New Gigamon Application Intelligence Capabilities: Get Better Tool Efficiency at Reduced Cost
Good news! In late March we’re introducing our new Application Intelligence suite of applications. With it you’ll get application awareness to improve the effectiveness of your entire ecosystem, making tools more efficient and reducing effort and costs. Application Intelligence addresses key challenges for both network operations and security operations buyers.
You’ll be able to address these tough problems:
- Network analytics, security and application monitoring tools that are inundated with low‐risk and low‐value network traffic
- Difficult‐to‐identify applications on the network or contributors to network traffic growth
- A management challenge requiring time and tedious effort to manually classify applications, either through regex or hardwiring ports
- Security tools cannot quickly isolate mission‐critical applications that need extra protection
- Not having visibility to application context makes it easier for the cybercriminal to hide their attacks
- Inundated forensics, compliance and other network security tools with low‐risk and low‐value network traffic
- Attackers bypassing defenses using port and packet spoofing
The Application Intelligence Suite
The Application Intelligence suite of applications includes Application Visualization, Application Filtering Intelligence and Application Metadata Intelligence. Application Visualization allows you to quickly visualize the top applications running on the network. Using Application Filtering Intelligence, lets you automatically identify and classify high‐value and high‐risk traffic by application. Application Metadata Intelligence provides contextual security information about application activity so that you can quickly identify and remediate threats.
Ananda Rajagopal, Vice President of Products and Solutions at Gigamon, has heard the same stories. As he explains, he recently visited a Fortune 100 company that was struggling to discern exactly what kind of application traffic was flowing across its network, and by extension, how to make sure it was safe and secure.
“The number‐one pain point,” he says, “is very limited visibility of applications in a network. The consequence of that is that many customers do not have operational context. It becomes hard for them to either detect anomalies or do the necessary things to efficiently secure or monitor these applications.”
Part of the problem, he says, is the massive growth in web traffic. A lot of low‐risk and high‐volume traffic ends up clogging the tools, with the classic example being social media and video streams, such as from YouTube, Netflix and Facebook.
There’s no point in sending such traffic to monitoring tools when the sheer volume of such traffic could threaten to overwhelm the capacity of these tools. For example, if the tool used is a packet forensics tool, this ability to efficiently filter on social media applications could translate into a material increase in retention period for the forensics tool.
Seeing Applications Up Close
When explaining application intelligence, Rajagopal likes to compare it to seeing a 3D movie.
“You need 3D glasses to watch a 3D movie, right? If you try to watch it with the naked eye, you don’t really get the full view. Application intelligence is very much like that. It provides you visibility just like the 3D glasses so that you can parse out the perspective and dimensions that are important.
“Digital transformation initiatives in organizations have led to more applications becoming web‐based; so understanding and parsing out the different tiers of these applications vs. just viewing them as IP packets in a network requires advanced visibility. That is what Application Intelligence provides”
Application intelligence evaluates traffic at the application level, as opposed to just looking at a stream of packets on the network. As Rajagopal puts it, “The theme of right data to the right tools is now elevated to the right application data to the right tools.”
Practical Use Cases for Application Intelligence
Consider mission‐critical applications. As the figurative crown jewels, affected by challenging uptime requirements and SLAs, many organizations expend the most time, money and effort in monitoring their performance and securing them from threats.
Further, today’s applications have a large number of tiers that increases the interdependencies across tiers, making troubleshooting that much more complex. It’s much, much easier to do this when the core visibility infrastructure to which these monitoring and security tools connect, can instantly identify all traffic headed to or from these applications.
With application intelligence built right into the core visibility infrastructure, there’s no need to limit oneself to just Layer 3 or 4 (that is, IP subnet or TCP/UDP port boundaries). Instead, Gigamon Application Intelligence provides administrators the flexibility to identify and isolate applications independent of IP addresses or TCP/UDP port numbers, that is, extract relevant traffic automatically all the way up to Layer 7.
Or consider the common hacker strategy of port spoofing, which lets attackers bypass defenses by using non‐standard port numbers. For example, they might try to establish an SSL session on port 1,000, instead of the typical 443. Standard countermeasures set to monitor only port 443 would miss SSL traffic on other ports. With application intelligence, Gigamon can detect such a spoofing attempt by identifying the session or application of interest regardless of the port number being used.
To summarize, the key capabilities at play here are:
- Application visualization to visualize all applications on the network
- Application filter intelligence to take filtering actions corresponding to specific applications
- Detect and classify more than 3,000 standard applications
- Programmable to detect custom enterprise applications
- Filter specific apps/app categories
- Identify apps independent of encapsulation, port number or encryption
- Generate rich contextual metadata corresponding to applications seen on the network to power advanced analytics
You’ll be able to use these powerful new features of Application Visualization and Application Filter Intelligence on the GigaVUE‐HC1, GigaVUE‐HC2 and GigaVUE‐HC3 product lines starting in March 2019.
Come See It at RSA
If you are at RSA 2019 in San Francisco from March 4 to 8, stop by the Gigamon booth to get a firsthand demonstration of our new Application Intelligence family. We will be in booth #1447.