Gigamon – 보안전달 플랫폼See More, Secure More

Gigamon Korea

총판사 - 인성디지탈

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 2

Agenda

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved.

• 개요

• 보안전달플랫폼

• Use Cases

• 회사소개

• QnA

개요

© 2018 Gigamon. All rights reserved. 4

보안의목적및고려사항

Access and Control Data

Increase Confidence in Security Posture

Boost Security Efficiency,Reduce Complexity

Network Upgrades Virtualization / Cloud

Deploying New Tools with tight Budgets

© 2018 Gigamon. All rights reserved. 5

Remote Sites

PrivateCloud

On-PremData

Center

ServiceProvider

Public Cloud

Users

Partners

Customers

Employees

Customers

Revenue

Partners

Unknown

Applications

IP

IP

UnknownApplications

Unknown

Network Data Users Threats Tools

In Reality - DATA in EVERYWHERE(본사,지사,데이터센터,클라우드등)SECURITY�LANDSCAPE�ALWAYS�CHANGING

© 2018 Gigamon. All rights reserved. 6

Network Data Users Threats Tools

Remote Sites

PrivateCloud

On-PremData

Center

ServiceProvider

Public Cloud

Users

Partners

Customers

Employees

Customers

Revenue

Partners

Unknown

Applications

IP

IP

UnknownApplications

Unknown

Full Visibility “the single source of truth”

DATA in EVERYWHERE(본사,지사,데이터센터,클라우드등)SECURITY�LANDSCAPE�ALWAYS�CHANGING

© 2018 Gigamon. All rights reserved. 7

161718

131415

101112IPS

ATP

Forensics

7

4

1

DLP

SIEM

WAF

89

23

56

Firewall

Remotesites Public cloud

Internet

Virtualized server farm

Needs…..

보안툴로인해네트워크장애나지연시간증가가발생할까걱정입니다

보안툴구성을위한미러포트가부족합니다

보안툴업그레이드에따라네트워크가용성이훼손됩니다

보안장비와네트워크의상호의존성을최소화할

수있습니까 ?

Network Operations Security Operations

보안강화를위해네트워크전체트래픽(내부구간,가상화,리모트)을받아야

합니다

트래픽확보를위해네트워크팀의신속한협조가필요합니다.

늘어나는 SSL트래픽을효율적으로검사할수

있습니까?

빅데이터및 IoT 를위한보안방법은무엇입니까?

NETWORK OPSSECURITY OPS

© 2018 Gigamon. All rights reserved. 8

Tools and Apps

보안에대한새로운접근방법필요

G i g a S E C U R E ® S E C U R I T Y D E L I V E RY P L AT F O R MNext generation network packet broker, purpose built for security-specific capabilities

DATAPhysical, Virtual and Cloud Infrastructure

SSL DecryptionPhysical, Virtual and Cloud Metadata Engine Application Session

Filtering Inline Bypass

보안전달플랫폼(Security Delivery Platform)

© 2018 Gigamon. All rights reserved. 10

플랫폼기반의네트워크보안설계

Data Loss Prevention

Data Loss PreventionData Loss

Prevention

IPS(Inline)

IPS(Inline)

IPS(Inline)

Email Threat Detection

Email Threat Detection

Email Threat Detection

Forensics

ForensicsForensics

IntrusionDetection SystemIntrusion

Detection System

IntrusionDetection System

Internet

Routers

“Spine”Switches

“Leaf”Switches

VirtualizedServer Farm

Anti-Malware(Inline)

Anti-Malware(Inline)

Anti-Malware(Inline)

IntrusionDetectionSystem

Data Loss Prevention

Email Threat Detection

IPS(Inline)

Anti-Malware(Inline)

Forensics

Isolation of applications for

targeted inspection

Visibility to encrypted traffic for

threat detection

Inline bypass for connected security

applications

A completenetwork-wide reach: physical and virtual

Scalable metadata extraction for

improved forensics

Security Delivery Platform

ü All tools still connectedü Fewer network touch points

ü Enhanced tool efficiencyü Decreased OPEX costs

© 2018 Gigamon. All rights reserved. 11

Without Platform

Firewall

IPS

WAF

ATP

Router

Switch

문제점

• 여러장애포인트존재

• 보안장비의 Physical interfaces 는네트워크와반드시매치

• 보안장비로인한네트워크성능저하

• 보안장비확장의어려움

• OS업그레이드시혹은교체시네트워크단절위험

• 비대칭라우팅으로인한보안장비탐지의어려움

© 2018 Gigamon. All rights reserved. 12

With Platform

중단없는보안장비추가,삭제및업그레이드

Single Point Failure한계극복(Bypass-protected 솔루션)

