Gigamon appliances can export enormous amounts of flows and
the metadata details they contain are rich with application performance
metrics. Plixer is an ideal partner because Scrutinizer’s distributed
architecture can collect several million flows per second and the flexible
NetFlow design allows the system to store and report on the unique elements
(e.g. URLs) that are in their export.
More details, faster
When following up on an application performance issue or a
potential malware event, the Mean Time to Respond (MTTR) on each inquiry is a
metric that often falls under scrutiny. Less time is better and the best way to
improve the MTTR is to increase the context surrounding an event. This means
retrieving the right details related to whatever is being investigated.
In the business of network traffic analysis,
greater contextual details often come from a specialized appliance that can
serve up what is commonly called metadata. Information such as username,
operating system, URLs visited, physical location, applications being used,
historical trends, the number of hosts connecting to, etc. can all prove
invaluable when tracking down a suspicious event.
Gigamon’s latest IPFIX export allows the Scrutinizer Network Incident Response System to report on:
URL, SIP, and CDP Information
HTTP Response Codes
TCP: Acknowledgement Number, Sequence Number,
Urgent Pointer, and more
Fragment: Flags, ID, and Offset
Flow End Reason and IP Time to Live
Layer 2: VLAN, Average Packet Size, and MAC
Context Surrounding Incidents
With the above data collected, security professionals also
need an interface that allows them to finish searches across massive amounts of
data in seconds. They need to drill in on the end system and gain immediate
access to the metadata that complements many NetFlow and IPFIX exports.
How was the incident triggered? What policy or
behavior was violated?
Who caused it? Is the username provided?
When did the event take place?
Which part of the business was potentially
Where did the event(s) occur?
Useful context results in shorter investigation times, leading to a faster Mean Time to Know (MTTK). Ultimately, time is money and when the organization is home to hundreds of thousands of network devices, knocking a few hours per day off the time needed to follow up on an incident is a big help. Contact Plixer to start a Scrutinizer trial and experience greater visibility into your Gigamon investment.
Gigamon and Plixer joint solution brief
Gigamon systems are placed into areas of the network
where flow data is not available or where existing flow capable hardware can’t
keep up with the traffic volume. With Gigamon and Scrutinizer combined,
security teams can baseline, detect, and remove unwanted behaviors.