Here at Plixer we often try and work with vendors when they are developing their NetFlow exports. Recently, Gigamon announced that they will be adding more IPFIX elements to their exports to provide more context to the traffic you are monitoring. In this blog I will go over what types of exports have been announced and the importance of them in the context of security and performance monitoring.

Gigamon NetFlow Generation:

IPFIX DNS Exports

Gigamon have always been on the cutting edge when it comes to IPFIX Generation and their recent news has gotten a lot of our customers very excited. One of the biggest items that they announced was that they will be exporting DNS Information (in IPFIX). This is great for a security engineer who may want to keep track of where people are going without having to man-in-the-middle the traffic. As you have probable read in previous blogs, monitoring the FQDN (Fully Qualifed Domain Name) is also a great way of gaining insight into what SSL traffic is being consumed on the network. Besides just monitoring end users it’s also great from a security posture since now you will be looking to see if there is DNS TXT in the payload (often used in Botnet communication) or if they are reaching out to a large number of NXDOMAINS (often seen in Botnets using a DGA).

SSL Decryption NetFlow:

Another reason why engineers are looking to deploy Packet Brokers is to decrypt SSL traffic to gain better insight into what traffic is going on. Furthermore, when problems arise, they have the most granular visibility. Gigamon has been a leader in this space for a long time and we have long had support for the Gigamon NetFlow exports. Their SSL Decryption now allows you to generate IPFIX based on the unencrypted traffic, giving you full access to whats going on.Gigamon IPFIX Support

SSL decryption has always been something that a lot of our customers have wanted, but it hasn’t always been the easiest to deploy—it involves pushing out signed certificates to everyone, verifying they work, and having a firewall capable of decrypting/re-encrypting the traffic. Luckily for us, Gigamon takes a pretty touch-free approach which makes it so your time is spent fixing problems rather than configuring.

Future Of IPFIX Exports:

With all of the recent announcements I’m very curious to see what the future holds for Gigamon’s NetFlow exports. Maybe we will see more DPI into applications like email and FTP next. Whatever the future holds, you can be certain that our NetFlow collector will have full support for it and will offer the best reporting available when it comes to Gigamon IPFIX exports. If you have any questions about Gigamon’s exports, feel free to reach out to our team!

Jake

Jake

Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.

Related