Category : Gigamon
Data networks are undergoing the most fundamental changes since many of them were deployed decades ago. Traffic and bandwidth growth may be the most obvious, but the use of Software Defined Networks (SDN) and the cloud is causing even more fundamental disruption. And the impact of these changes is likely to continue unabated for some time.
Traffic growth is a given, of course. According to Cisco, IP traffic is expected to grow by 300% in the next five years. Some consider even that an understatement as the explosive growth of mobility, Big Data and the Internet of Things has the potential to hasten in the “Zetabyte Era” more quickly than anticipated.
The use of SDNs is likely the most important change in the “modern” network that impacts security. In most networks, security infrastructure has been deployed in line with the physical network and the traffic on that network. However, as traffic now becomes “mobile” and the physical network layer is abstracted, delivering the right amount and type of traffic to security appliances becomes very problematic. In many cases, deploying an SDN can result in “blind spots” since traffic no longer uses the same physical network. And simply adding new security appliances is not only expensive, but it may not improve your security posture.
A good example of these blind spots is when the use of Virtual Extensible Local Area Networks (VXLAN) hides traffic in a tunnel. Monitoring can become difficult, and individual applications flowing within the tunnel can’t be monitored. It is possible to strip out the encapsulations, but that will negatively impact the performance of analysis and monitoring tools.
What’s more, the security infrastructure must deal not only with more traffic, but with new threat types as well. To counter these threats, it is more important than ever to ensure that your traffic visibility and monitoring tools can deliver the right type and amount of traffic to your security appliances. And as the breadth of these threats increases, bringing tools inline is often the best course, as out-of-band deployments may miss malware or only find it after it has infested your systems.
Finally, the growth in encrypted traffic, as part of overall traffic growth, presents special challenges for security infrastructure. Forcing security appliances to decrypt, analyze and re-encrypt traffic often overloads these appliances.
The Unified Visibility Fabric Responds to These Demands
It is precisely these issues that have driven the design of Gigamon’s Unified Visibility Fabric (UVF). The complexity of modern infrastructure makes the UVF’s ability to provide visibility into physical, virtual and remote sites, as well as emerging SDN/NFV infrastructure, as a single unified fabric with a common management and policy model central to effective security. A unified management model also allows rapid visibility into infrastructure blind spots.
The Unified Visibility Fabric has functionality that is directly focused on improving your security posture. It starts with intelligent traffic delivery to security appliances, optimizing their operation and allowing them to be inline without being overloaded. This supports real-time malware detection and remediation. In addition, the UVF makes it possible to automate many elements of traffic management and delivery, which reduces the workload on limited IT and security resources while providing more consistent traffic delivery and monitoring. Using Gigamon’s unique and enhanced metadata, the UVF enhances the effectiveness of security appliances and improves threat detection.
For the SDN powered networks, UVF can also support de-capsulating or filtering some of these new overlay encapsulations (like VXLAN, which is used in Cisco ACI or VMware NSX) before delivering traffic to the monitoring tools, thereby eliminating additional blind spots created by next-generation networks.
Providing a consistent approach to end-to-end traffic visibility and management is critical to a strong security infrastructure. The UVF is also positioned to meet increasing network speeds and throughput with the ability to support 1Gb, 10Gb, 40Gb and 100Gb networks.
Given the fundamental changes occurring in modern networks, the new approach to traffic management and visibility provided by the UVF is required to support the security infrastructure that protects these networks.