Abstract image of a woman sitting on books and studying on a laptop

Extend Network Visibility and Secure Applications and Data in Azure

Fidelis Cybersecurity, profile picture
Fidelis Cybersecurity

This document summarizes a presentation about extending network visibility in Azure using Microsoft, Gigamon, and Fidelis. It discusses Azure Virtual Network TAP, Gigamon Cloud for aggregating and distributing traffic in Azure, and how Fidelis Network can be used for threat detection, content inspection, and automated response. The integration of these solutions provides security and operations teams visibility into network traffic across Azure environments to more effectively monitor for threats and inspect content.

Technology
Related topics:
Network SecurityCloud Security Insights Cyber Attacks Cyber Defense
1 of 36
Downloaded 40 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
EXTENDING AZURE NETWORK VISIBILITY WITH MICROSOFT, GIGAMON AND FIDELIS
Presenting today Karthik Ananthrakrishnan Program Manager Azure Networking Microsoft Baseer Balazadeh Senior Technical Marketing Engineer Gigamon Tom Clare Senior Product Marketing Manager Fidelis Cybersecurity 2
Agenda • Overview of Microsoft Azure Virtual Network TAP • Gigamon Cloud Overview • Examine Gigamon Cloud for Azure • Integration with Fidelis Network • Review how to detect threats, inspect content and automate response with Fidelis Network 3
Azure Virtual Network TAP Karthik Ananthakrishnan Program Manager, Networking
Forensics On-Premises Microsoft Azure Network Packet Broker TAP Internet Network traffic visibility in on-premise networks 5
First native distributed cloud scale TAP available in public cloud! 6
Virtual Network TAP Azure Load Balancer App Tier Subnet Web Tier Subnet Network Packet Broker Monitoring Subnet VM Production Traffic VM Mirrored Traffic Virtual Network TAP Tools Security Operations Network Operations Application Operations Forensics 7
Virtual Network TAP Continuous streaming of virtual machine network traffic to packet collector Agentless! Enabling network and application performance management solutions, security analytics tools​ Complete segmentation ​of security ops and VM owner in a monitoring boundary. VM owner cannot delete TAPs configured by Security Ops 8
Gigamon Cloud Baseer Balazadeh – Sr Technical Marketing Engineering, Cloud
© 2018 Gigamon. All rights reserved. For Internal Use Only 10 Security Intelligence Visibility Nodes Physical, Virtual, and Cloud Infrastructure Management and Orchestration Gigamon Product Portfolio GigaVUE-FM ▸ Flow Mapping® ▸ Clustering▸ Inline Bypass ▸ GigaVUE H Series Intelligent Visibility Virtual ▸ GigaVUE TA Series Tap Aggregators ▸ G-TAP Taps GigaVUE-OS ▸ GigaStream® Physical ▸ GigaVUE-VM Tap Aggregator Cloud ▸ GigaVUE V Series Intelligent Visibility ▸ G-vTAP Virtual Taps Core Intelligence Insight Data Store ▸ Detect ▸ Investigate GigaSMART® Application Intelligence ► Application Visualization ► Application Filter Intelligence ► Application Metadata Intelligence Subscriber Intelligence ▸ GTP Correlation ▸ FlowVUE® Flow Sampling ▸ SIP/RTP Correlation ▸ 5G/CUPS Correlation Traffic Intelligence ▸ De-duplication ▸ Slicing ▸ Masking ▸ SSL/TLS Decryption ▸ NetFlow Generation ▸ Advanced Load Balancing ▸ Tunneling ▸ Adaptive Packet Filtering ▸ Header Stripping API IQL
2019 Gigamon. All rights reserved. 11 Assure the public cloud is being used securely by entire enterprise Not just identity and access management Deploy more applications in the public cloud while meeting the needs of compliance and security Detect and respond to security or network anomalies Detect application bottlenecks Detect lateral movement of threats Detect data exfiltration Deploy a well-defined cloud security architecture Challenges for Cloud Ops and Security Ops Teams
2019 Gigamon. All rights reserved. 12 Public Cloud Visibility Challenges and Gigamon Solution X Inability to access all traffic X Discrete vendor monitoring agents per instance X Impacts workload and virtual network performance X Static visibility with heavy disruption ✓ Minimize agent overload ✓ Aggregate, select, optimize, and distribute traffic ✓ Customize orchestration and single-pane-of-glass visualization ✓ Elastic Visibility with ATS as workloads scale-out Database Web Tier App Tier Load Balancer Tool Tier Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Load Balancer GigaSECURE Cloud RDS Web Tier App Tier ELB ELB Tool Tier Region AZ VPC Database Web Tier App Tier Load Balancer Load Balancer Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Visibility Tier GigaVUE-FM Tool Tier Load Balancer Subnet Database Availability Zone (AZ)ToolInstances
GigaVUE-Cloud for Azure
2019 Gigamon. All rights reserved. 14 Visibility into Microsoft Azure Azure: Generally Available GigaVUE-Cloud is an intelligent network traffic visibility solution that enables enterprises to secure mission-critical workloads in Azure
2019 Gigamon. All rights reserved. 15 Deployment Scenario: Azure Hybrid Infrastructure Availability Set Web Tier Subnet Azure Load Balancer Virtual Network Availability Set App Tier Subnet Azure Load Balancer SQL Database Visibility Tier Tool Tier Tool Tier GigaVUE-FM 2 Deploy Visibility Tier2 Tunneling 4 4 Aggregate and distribute customized traffic to tools 4 Azure APIs 1 Integrate with Azure APIs1 Copy Virtual Machine traffic3 3 3 On-Premises Data Center Data center RouterVPN Gateway
