The Gigamon Visibility Platform

See what matters.™

Corporate Overview

See what matters.™

Gigamon Visibility Platform provides pervasive visibility into
data in motion across your entire network, enabling stronger
security and network performance.

BACKGROUND: PERFORMANCE:
• Founded in 2004 • World’s #1 Visibility Platform
• Headquarters: Santa Clara, CA, U.S. • Named #1 Network Monitoring Equipment (NME)
• Global Offices: 20 countries Vendor Worldwide by Market Share*
• 799 employees • Key Verticals: Federal, Financial Services,
Healthcare, Retail, Technology, Service Providers
• Over 2,500 customers
• $311M Revenue in FY16, +40% Year-over-Year

*Source: IHS Markit Report, Network Monitoring Equipment, May 19, 2017

©2017
©2016 Gigamon. All rights reserved. 2
The Data-in-Motion Dilemma
VOLUME + SPEED + THREATS = COMPLEXITY + RISK + COST
Volume

Network Data
Security tools do not
scale as fast as data
Machine to 6.7 ns available to
Machine process a network
packet on a 100Gb link
Internet
of Things 4.7ZB of global data
Data Center center traffic in 2016*
Emergence transition to 100Gb
of Big Data 1.7PB of M2M
Security Tool traffic in 2017**

Time
*Cisco Global Cloud Index 2016.
**Statista Global machine-to-machine (M2M) data traffic from 2014 to 2019 (in petabytes per month)

©2016 Gigamon. All rights reserved. 3

CYBERscape: The Cybersecurity Landscape. Source: Momentum Partners. https://momentumcyber.com/docs/CYBERscape.pdf

©2016 Gigamon. All rights reserved. 4

 Challenges with Ad Hoc Security Deployments
VISIBILITY LIMITED TO A POINT IN TIME OR PLACE
Public
Cloud
User Behavior

✕ Significant blind spots

Next-Generation
Analytics
User Behavior Firewall
Next-Generation
User Behavior
Analytics Internet Next-GenerationFirewall
Analytics Firewall

✕ Extraordinary costs
Data Loss
Routers Advanced
Persistent
✕ Contention for access to traffic
Prevention Advanced

✕ Inconsistent view of traffic

Threat
Data Loss Advanced Persistent
Data Loss
Prevention “Spine” Persistent Threat
Prevention Switches Threat

✕ Blind to encrypted traffic

✕ Too many false positives
“Leaf”
Email Threat SIEM
Detection
Switches
Email Threat SIEM
Detection SIEM
Email Threat Virtualized
Detection
Server Farm

It is time the balance of power shifted from attacker to defender!

©2016 Gigamon. All rights reserved. 5
Bridging the Gap

©2016 Gigamon. All rights reserved. 6

 Transform Security: The Security Delivery Platform
LOOK INSIDE THE NETWORK
Public
Cloud
User Behavior
Next-Generation
Analytics
User Behavior Firewall
Next-Generation
User Behavior
Analytics Internet Next-GenerationFirewall
Next-Generation Advanced Data Loss User Behavior SIEM Email Threat
Analytics Firewall
Firewall Persistent Threat Prevention Analytics Detection

On-premiseRouters Advanced
Data Loss Persistent
Prevention Data Center Advanced
Threat
Data Loss Advanced Persistent
Data Loss
Prevention
Prevention
“Spine”
Switches
Persistent
Threat
Security Delivery Platform
Threat
Remote
Sites

Private
“Leaf”
Email Threat Cloud
Switches Reach physicalSIEM Metadata for Targeted Detection of Inline mode for
Detection
and virtual
SIEM
networks Improved inspection encrypted threats visibility and control
Email Threat
Forensics
Detection SIEM
Public
Email Threat Virtualized
Cloud
Detection
Server Farm

Security Delivery Platform: A foundational building block to effective security

©2016 Gigamon. All rights reserved. 7
GigaSECURE®
THE INDUSTRY’S FIRST SECURITY DELIVERY PLATFORM