Inline 및 OOB보안솔루션통합

보안툴효율극대화

보안모니터링범위확장IPS WAF WAF OOB

ATP ATP ATP ATP

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 13

Firewall

Routers

Remotesites

Spine switches

Leafswitches

Public cloud

Internet

Virtualizedserver farm

161718131415 101112

IDSATP Forensics

#1 - OOB 네트워크보안솔루션효율화

7 41

DLPSIEMUEBA

8923 56

S E C U R I T Y D E L I V E R Y P L A T F O R MRouters

API

OOB�보안 솔루션들에맞는트래픽만선별하여전달- 초기 투자비감소및탐지/분석률 향상

특정Application에대한세션선별

SSL 암/복호화

트래픽수집- Physical가상화Public

메타데이타생성

(DNS, URL, SSL, HTTP Res. Code)

HTTP, FTP 메타데이타 웹,이메일스트리밍/비디오를

제외한모든트래픽

스트리밍/비디어,MS업데이트등제외한나머지

스트리밍/비디어,MS업데이트등제외한나머지

중복패킷제거

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 14

#1 - OOB 네트워크보안솔루션효율화(계속)OOB�솔루션에 대해 12가지의 트래픽인텔리전트기능제공

SSL/TLSDecryptionMasking

•패킷내부개인정보마스킹

NetFlow &Metadata Generation

•수집된패킷에대한100% NetFlow 및메타데이타생성

•암호화된 SSL/TLS트래픽을복호화(Inline or OOB)

Header Stripping

• VLAN, VxLAN, MPLS와같은헤더제거

Tunneling/ERSPANTermination

•본사/지사간암호화된트래픽전달 (L2GRE)

FlowVUE™

• IP, User, 세션기반 Flow –aware 트래픽샘플링

PacketSlicing

•패킷분할을통한패킷사이즈최적화

Source PortLabeling

•개별패킷에인입포트라벨을추가

GTP Correlation

•통신사가입자기반트래픽필터링

De-duplication

•다중구간에서수집된중복패킷제거

Adaptive Packet Filtering

• L7기반의 패턴기반트래픽필터링(패킷단위)

Application Session Filtering

• L7기반의 패턴기반트래픽필터링(세션단위)

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 15

#2 - Inline 네트워크보안솔루션효율화인라인장비구성및운영에대한유연성, 생존성 & 손쉬운확장성제공 ­ 보안 대응태세향상

Firewall

Routers

Spine switches

15

WAF

DDoS

IPS• 인라인바이패스

• SSL복호화

SSL -복호화

인라인솔루션

OOB솔루션

포렌식Leafswitches

Virtualizedserver farm

UEBA/APT

15

Health Check(Link, NIC, App.)

부하분산(세션기반)

서비스체이닝(Flexible Inline Arrangement)

비대칭트래픽이슈해결

Maintenance프로세스개선

네트워크업그레이드시기존보안장비유지및투자보호

추가 Tap기능제공

툴별성능고려트래픽전달분석대상트래픽선별전달

인터넷관문포함,전체네트워크트래픽수집및전달

전체트래픽(SSL -복호화)

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 16

Inline SSL Decryption

Inline SSL Decrypt

x2

x3 x4

x1

User

x5

IDS(OOB Tool)

IPS(Inline Tool)

H Series

BPS Pair

Web Server

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 17

서비스체이닝동작

인라인보안솔루션특성에따른트래픽전송및보안서비스체인구성

All Traffic

Inline traffic component Other Traffic

Inline traffic component Gateway FTP

Inline traffic component Gateway Web

Inline traffic component Gateway Crypto

IPS 0-Day DLP FWSSLProxy/WAF

URLFilter SSL

Core Switch

SSL 443 SSL 443

DMZServer A

Router

80/8080 80/8080

FTP 21 FTP 21

Other Other

ALL ALLDMZ

Server B

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 18

서비스체이닝동작 - A센터예SDP 인라인배치및보안솔루션별필요한트래픽만전달 ­ 초기 도입비용절감및생존성/유연성극대화

서비스체인구성예

§ DDoS의심트래픽

ü DDoS의심트래픽à DDoS à IPS

§ SSL트래픽

ü TCP 443 à SSL 복호화à IPS

àWAF à SSL암호화

§ 웹트래픽

ü TCP 80 à IPS à WAF

§ 전체트래픽

ü 나머지트래픽à IPS

Firewall

Routers

Spine switches

15

WAF

DDoS

IPS인라인바이패스

인라인솔루션

OOB솔루션

IDSLeafswitches

Virtualizedserver farm

APT

15

전체트래픽(SSL -복호화)

SSL

© 2018 Gigamon. All rights reserved. 19

HC SeriesGigamon Product

HC2 HC3

16 – 32 ports

10M/100M/1G/10G ports

2Gbps

1 (Integrated)

