Article written by Shane Buckley President and CEO of Gigamon

 

Recently, my colleague, Joe Slowik, our senior manager of threat intelligence and detections engineering here at Gigamon, and I sat down with Shira Rubinoff, who is the president of Green Armor Solutions and one of the most informed cybersecurity experts in the information technology (IT) and security community. With the alarming rise in online threats being top of mind for cyber professionals, we discussed some of the biggest obstacles today's enterprises face, and specifically how — and why — deep observability is the answer. Below I've highlighted some key takeaways from our chat.

Deep Observability Broken Down

"Observability" has been around for quite some time and is a non-intrusive way to keep an eye on how systems are working. It typically uses metrics, events, logs, and traces (MELT) to understand what's happening within an application. However, what many organizations don't realize is that MELT is incomplete and easy to spoof. Sophisticated threat actors can overwrite logs and fool the security systems in place, sending false information to the security operations center (SOC) teams.

Gigamon augments log-based observability methods by going "deep" and providing organizations with actionable network-level intelligence from immutable metadata that is used to validate the authenticity of the log-based observability insights. Gigamon takes it to the next level by going into all seven layers of security to extract reliable metadata from network traffic, reformulate the information, and provide it to a variety of observability tool vendors. In doing so, we're able to provide a pipeline of high-fidelity traffic to these tools in real time, which validates the authenticity of the data, reduces false positives for the SOC, and advances the overall security posture of an organization.

The Cat-and-Mouse Game

As my colleague Joe put it so eloquently, the biggest challenge our customers currently face is that we're moving away from a self-contained, on-prem cloud structure. The second the cloud goes off-prem, it reduces, and sometimes eliminates, the firm boundary that existed between trusted networks and the untrusted internet. CISOs have expressed that this is their number one security priority, and they are growing increasingly concerned that there is no true solution for this today.

Every security professional I've spoken to highlights the difficulty of prioritizing noisy alerts. Because adversaries hide in traffic, such as encrypted web communications, it is extremely difficult for defenders to distinguish this activity from the noise of everyday operations. To put it lightly, we're in a cat-and-mouse game, and the mouse is winning. It's time we change that.

Deep Observability Gives Organizations the Upper Hand

We continue to see unprecedented growth in hybrid cloud adoption for organizations worldwide. Security of hybrid cloud remains the number one challenge for CISOs and their organizations. The Gigamon Hawk Deep Observability Pipeline provides a similar level of protection to hybrid cloud workloads as we have delivered for the past 15 years for on-premises workloads. Gigamon provides full visibility into all traffic — both North/South and East/West movement — eliminating blind spots and thereby making it much more difficult for threat actors to dwell within customer networks. Gigamon Hawk provides the only source of immutable actionable network-level intelligence to security tools, which is critical for organizations to remain secure in hybrid and multi-cloud environments.

To accomplish this and help bolster enterprises' security postures, Gigamon recently launched GigaVUE® 6.0, an expansive set of advanced capabilities for the Gigamon Hawk Deep Observability Pipeline. This allows our customers to:

  • Acquire container traffic over any container network interface (CNI) and any container orchestration, including auto-discovery of new nodes. Developers can now run fast, and security teams can ensure monitoring of all East-West communications, including ephemeral workloads.
  • Access new network-derived application metadata from any observability platform, including Dynatrace, New Relic, and Sumo Logic. Customers can now extend their current tools for new security functions, such as identifying rogue services or activities and illegal crypto mining.
  • Scale their on-premises network telemetry processing with the new GigaVUE-HC1-Plus visibility appliance, offering twice the performance in half the physical footprint and power requirements.

Overall, with a combination of the layered product architecture, advanced threat research, and direct guidance from Gigamon threat and incident response experts, SOC teams can feel better equipped to level the playing field with threat actors.

Technologies