Securing Virtual Traffic Just Got Easier with the Joint Gigamon-RSA Solution

Attacks happen. And with virtualization on the rise—in the form of VM, VDI, and SDDC technologies—they’re happening all the time.

That’s where Gigamon and RSA come in. Designed to detect security breaches across both physical and virtual environments, this powerful joint solution enables you to capture traffic that travels exclusively between virtual machines and never touches the physical network.

In a nutshell, the joint Gigamon-RSA solution lets you capture and analyze packet-based traffic data across both physical and virtual networks, all within a single tool.

Before we take a closer look at the joint solution, let’s take a quick look at the problem it solves.

The problem with virtualization

Countless organizations are realizing the cost efficiency and business agility of virtualization. What they may not realize, however, is that virtual traffic can be extremely difficult to monitor (especially if it never touches the physical network or travels between physical and virtual networks), which results in infrastructure blind spots and, ultimately, increased vulnerability.

In fact, chances are you’re experiencing at least one of the following symptoms of virtualization:

  • Lack of visibility into network traffic traversing the virtual network
  • Difficulty maintaining visibility when virtual machines transfer from one hypervisor to another (via, for example, VMware vMotion)
  • Security measures falling behind advancements in virtual environments
  • Lack of synergy and communication between virtual network-enabled security solutions
  • Manual, process-intensive networking configurations to deploy security within the virtualized environment

To protect the network against increasingly complex threats, you need pervasive, intelligent, end-to-end visibility into both physical and virtual environments.

Disparate security solutions just won’t do; collating data from different tools—both physical and virtual—greatly reduces operational efficiency and agility, leaving your network more vulnerable than ever. A single, holistic solution is what is needed to monitor traffic across both physical and virtual environments.

Gigamon and RSA working together

  • RSA Security Analytics provides a monitoring and investigation platform that combines logs, network packets, NetFlow data, and endpoint awareness to offer complete visibility for detecting, investigating, and taking targeted action against even the most advanced attacks.
  • GigaSECURE®, the industry’s first Security Delivery Platform, acts as a traffic controller, helping ensure that Security Analytics receives the right physical and virtual traffic and network metadata to identify and investigate threats, no matter where they originate. Most crucially, GigaSECURE allows Security Analytics to see and analyze traffic that travels exclusively between virtual machines, never breaking out into the physical network.
Figure 1: A high-level view of the Gigamon–RSA solution. (click image for larger size.)”

Figure 1: A high-level view of the Gigamon-RSA solution. (Click image for larger size.)

The result: pervasive and intelligent visibility into both physical and virtual networks—in particular the VMware NSX platform. (For more on this, see “Pervasive Visibility into SDDC/NSX Deployments.”)

The benefits include:

  • The ability to detect APTs (advanced persistent threats) through lateral movement within east-west traffic, even when it doesn’t touch the physical network
  • Full visibility of virtual and physical network traffic managed by a single console and correlated within one security tool
  • Integration with VMware vCenter to extend visibility policies for inter-host VM traffic
  • Automated migration of VM-level monitoring policies when vMotion is detected
  • Filtering and monitoring of virtual and physical traffic using Adaptive Session Filtering
  • Monitoring and analysis of unsampled NetFlow data generated by the GigaSECURE platform

Want more?

For more information, see the joint Gigamon-RSA solutions brief titled “Securing the Software Defined Data Center.” Additional security-related resources include:

Comments are currently closed.