ExtraHop Analytics and GigaSECURE Visibility Offer Network Control

ExtraHop, a Gigamon® Ecosystem Partner, is a stream-analytics platform that turns unstructured network data into structured wire data, and runs real-time analytics on it so you can get business-critical information when you need it.

The GigaSECURE® Security Delivery Platform provides ExtraHop rich data from all facets of your network, giving a complete real-time view of IT infrastructure, both locally and in the cloud.

GigaSECURE and ExtraHop are better together by providing a number of key benefits:

  1. Easy access to traffic from physical, virtual, and cloud networks
  2. Support for multiple cloud configurations
  3. Complete NetFlow data
  4. Load balancing to help you scale up
  5. SSL traffic is visible with SSL decryption
  6. Security masking

Let’s look at each of these in turn.

#1. Easy access to traffic from physical, virtual, and cloud networks

GigaSECURE can pull traffic from many parts of the network and feed it as packet data into the ExtraHop platform. This traffic can come from:

  • Physical network links
  • Virtual workloads
  • Amazon AWS public cloud instances

The Gigamon platform de-duplicates and filters this data, and sends only the packets you want to the ExtraHop appliance.

Figure 1. Hybrid deployment model. (Click image for larger size.)

#2. Support for multiple cloud configurations

Before Gigamon launched the Gigamon Visibility Platform for AWS solution last year, ExtraHop was a beta test partner. The following deployment options have been validated using GigaSECURE and ExtraHop:

  • If you have traffic on physical networks but also spin up AWS public cloud workloads, you can tap the AWS traffic, tunnel it to the on-premise GigaSECURE platform, and then feed it into the ExtraHop appliance
  • There’s also an entirely cloud-based version of the ExtraHop platform available: Gigamon can tap once for each of the different Amazon Machine Images, then feed the data it collects into the ExtraHop instance running in AWS from the Gigamon vSeries node

#3. Complete NetFlow data

NetFlow data is great for insight into what’s happening on networks—but typically, networking devices often only generate sampled NetFlow data. The GigaSECURE platform can generate unsampled, enhanced metadata in NetFlow or IPFIX format from any selected traffic stream and feed it into an ExtraHop appliance for analysis.

#4. Load balancing helps you scale up

For very large networks, the GigaSECURE platform can split traffic flows across multiple ExtraHop devices, which lets you add new devices as needed.

#5. All traffic is visible with SSL decryption

More and more traffic flowing across networks is SSL/TLS encrypted—and that can include rogue traffic that’s part of an attack on your infrastructure. The GigaSECURE platform can decrypt SSL traffic so that ExtraHop can analyze it—and with our new inline decryption/re-encryption ability, this process gives even better access to previously hidden data.

#6. Security masking

While you generally want to give ExtraHop all the data you can, sometimes you need to mask data to meet compliance requirements. For example, the GigaSECURE platform can mask patient identification information to meet HIPAA requirements or credit card numbers for financial privacy.

For more about this joint solution, see:

Comments are currently closed.