2019 Gigamon. All rights reserved. 16 Deployment Scenario: Azure Centralized Visibility Visibility Subnet Tool Subnet Visibility Subnet GigaVUE-FM Azure APIs On-Premises Data Center Security, Performance Management, and Analytics Tools App Tier Subnet Web Tier Subnet Applications SecOps Business Units Visibility Subnet App Tier Subnet Web Tier Subnet ExpressRoute
2019 Gigamon. All rights reserved. 17 Deployment Scenario: PaaS Availability Set Web Tier Subnet Availability Set Business Tier Subnet Internet Virtual Network Data Tier Subnet Availability Set REST APIs GigaVUE-FM Azure APIs Cloud Tools Configure Policies GigaVUE® V Series
2019 Gigamon. All rights reserved. 18 Visibility Tier Virtual Network 1 Virtual Network 2 Azure Load Balancing Azure Load Balancing Tool Tier WireShark West Central RegionWest US Region Tool Tier Splunk Insight Fidelis Peering Fabric Manager Application Performance Netflow v5, v9, IPFIX Slicing WordPress Node.js WebApp DVWA Windows Server NOC/SOC Agentless Visibility (Azure vTAP) Azure API
2019 Gigamon. All rights reserved. 19 GigaVUE V Series Visibility nodes that aggregate, select, optimize and distribute traffic • Acquire and aggregate traffic from G-vTAP agents and Azure vTAP • Advanced filtering using Flow Mapping • Generate summarized flow records from network traffic with NetFlow/IPFIX generation • Obscure sensitive data with Header Transformation • Optimize selected traffic with GigaSMART® slicing, sampling, and masking • Distribute optimized traffic to tools located anywhere • Elastic scale and performance Traffic Aggregation, Optimization, and Distribution RDS Web Tier App Tier ELB ELB Tool Tier Region AZ VPC Database Web Tier App Tier Load Balancer Load Balancer Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Visibility Tier GigaVUE-FM Tool Tier GigaVUE V Series
2019 Gigamon. All rights reserved. 20 GigaVUE FM Centralized orchestration and single-pane-of-glass visualization • Tight integration with cloud provider APIs (AWS and Azure) o Quickly detect compute instance changes o Automatically adjust Visibility Tiers • Open REST APIs can be consumed by tools o Dynamically adjust traffic received • Auto-discovery and end-to-end topology visualization Orchestration and Management RDS Web Tier App Tier ELB ELB Tool Tier Region AZ VPC Database Web Tier App Tier Load Balancer Load Balancer Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Visibility Tier GigaVUE-FM Tool Tier GigaVUE-FM
2019 Gigamon. All rights reserved. 21 Network & Application Performance Management Azure: Cloud Validated Tools Security and Vulnerability Management Infrastructure Open Source
2019 Gigamon. All rights reserved. 22 Summary • Patented Flow Mapping® to customize and distribute traffic of interest • GigaVUE-FM: Intuitive drag-and-drop user interface • Automatic Target Selection®: Elastic and automated visibility for new workloads • Open REST APIs for Automation and Orchestration • Patented GigaSMART® traffic intelligence: Slicing, Masking, Sampling, NetFlow/IPFIX* • Optimize Tool performance, reduce network backhaul • Multi-Cloud: Azure, AWS, VMware, OpenStack • Benefits any tool any where that needs network traffic for analysis
Fidelis Network DETECT. HUNT. RESPOND.
© Fidelis Cybersecurity What You Get With Fidelis Network 24 VISIBILITY Minimize false positives and shift from clues to conclusions so you can quickly address the alerts that matter most. Conduct real-time network analysis and identify behaviors that indicate compromises. Automate detection for the proactive discovery of attackers, suspicious hosts, and malware. Identify threats and data leakage using deep inspection and analysis of all forms of content, including unpacking and extraction of deeply embedded files. DETECTION RESPONSE Threat Prevention and Detection Rich Metadata of Content & Context DLP for Network, Email & Web Automated Response Playbooks & Scripts Threat Research & Intelligence Feeds
© Fidelis Cybersecurity Detection & Response Visibility 25 • All ports and protocols with DPI, DSI (Layer7), and PCAPs • Bi-directional analysis with full session reassembly • Protocol, application, and deep content decoding with recursive extraction • Direct, internal, email, web and cloud traffic sensor locations for wide visibility • Cyber terrain asset profiling and classification including importing external sources • Structured metadata for over 300 attributes, indexed for fast queries to investigate and hunt • Enhanced metadata (e.g. alerts, threat intel, geo- location, policy tagging, ID2IP) • Custom tags from content of decoded objects (e.g. author, footer, keyword) • Metadata storage on-premises or cloud for 360+ days for retrospective analysis North-SouthEast-West Office 365
© Fidelis Cybersecurity Configuration, Investigation, Analysis, Response, Integration Deep Session Inspection® Metadata and Tags D E E P S E S S I O N I N S P E C T I O N ® Content Analysis, Malware Detection Deep Content Decoding Protocol and Application Decoding Full Session Reassembly Real-Time Threat Detection Network Non- Selective Network Memory Fidelis CommandPost FidelisCollector Fidelis Sensors 26