Next-Generation Advanced Data Loss User Behavior SIEM Email Threat

Firewall Persistent Threat Prevention Analytics Detection

On-premise
Data Center

Security Delivery Platform

Remote
Sites

Private
Cisco ACI Private
Cloud Physical,
Reach Virtual
physical Metadata
Metadata for Application
Targeted SSL of
Detection Inline
Inline mode for
Cloud and Cloud Engine Session Filtering Decryption Bypass
and virtual networks Improved inspection encrypted threats visibility and control
forensics
Public
Public
Cloud
Cloud

©2016 Gigamon. All rights reserved. 8

What Leading Security Partners Say
“… access to high fidelity
network traffic is a vital
step in the implementation
of advanced protections.”
©2016 Gigamon. All rights reserved.
“Even the best security “…To be effective, a “…GigaSECURE Security
appliance will fail to security appliance needs Delivery Platform sheds
deliver if it does not get to be able to access the light on insider initiated
the right traffic…” right network traffic…” threats, it can provide
complementary visibility
to the network traffic that
Palo Alto Networks sees…”
9
Gigamon Partner Ecosystem

Security and
Vulnerability
Gigamon Visibility Platform

Management

Service
Provider

Network &
Application
Performance
Management

Infrastructure

©2016 Gigamon. All rights reserved. 10

Gigamon Visibility Platform
Tools & Applications
Security | Experience Management | Performance Monitoring | Analytics Tools and Applications

Orchestration

Traffic Intelligence

Visibility Nodes

Any Network
Data Center, Hybrid and Private Cloud | Public Cloud | Service Provider Networks | Remote Sites

©2016 Gigamon. All rights reserved. 11

Gigamon Visibility Platform
Tools & Applications
Security | Experience Management | Performance Monitoring | Analytics Tools and Applications
A
P
I

Orchestration GigaVUE-FM API

NSX Manager vCenter

Traffic Adaptive Application

De-duplication FlowVUE®
Intelligence Packet Filtering Session Filtering
GTP Header NetFlow and
Masking
Correlation Stripping Metadata Generation

SSL
Slicing Tunneling
Decryption

Flow Mapping® Clustering Inline Bypass GigaStream®

Visibility
Nodes Intelligent Visibility Public Cloud Virtual Traffic Aggregators Network TAPs

Any Network
Data Center, Hybrid and Private Cloud | Public Cloud | Service Provider Networks | Remote Sites

©2016 Gigamon. All rights reserved. 12

Network monitoring use cases
Use Case: Limited Access to Environment (Multi
network segments)
LIMITED TOOL PORTS, MANY SWITCHES

Without Gigamon With Gigamon

Switch 1 Switch 1

Switch 2 Switch 2

Switch 3 Switch 3

Analysis tool with Switch 4 Analysis tool with Switch 4

only 2 NICs ports only 2 NICs

Switch 5…n Switch 5…n

Limited Connectivity Pervasive Access – Can Connect to

to Full Environment All Points in the Environment

©2016 Gigamon. All rights reserved. 14

Use Case: Change Media and Speed (Future
proof to new network)
10, 40 OR 100GB TRAFFIC TO 1 OR 10GB TOOLS

Without Gigamon With Gigamon

GigaVUE® Matches Your Network to Your Tools

Intrusion Detection
System (IDS)
10Gb 1Gb
Application Performance
Management

VoIP Analyzer

Packet Capture Intrusion Application

VoIP Packet
Detection Performance
Monitor Capture
System Management

Customer migrates to a 10Gb network and Customer able to extend the life
1Gb monitoring tools become useless of their 1Gb network and security tools

©2016 Gigamon. All rights reserved. 15

Use Case: Eliminate SPAN Port Contention
FEW SPAN PORTS, MANY TOOLS

Without Gigamon With Gigamon

Intrusion
Detection
System (IDS)
Intrusion Detection
System (IDS) Application
Performance
Application Performance
Management
Management
Switch with two SPAN
session limitation VoIP Analyzer
VoIP Analyzer Switch with
two SPAN
ports Packet
Packet Capture
Capture

Customer is unable to use all tools! Customer has complete visibility for all tools!

