 3 4 4 Email
監控
視頻 監控
3 1 2 4
Application
Session Filtering
• DPI/Content-based Filtering 把應用辨識,並把同一個 session 的封包一併過濾出來 •
舉例: 帶 attachment 的 email,BitTorrent 封包,,URL地址,在 HTTP上的 Over-the-top
應用 (下載,
youtube, facebook)
• 支持使用 RegEx (Regular Express) 定義特徵 • Session Aware
NETFLIX Exchange NETFLIX NETFLIX NETFLIX Exchange Exchange
Exchange
NETFLIX
Exchange
NETFLIX NETFLIX NETFLIX
Exchange Exchange Exchange
NETFLIX Exchange NETFLIX Exchange
1 2 3 4
^rfb 00[1-9]\.00[0-9]\x0a$ MAC LLC IP Data Trailer
-
34 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Vir
tual
Physic
al
自我調整數據包過濾 Adaptive Packet Filtering
APF提供強大的功能支援過濾查找出FULL-PACKET中的內容
-
35 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Physic
al
• 利用封包切片,在轉發去分析系統前,把封包中含有敏感資料的部份移除。
• 利用封包切片,在轉發去分析系統前,把封包中敏感資料的部份遮罩,例如信用卡卡號,身份證號等。
SSL 封包解密與法規遵從 怎樣可以兩全其美?
Flow
Mapping®
通道終結點
SSL
封包解密
封包切片
敏感資料 遮罩 V
irtu
al
GigaVUE-VM
GigaVUE-VM
遙距節點所收集到的流量轉發到 DLP 分析
Web 伺服器相關流量轉發到 NPM / CEM 監控
跨越全網虛擬伺服器間的流量轉發到 IDS 分析
-
36 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用四
大幅減少記錄容量,機敏資訊的遮蓋
-
37 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
應用四 : 大幅減少記錄容量
選擇性封包裁切
• 去除重覆封包
• 單一session流量經由數個網路結點, 會產生多個相同而重覆的封包
• De-Dup功能可辦識相同session流量而將重覆封包只留取一筆, 而可減少33~75%的封包量
去除重覆封包
• 封包裁切
• 對不同屬性流量可裁切不同長度的封包, 可以減少側錄或大數據設備的容量
• 平均網路流量封包長度約為800Byte, 如果依需要裁切為平均200Byte, 則可節省80%流量
去除重覆封包 封包裁切
-
38 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
臺北某科技大學 計算機與網路中心
Gigamon 客戶實用案例分享
-
39 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
• 該科技大學因承辦技專校院招生委員會聯合會相關業務。因應教育部政策,資安等級提升為A級
• 評估峰值流量於一年內將增加為6Gbps至8Gbps
• 現有APT、WAF不是無對應流量之型號或是無法負荷之預算金額
• POC測試設備時無法克服 – 核心交換器因Mirror Port過多無法負荷
– 某些測試設備必須Inline,上線時調整線路造成斷線
– 測試設備異常無法即時拔除
未建置Gigamon架構前困擾問題
-
40 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
該校 In-Line 連接架構示意
Stack
WAN Switch1 WAN Switch2
VSS
Core (Local) Core (Remote) NG Firewall
QoS Device
-
41 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
該校 Out-of-band 連接示意
SIEM
• 可透過設定將多路聚合 (多對1)
Flow Analysis
POC Device
POC Device
-
42 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
• 設備採購成本降低 – 緩衝資安設備HA一次到位預算壓力
– 使用Map Filter 依照條件決定流量路徑。8Gb流量也能用4Gb設備,如: • IP Dst 非Server Farm
不通過WAF設備
• 非SSL封包不通過SSL解密設備
• 非關鍵業務網段不通過APT設備
• 高度彈性 – 可控制介面,依需求彈性切換使用模式不浪費
– 依政策需求可調整個別設備故障政策(Fail Open、Fail Close)
– 設備測試、維護及升級不斷線,提升業務持續運作成效
建置後現階段效益
-
Deep Packet Inspection 辨識關鍵業務 - 金融應用
-
44 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Deep Packet Inspection – GigaSMART APF/ASF
-
45 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
金融交易 – 以字段 “03 06 45 20…9168” 辨識及過濾
-
46 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
金融交易 – 以字段 “03 06 45 20…9168” 辨識及過濾
-
Cisco ACI & SDDC環境監測
-
48 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
Cisco ACI & SDDC 環境
-
49 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
• Spine-Leaf是40Gb BiDi線路 – 監測工具不支援
• 扁平化架構 – 線路增多
– 縱向橫向流量都存在,封包容易被重複捕捉
• 使用VxLAN技術 – 監測工具無法辨識,造成分析錯誤或是無法解譯
• Cisco UCS虛擬環境 – 出現監測盲點
Cisco ACI & SDDC 環境 監測挑戰
-
50 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
ACI VxLAN – Before Gigamon: unknown traffic
-
51 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
After Gigamon VxLAN Header Strip
-
55 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
• 全網資安訊息的可視性 – 提供資安設備完整訊息 – 實體網路,虛擬網路,內部網路全部可視
• 工具設備介接與實作網路分離 – 工具設備介接彈性 – 網路頻寬與工具效能脫鈎,工具任何異動不影響網路運作
• DPI深度訊務封包辨識 – 訊務篩選派送提昇工具設備運作效益 – 包含封包Header,
Data內容的辨識與篩選能力,大幅節省工具設備需要處理的訊務量
• 應用程式訊務辨識 – mission critical app 的應用結合 – 金融應用 - 關鍵營運業務 (如ATM訊務)
的篩選可作稽核與分流
為什麼現在需要Gigamon平台
-
56 Confidential and Proprietary. For Internal Use Only. © 2015
Gigamon. All rights reserved.
See More
Secure More