© Fidelis Cybersecurity Deep Content Decoding and Analysis Deep, Recursive Content Decoding and Analysis Detects content-level threats that are invisible to other network security systems Able to apply threat intelligence over a larger detection surface 27 Network Packets Session Buffers (RAM) Content Buffers (RAM) Content Buffers (RAM) Non-Selectively “Exploding” Recursively Embedded Content Objects in RAM Session Reassembly Content Decoders and Analyzers Content Decoders and Analyzers Protocol and Application Decoders and Analyzers
© Fidelis Cybersecurity Deep Content Visibility Visibility into Deeply Embedded Network Content (Inbound and Outbound) 28 PDF DeflateText Malware ExcelText ZIP PPT MIME SMTP Text Malicious Inbound Content Classified Sensitive Outbound Content
© Fidelis Cybersecurity Comprehensive Sensors 29 Fidelis Network Direct Sensor Fidelis Network Mail Sensor Fidelis Network Internal Sensor Fidelis Network Web Sensor Gateway sensor, all ports and protocol visibility, 10G sensor HW performance Datacenter sensor, handles SMB, DB transactions, and Cloud VMs Enables graceful quarantine, prevention of email traffic for DLP and threats Web proxy traffic via ICAP with web page redirects for policy violations (DLP, threats)
© Fidelis Cybersecurity Cyber Terrain Mapping • Provides Insights of an Organization’s Resources • Passive Identification, Profiling and Classification • Assets - Devices (servers, endpoint, IoT, legacy systems) • Data - OS, Applications, Ports • Comm. Channels and Network Servers Usage - Shadow-IT tools, Legacy Applications, App Servers, Tools - Servers: FTP, SSH, DNS, Proxy • Discover - Automatic Processes Vs. Human Browsing Sessions - Internal and External Activities • Visualization Graphs of Asset Connectivity 30
© Fidelis Cybersecurity Prevent Threats and Data Loss 31 • Threat Prevention using static signatures, multi- dimensional behavior rules, threat intelligence feeds, plus emulation and heuristics • DLP using data profiling and classification with pre-built policies for known compliance regulations across network, email and web sensors to alert on policy violations • Data Leakage/Theft where direct and internal sensors drop sessions, email sensors quarantine, drop, re-route, or remove attachments, and web sensors redirect web pages or drop sessions • Email security via MTA for on-premises or cloud SaaS email with pre-click URL analysis, attachment analysis, and OCR image to text analysis for data leakage • Security analytics based on high and low frequencies, plus sequencing analysis North-SouthEast-West Office 365
© Fidelis Cybersecurity Detect and Hunt 32 • Threat Detection using cloud-based sandboxing, network behavior analysis, new threat intelligence automatically applied to retrospective metadata, plus machine learning anomaly detection • Profiling TLS encrypted traffic based on metadata and certificates, determining human browsing versus machine traffic, plus evolving data science models to detect hidden threats • Threat intelligence open feeds (Fidelis Insight, Reputation, STIX/TAXII, YARA, Suricata) plus internal threat intel including custom rules and indicators • Threat hunting with real-time content analysis or retrospective indexed metadata supporting fast iterative and interactive queries to test hunting hypotheses • Threat Research as a Service (TRaaS) provides on- demand threat research, intelligence, counter measures, services, and training North-SouthEast-West Office 365
© Fidelis Cybersecurity Automate Response 33 • Derive conclusions within one solution with aggregated alerts, context, and evidence • Automate prevention, detection, investigation and response with playbooks and custom scripts • Expose misuse of assets and encryption, plus discover proxy and security circumvention • Custom protocol detection, de-obfuscation, attack paths, and internal threat detection • Risk scoring with behavioral and historical analytics, plus policy and alert management • Open policy interface, plus sending alerts and data to SIEM or SOAR solutions • MDR Service provides 24/7 response using our security stack, metadata, defenses and threat intelligence North-SouthEast-West Office 365
© Fidelis Cybersecurity34 Sensors Agents Decoys Threat Intelligence Fidelis Insight 3rd Party Threat Intel Customer Defined Intel Sandboxing Execution Analysis File & Web Analysis ML-based Malware Detection ACurated Security Stack— Integrated,Automated & Correlated FIDELIS ELEVATE™ SIEM Real Time Analysis – Detect and Respond Historical Metadata – Hunt and Investigate Response Automation and Analytics Engine Breadcrumbs | Decoys AD | MITM Gateway | Internal |Cloud Email | Web Windows | Linux Mac | Cloud Data Science Statistical analysis Supervised learning models SOAR
Questions and Next Steps Learn More • Fidelis Integration with Azure: https://www.fidelissecurity.com/technology-partners/microsoft-azure • Fidelis Network Datasheet: https://www.fidelissecurity.com/resources/datasheets/network See Fidelis in Action • Free Trial of Fidelis Network: https://www.fidelissecurity.com/network/trial • Schedule a 1-on-1 Demo: https://www.fidelissecurity.com/products/network/demo35 azurevnettap@microsoft.com https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview https://azure.microsoft.com/en-us/pricing/details/virtual-network/ https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#virtual-network-tap Free Trials • 30 Day Free Trial in Azure Marketplace: https://azuremarketplace.microsoft.com/en- us/marketplace/apps?search=gigamon&page=1 • 1 Hour Test Drive: https://www.gigamon.com/solutions/use-cases/cloud/gigasecure-cloud-azure.html
Thank You