©2016 Gigamon. All rights reserved. 16

Use Case: Optimize Tool Efficiency
(Centralization)
MAXIMIZE THE TOOL INVESTMENT BY CENTRALIZING,

Without Gigamon With Gigamon

Remote 1 Remote 1
Remote 2 Remote 2
Switch 1 Switch 1
Switch 2 Remote 3 Switch 2 Remote 3
Switch 3 Switch 3

Remote 4 Remote 4
Switch 4 Switch 4
Central
Central
Switch Switch

1 site per Tool – Tools not optimized Centralize the Tools for maximum efficiency

©2016 Gigamon. All rights reserved. 17

Run Multiple POCs in Parallel
ACCELERATE CERTIFICATION OF NEW TOOLS

Without Gigamon With Gigamon

POC #1
POC #1 – Vendor X Tool POC #2 – Vendor Y Tool POC #3 – Vendor Z Tool Vendor X
Tool

POC #2
Vendor Y
Tool tested w/ NW Tool tested w/ same NW Tool tested w/ same NW Tool
Segment – 4 weeks Segment – 4 weeks Segment – 4 weeks

POC #3
Vendor Z
Tool

1 month 2 month 3 month 1 month 2 month 3 month

Customer performs each Proof-of-Concept (POC) Customer is able to run multiple POCs
serially at different times using different data concurrently using same data

©2016 Gigamon. All rights reserved. 18

Traffic Visibility for Private Cloud
Securing your Virtual Data Center
Visibility into Virtualized Workloads
CHALLENGES
VM VM VM VM VM VM

VIRTUALIZE
SERVER

SERVER

Hypervisor Hypervisor

SERVER SERVER

Switch
Switch

TRADITIONAL VISIBILITY VIRTUAL VISIBILITY CHALLENGES

• SPAN on Switch Ports • Blind spots for Intra-Host VM traffic
• Physical TAPs • Blind spots for Inter-Host VM traffic (blade center)

©2016 Gigamon. All rights reserved. 20

Virtual Visibility: More Important Than Ever
5 REASONS WHY YOU SHOULD CARE
1. Scope of security must cover virtualized workloads
2. Increasing VM density
3. Visibility into VM-VM traffic
4. Creating new virtual tool instances eats into compute capacity
5. Automated visibility after VM migration

GigaVUE-VM
IDS

VIRTUAL VIRTUAL VIRTUAL

IDS VM1 ANTI- APM VM
MALWARE

HYPERVISOR HYPERVISOR
ANTI-MALWARE

SERVER SERVER
APM

LEGACY APPROACH MODERN APPROACH

©2016 Gigamon. All rights reserved. 21
GigaVUE-VM for VMware vSphere
LIGHT FOOTPRINT VIRTUAL MACHINE, NOT KERNEL MODULE
Small Footprint: 1 vCPU, 2 GB RAM
Throughput (tested): 3 Gbps (mix packet sizes)

©2016 Gigamon. All rights reserved. 22

©2016 Gigamon. All rights reserved.
Visibility in Motion
AUTOMATED MONITORING POLICY MANAGEMENT

• Integration with vCenter to detect vMotion

• Automated re-deployment of rules that follow the VM
vMotion Initiate
Notify

Monitor VM1

VM1 VM2 VM3

GigaVUE-VM GigaVUE-VM

vSwitch vSwitch

Hypervisor Hypervisor Application

Performance
GigaVUE-FM
Update Network
Management

Security

©2016 Gigamon. All rights reserved. 23

GigaVUE-VM - Virtual Workload Monitoring
EXTENDING VISIBILITY INTO VIRTUAL DATA CENTERS
• Small footprint ‘Virtual Tap’ guest VM appliance • Access, Select, Transform, and Deliver Virtual traffic
• Visibility into Hosted Applications • Visibility into Physical to Virtual traffic

