FireEye + Gigamon: A One-Two Knockout Punch
FireEye is one of today’s top security companies, leading the charge against advanced persistent threats (APTs) with industry-leading solutions currently used by companies around the globe.1 These deployments can be enhanced with the advanced visibility, scaling, and efficiency provided by Gigamon’s solutions. The Gigamon Visibility Fabric™ extends the reach of FireEye threat detection to virtualized and encrypted traffic and enables administrators to optionally toggle deployment inline or out-of-band on the fly.
In addition, thanks to advanced Application Session Filtering, Gigamon can automatically send the right traffic—such as email, web, NetFlow data, etc.—to the right FireEye appliance, fast.
- Higher efficiency in malware and APT catch rates due to more comprehensive traffic visibility
- Reduced detection and response time from expedited access to traffic
- Extension of malware detection to traffic flowing between virtualized servers
- Inspection of SSL-encrypted traffic for embedded malware
- Optimized operation of FireEye application-specific products
- Opportunities for lower deployment and management costs of an advanced protection framework
- Fewer disruptions in scaling and deployment of FireEye protection by handling both in an abstraction layer
In a nutshell, Gigamon captures, analyzes, and routes all network traffic—physical, virtual, and encrypted—to specialized FireEye appliances to increase visibility (no more network blind spots), efficiency (the right tool gets the right traffic, fast), and confidence.
The benefits of the Gigamon GigaSECURE® Security Delivery Platform can be extended to other security tools and the applications that connect to them. This essentially multiplies the gains from an initial investment each time new security devices and technologies are added.
Good for both inline and out-of-band FireEye platforms
A good security posture includes both inline and out-of-band security tools, which is why FireEye provides both. Here’s a quick look at how Gigamon factors in:
- Gigamon can aggregate and forward any selected traffic flows to FireEye devices for inspection at line rate without data loss.
- Extend visibility and malware detection capabilities across the network, from edge to core and including east-west traffic on virtual networks between servers. The GigaSECURE Security Delivery Platform can easily be extended to remote locations, allowing these links to be monitored as well by a centralized FireEye deployment.
- Distribute the flows across multiple FireEye platforms, allowing FireEye to scale as network speeds increase and traffic volumes grow.
- Decrypt SSL traffic for inspection, preventing malware from hiding in SSL sessions.
- Bypass protection in both hardware and software ensures network integrity. Where multiple inline FireEye devices are deployed, traffic can be load balanced across the remaining devices when one is taken out of service for maintenance or due to failure.
- Gigamon’s fabric node distributes live production traffic to multiple inline FireEye platforms.
- FireEye platforms in active mode are ready to take action (quarantine, block, etc.).
- Switch between out-of-band and inline deployments with a single software command and without recabling—reducing change orders and deployment time.
For more information, see:
- FireEye and Gigamon: Real-Time Threat Protection with Enhanced Traffic Visibility
- Gigamon and FireEye: A One, Two Knockout Punch for Cyber Attacks
- FireEye and Gigamon video
1 FireEye Threat Prevention Platform and Services Named Winner of 2015 SC Magazine Excellence Award for Best Advanced Persistent Threat Protection.” FireEye. Accessed November 9, 2015.