More Related Content

PPTX
Crowdstrike .pptx
uthayakumar174828
 
PPTX
SOC and SIEM.pptx
SandeshUprety4
 
PDF
Introducing Databricks Delta
Databricks
 
PPT
SOC presentation- Building a Security Operations Center
Michael Nickle
 
PDF
Enterprise Security Architecture
Kris Kimmerle
 
PDF
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
PPTX
Microsoft Data Platform - What's included
James Serra
 
PPSX
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Araf Karsh Hamid
 
Crowdstrike .pptx
uthayakumar174828
 
SOC and SIEM.pptx
SandeshUprety4
 
Introducing Databricks Delta
Databricks
 
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Enterprise Security Architecture
Kris Kimmerle
 
Fidelis Endpoint® - Live Demonstration
Fidelis Cybersecurity
 
Microsoft Data Platform - What's included
James Serra
 
Microservices Testing Strategies JUnit Cucumber Mockito Pact
Araf Karsh Hamid
 

What's hot (20)

PPTX
Azure Security Fundamentals
Lorenzo Barbieri
 
PPTX
Cyber Defense Matrix: Revolutions
Sounil Yu
 
PPTX
Azure Virtual Desktop Overview.pptx
ceyhan1
 
PPTX
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
PDF
Lessons Learned from the NIST CSF
Digital Bond
 
PPTX
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
PPTX
Threat modeling web application: a case study
Antonio Fontes
 
PDF
Introduction SQL Analytics on Lakehouse Architecture
Databricks
 
PPTX
Building Modern Data Platform with Microsoft Azure
Dmitry Anoshin
 
PDF
2016 06 - design your api management strategy - axway - Api Management
SmartWave
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
PPT
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
PPTX
cyber-security-reference-architecture
Birendra Negi ☁️
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PPTX
Data mesh
ManojKumarR41
 
PPTX
Forti web
Lan & Wan Solutions
 
PDF
Evolution from EDA to Data Mesh: Data in Motion
confluent
 
PPTX
Data Lakehouse, Data Mesh, and Data Fabric (r2)
James Serra
 
PPTX
Web Application Security 101
Jannis Kirschner
 
PDF
Building Lakehouses on Delta Lake with SQL Analytics Primer
Databricks
 
Azure Security Fundamentals
Lorenzo Barbieri
 
Cyber Defense Matrix: Revolutions
Sounil Yu
 
Azure Virtual Desktop Overview.pptx
ceyhan1
 
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
Lessons Learned from the NIST CSF
Digital Bond
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Iftikhar Ali Iqbal
 
Threat modeling web application: a case study
Antonio Fontes
 
Introduction SQL Analytics on Lakehouse Architecture
Databricks
 
Building Modern Data Platform with Microsoft Azure
Dmitry Anoshin
 
2016 06 - design your api management strategy - axway - Api Management
SmartWave
 
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Building Your Roadmap Sucessful Identity And Access Management
Government Technology Exhibition and Conference
 
cyber-security-reference-architecture
Birendra Negi ☁️
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Data mesh
ManojKumarR41
 
Forti web
Lan & Wan Solutions
 
Evolution from EDA to Data Mesh: Data in Motion
confluent
 
Data Lakehouse, Data Mesh, and Data Fabric (r2)
James Serra
 
Web Application Security 101
Jannis Kirschner
 
Building Lakehouses on Delta Lake with SQL Analytics Primer
Databricks
 
Ad

Similar to Extend Network Visibility and Secure Applications and Data in Azure (20)

PDF
Visibility and Automation for Enhanced Security
patmisasi
 
PPTX
How Network Instruments can help you!
Tonya Williams
 
PDF
Gigamon - Network Visibility Solutions
Tom Kopko
 
PDF
ciscothousandeyesusecase
RENJITHKNAIR5
 
PPTX
Giga vue hb1 event rolling presentation-final-1
Christopher Lee
 
PPTX
Giga vue hb1 event rolling presentation-final-1
Christopher Lee
 
PDF
Network Visibility Architecture for the Hybrid, Multi-Cloud Enterprise
Enterprise Management Associates
 
PDF
Extending Your Network Cloud Security to AWS
Fidelis Cybersecurity
 
PPTX
VMware vRealize Network Insight 3.4 whats new
VMware
 
PPTX
Key Elements of a Security Delivery Platform
John Pollack
 
PDF
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Angel Villar Garea
 
PDF
THE ESSENTIAL ELEMENT OF YOUR SECURITY
ETDAofficialRegist
 
PDF
You can't detect what you can't see illuminating the entire kill chain
Fidelis Cybersecurity
 