Advanced Traffic Intelligence

• De-duplication • Time Stamping
Centralized
• Packet Masking • Load Balancing
• Packet Slicing • NetFlow Generation tools
• Header Stripping • SSL Decryption

Core Core
Application
GigaVUE-VM Performance
• Flow Mapping™
• Filter on VM, application ports
• Packet slicing at any offset Spine Spine
• Tunneling for multi-tenant
Network
Tunnel Port
DB Server Network
Performance
Leaf Leaf Leaf Leaf
DB

OS

Tunneling Security

©2016 Gigamon. All rights reserved. 24

 GigaVUE-VM: Automated Traffic Visibility

Automated Traffic Visibility for

VMware powered SDDC

Solution Category Integration Options

SDDC Operations and Visibility Port Mirroring, NSX-API, NetX

©2016 Gigamon. All rights reserved. 25

Security monitoring use cases
Gigamon Data-in-Motion Visibility Platform
COMPONENTS RELEVANT TO THE SECURITY DELIVERY PLATFORM
Security / Performance Management / Analytics Tools and Applications
A
P
I

Orchestration GigaVUE-FM API

NSX Manager vCenter

Traffic Adaptive Application

De-duplication FlowVUE®
Intelligence Packet Filtering Session Filtering
GTP Header NetFlow and
Masking
Correlation Stripping Metadata Generation

SSL
Slicing Tunneling
Decryption

Flow Mapping® Clustering Inline Bypass GigaStream ®

Visibility
Nodes Intelligent Visibility Public Cloud Virtual Traffic Aggregators Network TAPs

Any Network
Data Center, Hybrid & Private Cloud Public Cloud Service Provider Networks Remote Sites

©2016 Gigamon. All rights reserved. 27

NetFlow/IPFIX Generation

Without Gigamon With Gigamon

Challenges: Generating NetFlow Information:

• High impact on routers and switches for generating NetFlow records
• Routers / switches generate sampled NetFlow which is inadequate for
security
• Some routers do not support NetFlow, others have proprietary flow methods
• Without NetFlow, you can only instrument parts of your network for Deep
Packet Inspection (DPI)
• With NetFlow, you know where you need to DPI.
• Enable end-to-end security enforcement with visibility into every flow
• Ideal to detect Command and Control communications
• Validated with I ndustry-leading SIEM and NetFlow forensics collectors

©2016 Gigamon. All rights reserved. 28

 Metadata

Metadata Engine Generation

Without Gigamon With Gigamon

Volume, types and amount of data overwhelm SIEMs Metadata Engine Benefits:
• High Performance
• Cost Savings
• Full visibility, better security

©2016 Gigamon. All rights reserved. 29

 Metadata

Metadata Enhancements Generation

HTTP Response Codes DNS Discovery

DNS
C&C
Discover malicious
communications to
C&C servers using
Uncover Denial of Service & compromise DNS transactions
of internal web servers Bots

HTTPS Certificate Anomalies

Analyze HTTPS certificates

to discover bad/suspicious
certificates

* Planned Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.

©2016 Gigamon. All rights reserved. 30

 Metadata

Example Use Case for GigaVUE-HC2 Generation

Intrusion Internet NetFlow Intrusion

Prevention Collector Detection
Systems System

Edge Routers
NetFlow SSL
Generation Decryption

GigaStream™

Email Data Loss Core Switches Out-of-Band

Inspection Prevention Malware

©2016 Gigamon. All rights reserved. 31

 Application

Application Session Filtering Session Filtering

TOOL OPTIMIZATION FOR IP NETWORKS

Filter all traffic corresponding to

2 1 3 1 1 1 2
9 8 7 6 5 4 3 2 1
an application session and
Physical

maintain session integrity when

3 4 3 2 1 3 1
Next Generation Firewall
delivering traffic to tools.
5 6 4 7 3 1 3
✓ Offload high-bandwidth media
9 8 7 6 5 4 3 2 1 streams from reaching security
detection tools
6 9 5 8 2 2 5 Application
User Behavior Analytics
Session Filtering
✓ Discover insecure applications
Virtual

