ExtraHop Analytics and GigaSECURE Visibility Offer Network Control
ExtraHop, a Gigamon® Ecosystem Partner, is a stream-analytics platform that turns unstructured network data into structured wire data, and runs real-time analytics on it so you can get business-critical information when you need it.
The GigaSECURE® Security Delivery Platform provides ExtraHop rich data from all facets of your network, giving a complete real-time view of IT infrastructure, both locally and in the cloud.
GigaSECURE and ExtraHop are better together by providing a number of key benefits:
- Easy access to traffic from physical, virtual, and cloud networks
- Support for multiple cloud configurations
- Complete NetFlow data
- Load balancing to help you scale up
- SSL traffic is visible with SSL decryption
- Security masking
Let’s look at each of these in turn.
#1. Easy access to traffic from physical, virtual, and cloud networks
GigaSECURE can pull traffic from many parts of the network and feed it as packet data into the ExtraHop platform. This traffic can come from:
- Physical network links
- Virtual workloads
- Amazon AWS public cloud instances
The Gigamon platform de-duplicates and filters this data, and sends only the packets you want to the ExtraHop appliance.
#2. Support for multiple cloud configurations
Before Gigamon launched the Gigamon Visibility Platform for AWS solution last year, ExtraHop was a beta test partner. The following deployment options have been validated using GigaSECURE and ExtraHop:
- If you have traffic on physical networks but also spin up AWS public cloud workloads, you can tap the AWS traffic, tunnel it to the on-premise GigaSECURE platform, and then feed it into the ExtraHop appliance
- There’s also an entirely cloud-based version of the ExtraHop platform available: Gigamon can tap once for each of the different Amazon Machine Images, then feed the data it collects into the ExtraHop instance running in AWS from the Gigamon vSeries node
#3. Complete NetFlow data
NetFlow data is great for insight into what’s happening on networks—but typically, networking devices often only generate sampled NetFlow data. The GigaSECURE platform can generate unsampled, enhanced metadata in NetFlow or IPFIX format from any selected traffic stream and feed it into an ExtraHop appliance for analysis.
#4. Load balancing helps you scale up
For very large networks, the GigaSECURE platform can split traffic flows across multiple ExtraHop devices, which lets you add new devices as needed.
#5. All traffic is visible with SSL decryption
More and more traffic flowing across networks is SSL/TLS encrypted—and that can include rogue traffic that’s part of an attack on your infrastructure. The GigaSECURE platform can decrypt SSL traffic so that ExtraHop can analyze it—and with our new inline decryption/re-encryption ability, this process gives even better access to previously hidden data.
#6. Security masking
While you generally want to give ExtraHop all the data you can, sometimes you need to mask data to meet compliance requirements. For example, the GigaSECURE platform can mask patient identification information to meet HIPAA requirements or credit card numbers for financial privacy.