PDF
Cisco ACI for the Microsoft Cloud Platform
Shashi Kiran
 
PDF
Ixia/Net Optics - Visibility Architecture Solution Brief
Network Performance Channel GmbH
 
PDF
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
Dana Gardner
 
PPTX
Ready, Set, SD-WAN: Best Practices for Assuring Branch Readiness
ThousandEyes
 
PDF
IBM SevOne for network and systems monitoring
riadelidrissi
 
PDF
Best Practices for Building Scalable Visibility Architectures
Enterprise Management Associates
 
PDF
Visualizing Your Network Health - Know your Network
DellNMS
 
Visibility and Automation for Enhanced Security
patmisasi
 
How Network Instruments can help you!
Tonya Williams
 
Gigamon - Network Visibility Solutions
Tom Kopko
 
ciscothousandeyesusecase
RENJITHKNAIR5
 
Giga vue hb1 event rolling presentation-final-1
Christopher Lee
 
Giga vue hb1 event rolling presentation-final-1
Christopher Lee
 
Network Visibility Architecture for the Hybrid, Multi-Cloud Enterprise
Enterprise Management Associates
 
Extending Your Network Cloud Security to AWS
Fidelis Cybersecurity
 
VMware vRealize Network Insight 3.4 whats new
VMware
 
Key Elements of a Security Delivery Platform
John Pollack
 
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Angel Villar Garea
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
ETDAofficialRegist
 
You can't detect what you can't see illuminating the entire kill chain
Fidelis Cybersecurity
 
Cisco ACI for the Microsoft Cloud Platform
Shashi Kiran
 
Ixia/Net Optics - Visibility Architecture Solution Brief
Network Performance Channel GmbH
 
How Deep Observability Powers Strong Cybersecurity and Network Insights Acros...
Dana Gardner
 
Ready, Set, SD-WAN: Best Practices for Assuring Branch Readiness
ThousandEyes
 
IBM SevOne for network and systems monitoring
riadelidrissi
 
Best Practices for Building Scalable Visibility Architectures
Enterprise Management Associates
 
Visualizing Your Network Health - Know your Network
DellNMS
 
Ad

More from Fidelis Cybersecurity (13)

PDF
Putting Cyber Attackers on the Defensive
Fidelis Cybersecurity
 
PDF
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
PDF
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
PPTX
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Fidelis Cybersecurity
 
PDF
Game Changing Cyber Defensive Strategies for 2019
Fidelis Cybersecurity
 
PDF
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Fidelis Cybersecurity
 
PDF
The State of Threat Detection 2019
Fidelis Cybersecurity
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
PDF
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
PDF
Capture the Flag Exercise Using Active Deception Defense
Fidelis Cybersecurity
 
PDF
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
PPTX
Cybersecurity Operations: Examining the State of the SOC
Fidelis Cybersecurity
 
PDF
Applying intelligent deception to detect sophisticated cyber attacks
Fidelis Cybersecurity
 
Putting Cyber Attackers on the Defensive
Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Fidelis Cybersecurity
 
Game Changing Cyber Defensive Strategies for 2019
Fidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Fidelis Cybersecurity
 
The State of Threat Detection 2019
Fidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
Secure Your Data with Fidelis Network® for DLP
Fidelis Cybersecurity
 
Capture the Flag Exercise Using Active Deception Defense
Fidelis Cybersecurity
 
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
Cybersecurity Operations: Examining the State of the SOC
Fidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Fidelis Cybersecurity
 

Recently uploaded (20)

PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PDF
A symptom-driven medical diagnosis support model based on machine learning te...
IAESIJAI
 
PDF
Ensemble model-based arrhythmia classification with local interpretable model...
IAESIJAI
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
Build Real-Time ML Apps with Python, Feast & NoSQL
ScyllaDB
 
PDF
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
PDF
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 
PDF
CEH Module 2 Footprinting CEH V13, concepts
ammarhassan185568
 
PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
PPTX
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
PDF
Planning-an-Audit-A-How-To-Guide-Checklist-WP.pdf
DROK2
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Decision Optimization - From Theory to Practice
Eray Cakici
 
PPTX
Build automations faster and more reliably with UiPath ScreenPlay
AndreeaTom
 
PDF
LMS bot: enhanced learning management systems for improved student learning e...
IAESIJAI
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
A symptom-driven medical diagnosis support model based on machine learning te...
IAESIJAI
 
Ensemble model-based arrhythmia classification with local interpretable model...
IAESIJAI
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
Build Real-Time ML Apps with Python, Feast & NoSQL
ScyllaDB
 
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 
CEH Module 2 Footprinting CEH V13, concepts
ammarhassan185568
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
Planning-an-Audit-A-How-To-Guide-Checklist-WP.pdf
DROK2
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Decision Optimization - From Theory to Practice
Eray Cakici
 
Build automations faster and more reliably with UiPath ScreenPlay
AndreeaTom
 
LMS bot: enhanced learning management systems for improved student learning e...
IAESIJAI
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 