GigaVUE-VM
9 8 7 6 5 4 3 2 1
based on specific signatures
9 4 8 6 4 7 2

GigaVUE-VM
✓ Improve efficiency of
SIEM security appliances
✓ Analyze and respond to
incidents using custom
regex patterns

©2016 Gigamon. All rights reserved. 32

 SSL

Gigamon Inline SSL Visibility Solution Decryption

FULL-BLOWN MIDM FUNCTIONALITY

Encrypted traffic
3
Decrypted traffic

SSL Session
Leg 2 Inline Tool Group
(encrypted) (decrypted traffic)

Web Monitor Tool

(decrypted traffic)
1 Highlights
SSL Session 2
• Servers and clients located internally
Leg 1
or externally
(encrypted)
• Private keys not needed
2 • RSA, DH, PFS can be used
Out-of-Band Tool
(decrypted traffic) • Supports inline and out-of-band tools
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.

©2016 Gigamon. All rights reserved. 33

 SSL

Gigamon SSL Decryption Decryption

KEY BENEFITS

Automatic SSL / TLS detection Scalable interface support Decrypt once.

on any port or application (1Gb – 100Gb) Feed many tools

Strong crypto support: Certificate validation and Strong privacy compliance:

PFS, DHE, Elliptic Curve ciphers revocation lists categorize URL before decryption

©2016 Gigamon. All rights reserved. 34

 The Benefit of the Gigamon inline SSL Approach
Gigamon’s Inline SSL Deployment

Scalable GigaSMART®
• Inline SSL Decryption

The GigaVUE-HC2 is capable of

adding a single inline security tool,
but it does not unlock the true
potential of the unit.

©2016 Gigamon. All rights reserved. 35

The Benefit of the Gigamon inline SSL Approach
Add new inline tools

One single GigaVUE-HC2 is

capable of adding multiple tools

©2016 Gigamon. All rights reserved. 36

The Benefit of the Gigamon inline SSL Approach
Add new network segment

One single GigaVUE-HC2 is

capable of protecting multiple
network links

©2016 Gigamon. All rights reserved. 37

The Benefit of the Gigamon Platform Approach
Increase inline SSL throughput

Scalable GigaSMART®
• Inline SSL Decryption

The GigaVUE-HC2 is a true Security Delivery Platform that

provides all this functionality in a scalable, modular form factor
• Bypass protection • Multiple network links
• Multiple inline tools • Traffic Intelligence
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.

©2016 Gigamon. All rights reserved. 38

 Inline

Active Security Remediation with Inline Bypass Bypass

SCALING INLINE SECURITY WITH “INLINE BYPASS”

Maximize tool efficacy

E.g. WAN router IPS WAF

T1 T2 Increase scale of security monitoring

E.g. Firewall
Add, remove, and upgrade
tools seamlessly
T1 E.g. IPS

Consolidate multiple points of failure

T2 E.g. WAF into a single, bypass-protected solution

Integrate Inline, Out-of-Band, and

T3 E.g. ATD
Flow-based tools via the GigaSECURE®
T3 T3 T3
Security Delivery Platform
E.g. Core switch ATD ATD ATD

