Beruflich Dokumente
Kultur Dokumente
Yet, the security stakes have been raised multiple fold with more
organizations adopting cloud computing. In a Cloud Security
Alliance survey1, 73% of respondents indicated that security
concerns held back cloud projects.
SSL Vulnerabilities
But high-profile vulnerabilities, such as the Heartbleed bug, which
exposes web server memory protected by the OpenSSL software
to theft, have stoked concerns and fuelled threats SSL was
supposed to curb.
1
Coles, Cameron. (2015, Jan. 12) CSA Survey: Security of Cloud Data Now a Board-Level Concern. Cloud Security Alliance Industry Blog. https://blog.cloudsecurityalliance.org/2015/01/12/csa-survey-securitycloud-data-now-board-level-concern/
2
Pirc, John W. (2013) Analyst Brief: SSL Performance Problems. NSS Labs. https://www.nsslabs.com/sites/default/files/public-report/files/SSL%20Performance%20Problems.pdf
DHoinne, Jeremy and Hils, Adam. Security Leaders Must Address Threats From Rising SSL Traffic. Gartner report, 9 Dec 2013.
3
2
Visibility Fabric
4
Figure
1: TheFabric.
steps to SSL decryption
Visibility
Multi-tiered security
appliances
(inline or out-of-band)
GigaVUE-FM
NGFW
Core
switch
Spine
switch
Inline
Bypass
SSL
NetFlow
Decryption Generation
WAF
ANTI-MALWARE
Spine
switch
Visibility Fabric
Leaf
switch
IPS
Core
switch
Leaf
switch
VM
VM
GigaVUE-VM
HYPERVISOR
IDS
DLP
NETWORK FORENSICS
APT
Summary
The changing threat landscape, amid growing volumes, velocity,
and variety of data and evolving cloud-based infrastructure, are
forcing organizations to rethink their approach to security.
SSL has become a vital technology for cloud-based services. It
has a strong track record for encrypting and authenticating data
online but it might not be the silver bullet for cloud security.
It severely limits visibility for both performance and security
monitoring. The risk around the growing security threat posed by
uninspected SSL sessions increases the urgency for inspecting
SSL traffic.
The ultimate objective is to build trusted cloud services and SSL
connections. By supplying clear, decrypted SSL traffic to multiple
tools, Gigamon provides immediate value and return on investment
in capital expenditure, licensing fees, and management costs.
Traditional network switches are highly optimized for addressbased forwarding where traffic is forwarded based on address
information in the headers of the packets. Within the Visibility
Fabric, traffic is forwarded based on the content of the packets,
as well as based on correlated traffic flows that straddle multiple
packets. And furthermore, those traffic streams may need to
be replicated within the Visibility Fabric so as to deliver them to
multiple sets of tools.
That packet replication is also based on the content of the packet,
as well as based on correlated traffic streams, so as to ensure
that just the relevant traffic is delivered to the tools. This makes
the Visibility Fabric a highly specialized function that is very
unique and different from traditional network switches. As we
look to the future, this specialized capability of the Visibility Fabric
will make it an integral but distinct component in ensuring the
successful deployment of SDN solutions.
About Gigamon
Gigamon provides an intelligent Unified Visibility Fabric to enable
the management of increasingly complex networks. Gigamon
technology empowers infrastructure architects, managers and
operators with pervasive visibility and control of traffic across
2015 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other
countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of
their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
3300 Olcott Street, Santa Clara, CA 95054 USA | +1 (408) 831-4000 | www.gigamon.com
3165-01 05/15