Extend Network Visibility and Secure Applications and Data in Azure

  • 1. EXTENDING AZURE NETWORK VISIBILITY WITH MICROSOFT, GIGAMON AND FIDELIS
  • 2. Presenting today Karthik Ananthrakrishnan Program Manager Azure Networking Microsoft Baseer Balazadeh Senior Technical Marketing Engineer Gigamon Tom Clare Senior Product Marketing Manager Fidelis Cybersecurity 2
  • 3. Agenda • Overview of Microsoft Azure Virtual Network TAP • Gigamon Cloud Overview • Examine Gigamon Cloud for Azure • Integration with Fidelis Network • Review how to detect threats, inspect content and automate response with Fidelis Network 3
  • 4. Azure Virtual Network TAP Karthik Ananthakrishnan Program Manager, Networking
  • 6. First native distributed cloud scale TAP available in public cloud! 6
  • 7. Virtual Network TAP Azure Load Balancer App Tier Subnet Web Tier Subnet Network Packet Broker Monitoring Subnet VM Production Traffic VM Mirrored Traffic Virtual Network TAP Tools Security Operations Network Operations Application Operations Forensics 7
  • 8. Virtual Network TAP Continuous streaming of virtual machine network traffic to packet collector Agentless! Enabling network and application performance management solutions, security analytics tools​ Complete segmentation ​of security ops and VM owner in a monitoring boundary. VM owner cannot delete TAPs configured by Security Ops 8
  • 9. Gigamon Cloud Baseer Balazadeh – Sr Technical Marketing Engineering, Cloud
  • 10. © 2018 Gigamon. All rights reserved. For Internal Use Only 10 Security Intelligence Visibility Nodes Physical, Virtual, and Cloud Infrastructure Management and Orchestration Gigamon Product Portfolio GigaVUE-FM ▸ Flow Mapping® ▸ Clustering▸ Inline Bypass ▸ GigaVUE H Series Intelligent Visibility Virtual ▸ GigaVUE TA Series Tap Aggregators ▸ G-TAP Taps GigaVUE-OS ▸ GigaStream® Physical ▸ GigaVUE-VM Tap Aggregator Cloud ▸ GigaVUE V Series Intelligent Visibility ▸ G-vTAP Virtual Taps Core Intelligence Insight Data Store ▸ Detect ▸ Investigate GigaSMART® Application Intelligence ► Application Visualization ► Application Filter Intelligence ► Application Metadata Intelligence Subscriber Intelligence ▸ GTP Correlation ▸ FlowVUE® Flow Sampling ▸ SIP/RTP Correlation ▸ 5G/CUPS Correlation Traffic Intelligence ▸ De-duplication ▸ Slicing ▸ Masking ▸ SSL/TLS Decryption ▸ NetFlow Generation ▸ Advanced Load Balancing ▸ Tunneling ▸ Adaptive Packet Filtering ▸ Header Stripping API IQL
  • 11. 2019 Gigamon. All rights reserved. 11 Assure the public cloud is being used securely by entire enterprise Not just identity and access management Deploy more applications in the public cloud while meeting the needs of compliance and security Detect and respond to security or network anomalies Detect application bottlenecks Detect lateral movement of threats Detect data exfiltration Deploy a well-defined cloud security architecture Challenges for Cloud Ops and Security Ops Teams
  • 12. 2019 Gigamon. All rights reserved. 12 Public Cloud Visibility Challenges and Gigamon Solution X Inability to access all traffic X Discrete vendor monitoring agents per instance X Impacts workload and virtual network performance X Static visibility with heavy disruption ✓ Minimize agent overload ✓ Aggregate, select, optimize, and distribute traffic ✓ Customize orchestration and single-pane-of-glass visualization ✓ Elastic Visibility with ATS as workloads scale-out Database Web Tier App Tier Load Balancer Tool Tier Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Load Balancer GigaSECURE Cloud RDS Web Tier App Tier ELB ELB Tool Tier Region AZ VPC Database Web Tier App Tier Load Balancer Load Balancer Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Visibility Tier GigaVUE-FM Tool Tier Load Balancer Subnet Database Availability Zone (AZ)ToolInstances
  • 14. 2019 Gigamon. All rights reserved. 14 Visibility into Microsoft Azure Azure: Generally Available GigaVUE-Cloud is an intelligent network traffic visibility solution that enables enterprises to secure mission-critical workloads in Azure
  • 15. 2019 Gigamon. All rights reserved. 15 Deployment Scenario: Azure Hybrid Infrastructure Availability Set Web Tier Subnet Azure Load Balancer Virtual Network Availability Set App Tier Subnet Azure Load Balancer SQL Database Visibility Tier Tool Tier Tool Tier GigaVUE-FM 2 Deploy Visibility Tier2 Tunneling 4 4 Aggregate and distribute customized traffic to tools 4 Azure APIs 1 Integrate with Azure APIs1 Copy Virtual Machine traffic3 3 3 On-Premises Data Center Data center RouterVPN Gateway
  • 16. 2019 Gigamon. All rights reserved. 16 Deployment Scenario: Azure Centralized Visibility Visibility Subnet Tool Subnet Visibility Subnet GigaVUE-FM Azure APIs On-Premises Data Center Security, Performance Management, and Analytics Tools App Tier Subnet Web Tier Subnet Applications SecOps Business Units Visibility Subnet App Tier Subnet Web Tier Subnet ExpressRoute
  • 17. 2019 Gigamon. All rights reserved. 17 Deployment Scenario: PaaS Availability Set Web Tier Subnet Availability Set Business Tier Subnet Internet Virtual Network Data Tier Subnet Availability Set REST APIs GigaVUE-FM Azure APIs Cloud Tools Configure Policies GigaVUE® V Series
