GigaVUE 6 and Beyond

Michael Dickman
Chief Product Officer

© 2017-2022 Gigamon Inc. All rights reserved.

Product Vision
• Market Trends

• Role of Network Telemetry

• Deep Observability Pipeline

• Introducing GigaVUE 6
Market Trends
How We’ve Brought Our Mission to Life

Complexity → Blind Spots, Cost, Inflexibility Visibility → Security, Efficiency, Agility

4
Constantly Evolving Infrastructure

Hybrid & 5G IoT / OT

multi-cloud

Zero-Trust Next-Gen
Security Datacenter

5
Trends in Cloud Security: Teams, Tools and Telemetry

• Teams
Dev CloudOps DevSecOps SecOps NetOps
• Typically non-collaborative
• Security is a common goal

Observability & In-House Tools Datacenter Tools

• Security functions New Relic, Dynatrace, Sumo Logic, Datadog SolarWinds, GTI, Imperva, PRTG, Wireshark

• Detection: SecOps Tools SIEM

• Response: DevOps & NetOps Splunk, QRadar, LogRhythm

• Vulnerability mitigation & Zero Trust:

SecOps & DevOps & NetOps
M.E.L.T. Network Packets
• Tools are siloed
• Reason: Siloed telemetry Telemetry
App Metadata

• Deep observability Deep Observability Pipeline

• Network intelligence as MELT Network-Derived Intelligence
• Brings security use cases to
observability tools
• Brings NetOps into cloud platforms 6
Why Combine MELT with Network Telemetry?
TELEM ETRY SOURCE : M.E.L.T NETWO RK

• Telemetry based on “MELT” from Intra-Host Metrics Y N

systems and agents
• Metrics: Current CPU level
Low Volume Y N*

• Events: High-CPU alert Y Y

Managed Host Visibility What is reported What actually happened
• Logs: “User ran a query”

• Traces: Step-by-step app Unmanaged Host Visibility N Y

performance
Actual Activity (vs. Arbitrary) N Y
• Deep observability pipeline
Immutable (vs. Log Injection) N Y
• Adds the network visibility with
packets, flows and metadata
Passive (I.e., no impact on hosts) N Y
• Completes hybrid-cloud visibility

* Packets are high volume, metadata is low

Deep Observability Pipeline
Why “Deep Observability Pipeline?”

Deep Observability Pipeline

Knowing vs Guessing: Non-intrusive Operational Telemetry: Efficient Information Flow:
“know the true immutable facts “the ability to measure the “a set of automated processes & tools
from the application layer down internal states of a system by that allows developers and operations
to the packets and frames” examining its outputs” professionals to collaborate”

9
 200+
Gigamon Hawk Deep Observability Pipeline Components Tools Partners

Network
Traffic

Any
Flow
Workload Records

Access Broker Transform Investigate

Network &
App Metadata

Cisco, Juniper & Arista

Any Environment
 200+
Gigamon Hawk Deep Observability Pipeline Components Tools Partners

Network
Traffic

Any GigaVUE-FM Fabric Manager

Flow
Workload Traffic Intelligence
GigaSMART
Application Intelligence Security Intelligence Subscriber Intelligence
Records

GigaVUE Operating System

Network &
Physical TAPs & Appliances Virtual TAPs & Visibility Nodes App Metadata

Cisco, Juniper & Arista

Any Environment
11
Introducing GigaVUE 6
Rapidly Evolving 92% operate in hybrid and multi-cloud
Hybrid Cloud Security infrastructures (Flexera ‘22)
Requirements 75% of IT leaders believe combining
observability with network intelligence
is critical for hybrid cloud security (IDC
‘22)
Siloed security and monitoring is
causing security and troubleshooting
challenges
Deepens and extends observability for
full-stack hybrid cloud use cases by Actionable network-
Accessing and aggregating traffic natively –
virtual, container, or physical
derived intelligence to
Optimizing and enriching
amplify security and
Serving as a hybrid cloud broker of network observability tools
traffic, and intelligence derived from the traffic

Brings actionable network intelligence

to any tooling, anywhere.
This release
Helps organizations improve security by
“democratizing” the security delivery across all IT
operations teams.

Reduces cross-platform costs and complexity,

as required in today’s modern IT operations.
GigaVUE Today – Selected Capabilities
Subscriber-Aware Sampling
Deterministic Sampling

Management
& Orchestration AWS Auto Scaling NSX-T Support

Red Hat OpenShift

Next-Gen App Metadata SSL Decryption
VMware Tanzu Calico Flannel Docker Engine Integration
Container Layer 2 iSSL
Framework
Visibility
CEF, IPFIX

High-Performance
Kernel API Deep Observability
Processing
GigaVUE-HC1

Cloud
AWS Azure GigaVUE-HC3
Platforms

Public Cloud Private Cloud Physical

Previously Available Version 6 New Capability

GigaVUE 6.0 / 6.1 Capabilities
Subscriber-Aware Sampling
Deterministic Sampling
Rotational Sampling

Topology Visualization Multi-Homing NIC Support

Management
& Orchestration AWS Auto Scaling NSX-T Support
Azure Scale Sets NSX-T Cluster Updates

Red Hat OpenShift

Next-Gen App Metadata SSL Decryption
VMware Tanzu Calico Flannel Docker Engine Integration
Container Layer 2 iSSL
AWS EKS, Azure Multus Containerd CRI-O Framework
Visibility Layer 3 iSSL
AKS, TCA Antrea Mirantis
Native Kubernetes CEF, IPFIX, JSON
Azure CNI
Flex AMI Export
AMI Kafka Support High-Performance
Kernel API Deep Observability
ThreatINSIGHT
MetaStream Processing
with Signals GigaVUE-HC1
GigaVUE-HC1 Plus
Cloud
AWS Azure GCP GigaVUE-HC3
Platforms
400/100G G-TAP BiDi Optics

Public Cloud Private Cloud Physical

LEGEND Previous Capability G6 New Capability

Strengthening Observability and SIEM
Dashboards with Network Perspective
MANAGED HOSTS

Devices
VMs Agent
Metrics, Events,
Containers Logs, Traces

&
Network-Derived
Virtual TAP or Native Packet Mirror Network Intelligence
Metadata Events

Agent
On-Prem Public Cloud
Network Network

Internet

&
A flexible new layer of IT security stack:
• See all traffic; north-south & east-west
• Monitor unmanaged hosts
Devices IoT • ”Discover” new hosts, assets & applications
VMs Containers • Detect vulnerabilities; old SSL ciphers
Instances • Detect Rogue IT activities; torrent, crypto-mining, etc.
• Detect suspicious activities; “port spoofing”
UNMANAGED HOSTS
 Michael Dickman

Thank You
[email protected]

VISIT THE NETWORKING GROUP

Continue the Discussion
• Post all questions & answers
• Ask more questions

community.gigamon.com