Gigamon introduces the first scalable SSL decryption solution for 100Gb networks

Reduces costs and time-to-threat detection via architectural approach that enables traffic to be decrypted once and sent to multiple security tools for inspection

5 December, 2017 Gigamon Inc. (NYSE: GIMO), the leader in traffic visibility solutions for cybersecurity and monitoring applications, today announced the industry’s first visibility solution to support SSL/TLS decryption for high speed 100Gb and 40Gb networks. Part of the GigaSECURE Security Delivery Platform, the solution empowers companies to decrypt and re-encrypt their data once and inspect it with multiple best-of-breed security tools. This helps to expose hidden threats in SSL/TLS sessions, reduce security tool overload, and extend the value and return-on-investment (ROI) of existing security tools.

With the volume of data flowing through corporate networks having increased significantly in recent years, companies have upgraded to higher speed networks running at 40Gb and 100Gb. Meanwhile, there is a dramatic rise in the volume of data running on these high-speed networks that is encrypted, driven by the increased use of SaaS applications such as Microsoft Office365 and Dropbox. Gartner estimates that, through 2019, more than 80 percent of enterprises’ web traffic will be encrypted[i].

“Traditional network security architectures are ineffective at supporting the explosive growth in high speed traffic and, more importantly, at identifying and stopping malware and data exfiltration that use encryption,” said Ananda Rajagopal, vice president of products for Gigamon. “Many security and monitoring tools become overloaded in 100Gb network environments, so it’s clear a new approach is needed. Our new solution enables enterprises to stop the sprawl by redeploying security tools from the edge of their network to the core, where it’s easier to spot lateral attacks and more quickly identify threats.”

Malware leverages SSL/TLS encryption to hide and avoid inspection. A Trustwave 2017 report[ii] estimates that 36 percent of malware samples analysed used some form of encryption. In 40Gb and 100Gb networks, decrypting, exposing and identifying hidden threats in encrypted traffic is increasingly more challenging since most security and monitoring tools do not support such speeds. In addition, a tool-by-tool approach is very complex, costly and inefficient. Research from NSS Labs[iii] indicates a performance degradation of up to 80 percent when security tools decrypt traffic and perform their specific security function.

“By utilising Check Point’s Infinity architecture, which manages Next-Generation Threat Prevention gateways worldwide, Gigamon provides world-class performance and a resilient security architecture, enabling inline SSL protection for our largest customer deployments,” said Jason Min, head of business and corporate development, Check Point Software. “Our partnership with Gigamon delivers optimal performance and advanced threat prevention which is critical for enterprises in this era of veiled cyber threats.”

“It’s great to see the ‘decrypt once, inspect many times’ architectural approach that Gigamon is taking to inline SSL decryption. It’s an efficient approach that will help our customers and solution provider community take advantage of whichever security solutions best suit their business need,” said Matt Rochford, vice president of the cybersecurity group in Arrow Electronics’ enterprise computing solutions business.

The expansion of the GigaSECURE Security Delivery Platform is a continuation of the Gigamon security strategy which debuted in 2015 and was extended with metadata and public cloud visibility last year. This year the company announced its inline SSL/TLS decryption solution and introduced the Defender Lifecycle Model. When implemented, the Defender Lifecyle Model empowers cybersecurity professionals to use continuous network visibility to control and automate tasks between best-of-breed security tools in the continuum of prevention, detection, prediction and containment. Recently the company announced the extension of its public cloud offerings and new applications for Splunk and Phantom in support of the Defender Lifecycle Model. Gigamon continues to build on its vision with the expansion of its security offerings for both public cloud and on-premises infrastructure.

GigaSECURE, a Security Delivery Platform

This solution includes:

  • GigaVUE® visibility nodes, such as the GigaVUE-HC2 or GigaVUE-HC3.
  • GigaSMART® module corresponding to the selected visibility node.
  • An inline bypass module to provide resiliency in 10, 40 or 100Gb networks.
  • Ability to activate desired security modules including SSL/TLS Decryption, Application Session Filtering, and NetFlow/Metadata Generation.

Resources

  • Blog post: Stop the Sprawl, Security at the Speed of the Network
  • Feature brief: SSL/TLS Decryption
  • Web page: SSL/TLS Decryption

About Gigamon
Gigamon® (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. The Gigamon Visibility Platform and the GigaSECURE® Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprise, government, and service provider networks operate more efficiently and effectively. Learn more at www.gigamon.com, the Gigamon blog or follow Gigamon on Twitter, LinkedIn or Facebook. See What Matters. ™