  • 18. 2019 Gigamon. All rights reserved. 18 Visibility Tier Virtual Network 1 Virtual Network 2 Azure Load Balancing Azure Load Balancing Tool Tier WireShark West Central RegionWest US Region Tool Tier Splunk Insight Fidelis Peering Fabric Manager Application Performance Netflow v5, v9, IPFIX Slicing WordPress Node.js WebApp DVWA Windows Server NOC/SOC Agentless Visibility (Azure vTAP) Azure API
  • 19. 2019 Gigamon. All rights reserved. 19 GigaVUE V Series Visibility nodes that aggregate, select, optimize and distribute traffic • Acquire and aggregate traffic from G-vTAP agents and Azure vTAP • Advanced filtering using Flow Mapping • Generate summarized flow records from network traffic with NetFlow/IPFIX generation • Obscure sensitive data with Header Transformation • Optimize selected traffic with GigaSMART® slicing, sampling, and masking • Distribute optimized traffic to tools located anywhere • Elastic scale and performance Traffic Aggregation, Optimization, and Distribution RDS Web Tier App Tier ELB ELB Tool Tier Region AZ VPC Database Web Tier App Tier Load Balancer Load Balancer Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Visibility Tier GigaVUE-FM Tool Tier GigaVUE V Series
  • 20. 2019 Gigamon. All rights reserved. 20 GigaVUE FM Centralized orchestration and single-pane-of-glass visualization • Tight integration with cloud provider APIs (AWS and Azure) o Quickly detect compute instance changes o Automatically adjust Visibility Tiers • Open REST APIs can be consumed by tools o Dynamically adjust traffic received • Auto-discovery and end-to-end topology visualization Orchestration and Management RDS Web Tier App Tier ELB ELB Tool Tier Region AZ VPC Database Web Tier App Tier Load Balancer Load Balancer Virtual Network or Virtual Private Cloud AZ CSP IaaS NW Visibility Tier GigaVUE-FM Tool Tier GigaVUE-FM
  • 21. 2019 Gigamon. All rights reserved. 21 Network & Application Performance Management Azure: Cloud Validated Tools Security and Vulnerability Management Infrastructure Open Source
  • 22. 2019 Gigamon. All rights reserved. 22 Summary • Patented Flow Mapping® to customize and distribute traffic of interest • GigaVUE-FM: Intuitive drag-and-drop user interface • Automatic Target Selection®: Elastic and automated visibility for new workloads • Open REST APIs for Automation and Orchestration • Patented GigaSMART® traffic intelligence: Slicing, Masking, Sampling, NetFlow/IPFIX* • Optimize Tool performance, reduce network backhaul • Multi-Cloud: Azure, AWS, VMware, OpenStack • Benefits any tool any where that needs network traffic for analysis
  • 24. © Fidelis Cybersecurity What You Get With Fidelis Network 24 VISIBILITY Minimize false positives and shift from clues to conclusions so you can quickly address the alerts that matter most. Conduct real-time network analysis and identify behaviors that indicate compromises. Automate detection for the proactive discovery of attackers, suspicious hosts, and malware. Identify threats and data leakage using deep inspection and analysis of all forms of content, including unpacking and extraction of deeply embedded files. DETECTION RESPONSE Threat Prevention and Detection Rich Metadata of Content & Context DLP for Network, Email & Web Automated Response Playbooks & Scripts Threat Research & Intelligence Feeds
  • 25. © Fidelis Cybersecurity Detection & Response Visibility 25 • All ports and protocols with DPI, DSI (Layer7), and PCAPs • Bi-directional analysis with full session reassembly • Protocol, application, and deep content decoding with recursive extraction • Direct, internal, email, web and cloud traffic sensor locations for wide visibility • Cyber terrain asset profiling and classification including importing external sources • Structured metadata for over 300 attributes, indexed for fast queries to investigate and hunt • Enhanced metadata (e.g. alerts, threat intel, geo- location, policy tagging, ID2IP) • Custom tags from content of decoded objects (e.g. author, footer, keyword) • Metadata storage on-premises or cloud for 360+ days for retrospective analysis North-SouthEast-West Office 365
  • 26. © Fidelis Cybersecurity Configuration, Investigation, Analysis, Response, Integration Deep Session Inspection® Metadata and Tags D E E P S E S S I O N I N S P E C T I O N ® Content Analysis, Malware Detection Deep Content Decoding Protocol and Application Decoding Full Session Reassembly Real-Time Threat Detection Network Non- Selective Network Memory Fidelis CommandPost FidelisCollector Fidelis Sensors 26
  • 27. © Fidelis Cybersecurity Deep Content Decoding and Analysis Deep, Recursive Content Decoding and Analysis Detects content-level threats that are invisible to other network security systems Able to apply threat intelligence over a larger detection surface 27 Network Packets Session Buffers (RAM) Content Buffers (RAM) Content Buffers (RAM) Non-Selectively “Exploding” Recursively Embedded Content Objects in RAM Session Reassembly Content Decoders and Analyzers Content Decoders and Analyzers Protocol and Application Decoders and Analyzers