284 Gbps

1RU

2 – 96 ports

1G/10G/40G/100G ports

3-15Gbps

1-5 (Modular)

960 Gbps

2RU

32 – 128 ports

10/40/100G ports

12-48Gbps

1- 4 (Modular)

6.4Tbps

3RU

TAP1 TAP2 TAP3 TAP4

RDY

POWER ON/OFF

RDY

POWER H/SX1/X2 X3/X4A1 B1 M1 A2 B2 M2

X1/X2

RDY PWR FAN PTP PPS M/S

Stack/PTPMgnt / Con G1 / G2 G3 / G4

USB

X3/X4 X5/X6 X7/X8 X9/X10 X11/X12

Port Count

Port Speeds (1)

TLS Performance

GigaSMART engines

Bypass (Cut-Thru) capacity

Form Factor

Notes: (1) Bolded text indicates the availability of physical inline bypass (aka. “fail to wire”) on this appliance(2): TLS performance includes BOTH decrypt and re-encrypt operations, thus representing true through-put.

HC1

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 20

인라인바이패스 –장비(전원) Fail극복

광스플릿터이용, 전원 Fail시에도 네트워크생존성보장

� ( )-�

Internet

관문 라우터

백본 스위치

보안그룹#1

보안그룹#2

보안그룹#3

Only HTTP, FTP

전체 트래픽

Only HTTP(S)

Only Email

보안그룹#4

광스플릿터

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 21

인라인보안솔루션가용성체크

HEALTH�CHECK 방식 및 바이패스방안

• Positive�HB:�ARP/IP�패킷을양방향으로전송

• Negative�HB�:� 보안장비차단패킷을양방향으로전송(차단: 정상)

Use Cases

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 23

보안장비라이프사이클연장

VoIP Analyzer

Application PerformanceManagement

Intrusion Detection System (IDS)

Packet Capture

10Gb+ 1Gb10Gb+ 1Gb

• 보안 및 분석 솔루션의 라이프사이클 연장 및투자 규모 시기의 탄력적 계획 가능

Intrusion DetectionSystem

VoIPMonitor

Application PerformanceManagement

PacketCapture

• 네트워크 업그레이드에 따라기존 보안 및 분석 솔루션 업그레이드 필요

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 24

인라인보안장비구성및운용Backbone Switch

OSPF Routing/

Multicast Routing

보안장비 장애 시 불필요한 라우팅 경로 변경 발생

- 장비 장애 발생 시 불필요한 라우팅 경로 변경에 따른 서비스 안정 저하

- 장비 내 트래픽 홀딩 시 트래픽 처리 불가에 따른 트래픽 손실 발생

- 보안 장비에 따라, Active-Standby 운용

OSPF Routing/

Multicast Routing

장애 시 라우팅 경로 변경 발생

보안장비 장애 시에도 라우팅 경로 변경 없음

- 보안장비 장애 발생 시 기가몬 장비에서 트래픽 바이패스를 통한 정상 처리

- 기존 운영 네트워크망에서 불필요한 라우팅 경로 발생이 없음

- 구성 변경없이 Active-Active 운용

장애 시에도 라우팅 경로 변경 없음Inline-Bypass

고객접속구간 Backbone Switch

Backbone Switch

고객접속구간 Backbone Switch

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 25

3rd Party SSL 복호화솔루션연동

IPS

DLP

SSL 장비

DPI

SSL 장비

IPS

DLP

SSL Proxy

DPI

Inline Tools

SSL Proxy (Decryption)

IPSDLPDPI

1

12

2

3

49 6 58 7

10

11Encrypted Traffic

Clear Text

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 26

비대칭라우팅환경구성시

Internet Internet

Internet

Distribution

2 TrafficPaths

4 TrafficPaths

Internet Internet

Internet

Distribution

2 TrafficPaths

4 TrafficPaths

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 27

보안장비효율화 – Application Intelligence(3,200+ App.자동인식)

Internet Internet

UBA/NBA(행위기반 보안분석 시스템)

보안장비 보안장비 보안장비 보안장비

불필요한 트래픽

관련 트래픽

보안장비 보안장비 보안장비 보안장비

관련 트래픽

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 28

가상화환경의트래픽모니터링

• vCenter통합

• Bulk GigaVUE-VM 실행• Virtual traffic 정책생성

• 모니터링정책의자동마이그레이션GigaVUE-FM

PrivateCloud

SERVER I SERVER II

ApplicationPerformance

Network Management

Security

Virtual Traffic Policies

TunnelingInternet

Production Network Tools and Analytics

• VMWare ESXi• OpenStack/KVM• AWS, Azure• Cisco ACI, VMware NSX

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 29

Fabric Manager: Map Traffic Flows with Flexible Inline

GigaVUE-FM

회사소개

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 31

ü 2016년기준미국기술기업내가장빠르게성장하는기업 5위

ü 설립연도 : 2004년 (Pioneered Market)

