Gigamon

Gigamon appliances can export enormous amounts of flows and the metadata details they contain are rich with application performance metrics. Plixer is an ideal partner because Scrutinizer’s distributed architecture can collect several million flows per second and the flexible NetFlow design allows the system to store and report on the unique elements (e.g. URLs) that are in their export.

When following up on an application performance issue or a potential malware event, the Mean Time to Respond (MTTR) on each inquiry is a metric that often falls under scrutiny. Less time is better and the best way to improve the MTTR is to increase the context surrounding an event. This means retrieving the right details related to whatever is being investigated. In the business of network traffic analysis, greater contextual details often come from a specialized appliance that can serve up what is commonly called metadata. Information such as username, operating system, URLs visited, physical location, applications being used, historical trends, the number of hosts connecting to, etc. can all prove invaluable when tracking down a suspicious event.

More details, faster

Gigamon’s latest IPFIX export allows the Scrutinizer Network Incident Response System to report on:

  • URL, SIP, and CDP Information
  • HTTP Response Codes
  • TCP: Acknowledgement Number, Sequence Number, Urgent Pointer, and more
  • Fragment: Flags, ID, and Offset
  • Flow End Reason and IP Time to Live
  • Layer 2: VLAN, Average Packet Size, and MAC Address

Context Surrounding Incidents

With the above data collected, security professionals also need an interface that allows them to finish searches across massive amounts of data in seconds. They need to drill in on the end system and gain immediate access to the metadata that complements many NetFlow and IPFIX exports.

  • How was the incident triggered? What policy or behavior was violated?
  • Who caused it? Is the username provided?
  • When did the event take place?
  • Which part of the business was potentially impacted?
  • Where did the event(s) occur?

Useful context results in shorter investigation times, leading to a faster Mean Time to Know (MTTK). Ultimately, time is money and when the organization is home to hundreds of thousands of network devices, knocking a few hours per day off the time needed to follow up on an incident is a big help. Contact Plixer to start a Scrutinizer trial and experience greater visibility into your Gigamon investment.

Gigamon and Plixer joint solution brief

Gigamon systems are placed into areas of the network where flow data is not available or where existing flow-capable hardware can’t keep up with the traffic volume. With Gigamon and Scrutinizer combined, security teams can baseline, detect, and remove unwanted behaviors. 

Learn More