  • 28. © Fidelis Cybersecurity Deep Content Visibility Visibility into Deeply Embedded Network Content (Inbound and Outbound) 28 PDF DeflateText Malware ExcelText ZIP PPT MIME SMTP Text Malicious Inbound Content Classified Sensitive Outbound Content
  • 29. © Fidelis Cybersecurity Comprehensive Sensors 29 Fidelis Network Direct Sensor Fidelis Network Mail Sensor Fidelis Network Internal Sensor Fidelis Network Web Sensor Gateway sensor, all ports and protocol visibility, 10G sensor HW performance Datacenter sensor, handles SMB, DB transactions, and Cloud VMs Enables graceful quarantine, prevention of email traffic for DLP and threats Web proxy traffic via ICAP with web page redirects for policy violations (DLP, threats)
  • 30. © Fidelis Cybersecurity Cyber Terrain Mapping • Provides Insights of an Organization’s Resources • Passive Identification, Profiling and Classification • Assets - Devices (servers, endpoint, IoT, legacy systems) • Data - OS, Applications, Ports • Comm. Channels and Network Servers Usage - Shadow-IT tools, Legacy Applications, App Servers, Tools - Servers: FTP, SSH, DNS, Proxy • Discover - Automatic Processes Vs. Human Browsing Sessions - Internal and External Activities • Visualization Graphs of Asset Connectivity 30
  • 31. © Fidelis Cybersecurity Prevent Threats and Data Loss 31 • Threat Prevention using static signatures, multi- dimensional behavior rules, threat intelligence feeds, plus emulation and heuristics • DLP using data profiling and classification with pre-built policies for known compliance regulations across network, email and web sensors to alert on policy violations • Data Leakage/Theft where direct and internal sensors drop sessions, email sensors quarantine, drop, re-route, or remove attachments, and web sensors redirect web pages or drop sessions • Email security via MTA for on-premises or cloud SaaS email with pre-click URL analysis, attachment analysis, and OCR image to text analysis for data leakage • Security analytics based on high and low frequencies, plus sequencing analysis North-SouthEast-West Office 365
  • 32. © Fidelis Cybersecurity Detect and Hunt 32 • Threat Detection using cloud-based sandboxing, network behavior analysis, new threat intelligence automatically applied to retrospective metadata, plus machine learning anomaly detection • Profiling TLS encrypted traffic based on metadata and certificates, determining human browsing versus machine traffic, plus evolving data science models to detect hidden threats • Threat intelligence open feeds (Fidelis Insight, Reputation, STIX/TAXII, YARA, Suricata) plus internal threat intel including custom rules and indicators • Threat hunting with real-time content analysis or retrospective indexed metadata supporting fast iterative and interactive queries to test hunting hypotheses • Threat Research as a Service (TRaaS) provides on- demand threat research, intelligence, counter measures, services, and training North-SouthEast-West Office 365
  • 33. © Fidelis Cybersecurity Automate Response 33 • Derive conclusions within one solution with aggregated alerts, context, and evidence • Automate prevention, detection, investigation and response with playbooks and custom scripts • Expose misuse of assets and encryption, plus discover proxy and security circumvention • Custom protocol detection, de-obfuscation, attack paths, and internal threat detection • Risk scoring with behavioral and historical analytics, plus policy and alert management • Open policy interface, plus sending alerts and data to SIEM or SOAR solutions • MDR Service provides 24/7 response using our security stack, metadata, defenses and threat intelligence North-SouthEast-West Office 365
  • 34. © Fidelis Cybersecurity34 Sensors Agents Decoys Threat Intelligence Fidelis Insight 3rd Party Threat Intel Customer Defined Intel Sandboxing Execution Analysis File & Web Analysis ML-based Malware Detection ACurated Security Stack— Integrated,Automated & Correlated FIDELIS ELEVATE™ SIEM Real Time Analysis – Detect and Respond Historical Metadata – Hunt and Investigate Response Automation and Analytics Engine Breadcrumbs | Decoys AD | MITM Gateway | Internal |Cloud Email | Web Windows | Linux Mac | Cloud Data Science Statistical analysis Supervised learning models SOAR
  • 35. Questions and Next Steps Learn More • Fidelis Integration with Azure: https://www.fidelissecurity.com/technology-partners/microsoft-azure • Fidelis Network Datasheet: https://www.fidelissecurity.com/resources/datasheets/network See Fidelis in Action • Free Trial of Fidelis Network: https://www.fidelissecurity.com/network/trial • Schedule a 1-on-1 Demo: https://www.fidelissecurity.com/products/network/demo35 [email protected] https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview https://azure.microsoft.com/en-us/pricing/details/virtual-network/ https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#virtual-network-tap Free Trials • 30 Day Free Trial in Azure Marketplace: https://azuremarketplace.microsoft.com/en- us/marketplace/apps?search=gigamon&page=1 • 1 Hour Test Drive: https://www.gigamon.com/solutions/use-cases/cloud/gigasecure-cloud-azure.html