ü 본사위치 : 미국, 캘리포니아산타클라라

ü 주요사업 : 보안및관리툴을위한가시성시장의리더및 Innovator

ü 사업분야 : 모바일(Mobile), 데이터센터(Datacenter), 클라우드 (Cloud)

ü 보유기술 : 26 개핵심특허권, 28 개특허심사중

ü 주요고객 : 2900+ 고객

(포춘 100대기업중 83개+, 전세계글로벌 100대통신사중 50개+)

31

Gigamon has a full portfolio of network monitoring equipment, addressing the whole range of deployments from small to very large.

- IHS Technology, Network Monitoring Equipment Annual Report (May 2017)

“기가몬은마켓리더로서, 네트워크전반의가시성을제공하는모든제품군을제공하고있다. “

“The Gigamon Visibility Platform enables our customers to accelerate …migration of their existing applications and workloads for richer content nspection and protection of their mission-critical workloads and data.” - Tim Jefferson, Global Ecosystem Leader-Security, Amazon Web Services, Inc.,

November 2016“기가몬은퍼블릭클라우드상에서중요데이터에대한

가시성을제공하여클라우드비즈니스로의이전을가능하게한다.＂

“Gigamon is the market share leader…delivering Layer 2 through Layer 7 visibility, filtering and correlation via its GigaSMART platform.”

- Market Guide for Network Packet Brokers, January 2016

“기가몬은전세계 NBP 마켓의 37.5%를차지하는마켓리더이다＂

“기가몬은복잡한보안아키텍처를단순화하는데도움을준다.“

“A Security Delivery Platform helps eliminate many of the security architectural deficiencies that have led to so many high-profile breaches.”

- Jon Oltsik, Senior Principal Analyst, ESG, July 2015

회사소개

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 32

5.2 주요 에코 파트너사

1377670

TM

PerformanceManagement

ServiceProviderSecurity and Vulnerability Management

Infra-structure

회사소개

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 33

A broad spectrum of brand-name customers.

엔터프라이즈

글로벌 TOP 100 SP내50+ 사업자

서비스사업자

2980+ 글로벌고객 (As of Q3,18’) Fortune 100대기업내 83+ 고객

TECHNOLOGY GENERAL ENTERPRISE / MISC.

RETAIL /SERVICES FINANCE HEALTHCARE

정부기관

레퍼런스

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 34

어플리케이션Gigamon

Applications3rd Party Apps

(e.g. Splunk, Viavi) Applications & Tools

Infrastructure,User Community

트래픽인텔리전스

패브릭 노드

(물리적환경, 가상화환경, 원격지노드및향후 SDN 상용

네트워크)

패브릭서비스Flow Mapping®

패브릭 컨트롤(관리 SW)

Inline Bypass

GigaVUE-HC2

H S

erie

s

TA S

erie

s

Virt

ual V

isib

ility

TAPs

G-TAP

G-TAP A Series

G-TAP BiDi

Embedded TAPs

GigaVUE-FM

Clustering

GigaVUE-HC3

G-TAP M Series

FabricVUE™ Traffic Analyzer

De-duplication

Slicing

FlowVUE™

Masking

GTP Correlation

Header Stripping Tunneling

SSL Decryption

Adaptive Packet Filtering

Application Session Filtering

Time Stamping

API

NetFlow Generation

API

GigaVUE-TA10

White Box –GV/OS

GigaVUE-TA40

GigaVUE-TA100GigaVUE-VM

VMWare, OpenStackAWS, Azure

GigaVUE-HC1

API

API

포트폴리오

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 35

Forrest 컨설팅리포트 – The Total Economic Impact of Gigamon

153%ROI

7 months투자회수기간

50%보안비용절감

The Total Economic ImpactTM, Forrester Consulting, April 2016.

Customer Validation

Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 36

결론 - Key benefits

1. Full 네트워크가시성제공ü 본사,원격지,가상화, Public네트워크에대한 Full 가시성확보ü SSL(In & Outbound)트래픽가시성제공

2. 네트워크/보안솔루션효율화ü 필요한트래픽만솔루션전달(초기도입비용감소)ü 운영효율극대화(탐지/분석률 향상및운영비용감소)

3. 네트워크보안유연성/생존성극대화ü 인라인/OOB 장비구성및운영에대한유연성/생존성제공ü Event발생시신속한대응가능(트래픽확보및신규대응솔루션추가)

QnA인성디지탈 기가몬영업팀 양대상 차장 E. gigamon@isd.co.kr | T. 02-2105-4636 | M. 010-2675-1744