Quite some time ago, my colleague wrote about our Gigamon NetFlow support. That article will help you understand how to configure your Gigamon appliances to export rich metadata to your network and security intelligence platform. In this article, I will discuss network traffic analytics as it pertains to Gigamon, and outline some of the few areas that Gigamon can supplement the metadata exports from your existing infrastructure.

To start, I’d like to state that Gigamon is one of our technology alliance partners and that we work very closely with them to ingest all of their unique data elements and provide the most context.

The Importance of Metadata

metadata context

When it comes to network and security intelligence, metadata is the foundation that brings context for fast and efficient incident response. No matter how big or small the problem, without context IT professionals will find themselves frustrated as they search for a solution. By correlating all of your network traffic in a central location, you can identify problems quickly and understand to what extent they have spread. “What does that have to do with Gigamon?” you might ask. Well, when it comes to metadata, Gigamon has a set of metadata exports that aren’t found in the common infrastructure elements like routers, switches, and firewalls. Because of its unique exports, Gigamon, in conjunction with the rest of your exports, can significantly complement your data context, which ultimately helps reduce your time to resolution.

Gigamon Metadata

What type of information am I talking about? Well, along with the standard five-tuple flow exports that nearly every network router, switch, and firewall can export, Gigamon can also export information related to DNS, like DNS query name and DNS response IP. This can provide you with the DNS request and the application’s response. Additional DNS response information can also be obtained to understand where NXDOMAIN responses were received. This is especially helpful when looking for domain generation algorithms (DGAs) used by malware to steal information from your network. Gigamon also exports TLS certificate details, which provides information related to the certificate like subject name, subject alt name, and common name. This information can be very helpful when trying to determine where traffic on the network is head in a sea of encrypted data.

Metadata for Cloud-First IT

Cloud-first initiatives are commonplace, driving more data and application migrations to the cloud. Increased agility, resource elasticity, and cost savings are key goals; however, this shift places new stress on IT to secure and support those applications and the associated data. Private, public, and hybrid cloud deployments are dispersing data, which leads to limited visibility and increased concerns over security. New approaches must be evaluated to manage and secure these cloud architectures effectively.

Gigamon also announced recently their ability to provide complete cloud visibility in both Amazon AWS, and now Microsoft Azure, in their GigaSECURE cloud platform. This new capability, along with Scrutinizer, provides a solid foundation for IT professionals to understand how they can achieve the same visibility from the cloud that they have on their on-premise network. This visibility could be from the public, private, or hybrid clouds that many organizations have.

To understand more about how Gigamon provides a supplemental layer of visibility to your existing network, and how Scrutinizer can correlate and display the unique metadata elements from Gigamon, watch our webinar, “Regain Visibility and Control of Your Data and Applications in a Cloud-first Model.

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related