©2016 Gigamon. All rights reserved. 39

CASE STUDIES
WITH GIGAMON
Case Study
Overview
• Global bank serving 18.9
million customers and total
assets of £800 billion
• Headquarters in Edinburgh,
Scotland
Account team:
Simon Mott, Steve Butts
©2016 Gigamon. All rights reserved.
• High cost and potential impact from traffic volume of IDS/IPS
deployment in new data center
• Desire to deploy Cisco Firepower and FireEye NX but resistance
to deploy inline
CHALLENGE • Wanted future-proof solution, fault tolerant with High Availability
• 18 month project initially with 7 SIs bidding!
• GigaSECURE architecture with 26 GigaVUE-HC2, 40 bypass
modules including GRIP for resiliency, GigaVUE-FM
• Worked with all 7 SIs initially, and then solely with Accenture who
SOLUTION won the contract
• Maximize uptime: Deployed IPS with minimal production changes
• Increased operational agility with decreased risk: Ability to
switch between IPS and IDS modes instantaneously
• Investment protection: Roadmap for future expansion with
RESULTS GigaSMART functionality such as SSL, de-duplication, NetFlow
41
Case Study
Overview
• Second largest telecom
provider in US with US $126B
revenues (2016)
• Headquarters in New York City
Account team:
Pete Forno, Brian Burgess, Jeff Smith
©2016 Gigamon. All rights reserved.
• Involved large wireless and wireline cross functional team
• Selected Radware for DDoS security and other out-of-band tools
• Joint meeting with Wireless, Wireline, Radware and Gigamon to
CHALLENGE design a scalable architecture
• Upsold to GigaVUE-HC2 with Inline Bypass, IPFIX & APF
GigaSMART licenses. IPFIX offloaded from network infrastructure
• Highlighted technical benefits: negative heartbeat, IPFIX.
Aggressively took on commodity TAP Aggregation competitors
SOLUTION
• Proposed Resident Support Engineer for maintenance
• $6M initial purchase led to $2M adjunct GigaVUE-HC3 project,
production cloud network. Lite duty locations architected with
GigaVUE-HC2 and GigaVUE-TA Series
• Reduced cost: 75% reduction in tool costs
RESULTS • Reduced complexity: 24 DDoS appliances reduced to 2. All in-
line / out-of-band tools supported with GigaSECURE architecture
42
Case Study
• Initial Gigamon purchase in 2014 after being introduced to the
account by Access IT Group
• Economic Buyer: Director of Global Cybersecurity
• Pain points: Silo-ed IT teams, network availability, visibility for
CHALLENGE
inline and out-of-band tools

• Deployed GigaVUE-HC2 appliances inline at all regional gateways

Overview
• Manufacturer of footwear,
sports and casual apparel with
SOLUTION
US $4.8B revenues (2016)
• Headquarters in Baltimore, MD
Account team:
Stephanie Danforth and Adam Balog
RESULTS
• Tools used: Cisco Firepower IPS and Vectra for Automated Threat
Detection / Response
• Bypass capability provided flexibility for SecOps team and
resiliency for NetOps team
• Near-zero downtime while maintaining inline security tools
• Investment protection: Scalable for future growth when
international hubs are upgraded from 1Gb to 10Gb
• Improved operational efficiency between NetOps and SecOps
• Scalable architecture: Foundation to deploy inline & out-of-band
security tools, new capabilities like SSL decryption

©2016 Gigamon. All rights reserved. 43

Case Study: Global Manufacturer
SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM
• Inline Tools: Sourcefire IPS, Imperva WAF
Background • Out-of-Band tools: FireEye, ExtraHop
& Challenge • Needed many-to-one inline inspection, APP aware intelligence and capture
the same traffic for out-of-band security functions like FireEye and ExtraHop

• GigaSECURE®: Inline bypass technology to provide many-to-one

(1x10Gb and 3x1Gb links) inline inspection
Solution • APP aware capability only delivers WEB traffic to Imperva for inspection
• Capture same Internet traffic and send to out-of-band FireEye, ExtraHop

• Use one Sourcefire appliance to protect 4 different physical links

Results & with different media/speed
Key Benefits • Feed same Internet traffic to both inline and out-of-band tools
• Significantly simplified security operations: upgrade any security tool at will

©2016 Gigamon. All rights reserved. 44

Case Study: Global Manufacturer
SECURITY MONITORING USING THE SECURITY DELIVERY PLATFORM

©2016 Gigamon. All rights reserved. 45

 VISIBILITY
MATTERS

©2016 Gigamon. All rights reserved. 46