gigamon – 보안전달 플랫폼 · gigamon – 보안전달 플랫폼 see more, secure more...
TRANSCRIPT
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 2
Agenda
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved.
• 개요
• 보안전달플랫폼
• Use Cases
• 회사소개
• QnA
© 2018 Gigamon. All rights reserved. 4
보안의목적및고려사항
Access and Control Data
Increase Confidence in Security Posture
Boost Security Efficiency,Reduce Complexity
Network Upgrades Virtualization / Cloud
Deploying New Tools with tight Budgets
© 2018 Gigamon. All rights reserved. 5
Remote Sites
PrivateCloud
On-PremData
Center
ServiceProvider
Public Cloud
Users
Partners
Customers
Employees
Customers
Revenue
Partners
Unknown
Applications
IP
IP
UnknownApplications
Unknown
Network Data Users Threats Tools
In Reality - DATA in EVERYWHERE(본사,지사,데이터센터,클라우드등)SECURITY�LANDSCAPE�ALWAYS�CHANGING
© 2018 Gigamon. All rights reserved. 6
Network Data Users Threats Tools
Remote Sites
PrivateCloud
On-PremData
Center
ServiceProvider
Public Cloud
Users
Partners
Customers
Employees
Customers
Revenue
Partners
Unknown
Applications
IP
IP
UnknownApplications
Unknown
Full Visibility “the single source of truth”
DATA in EVERYWHERE(본사,지사,데이터센터,클라우드등)SECURITY�LANDSCAPE�ALWAYS�CHANGING
© 2018 Gigamon. All rights reserved. 7
161718
131415
101112IPS
ATP
Forensics
7
4
1
DLP
SIEM
WAF
89
23
56
Firewall
Remotesites Public cloud
Internet
Virtualized server farm
Needs…..
보안툴로인해네트워크장애나지연시간증가가발생할까걱정입니다
보안툴구성을위한미러포트가부족합니다
보안툴업그레이드에따라네트워크가용성이훼손됩니다
보안장비와네트워크의상호의존성을최소화할
수있습니까 ?
Network Operations Security Operations
보안강화를위해네트워크전체트래픽(내부구간,가상화,리모트)을받아야
합니다
트래픽확보를위해네트워크팀의신속한협조가필요합니다.
늘어나는 SSL트래픽을효율적으로검사할수
있습니까?
빅데이터및 IoT 를위한보안방법은무엇입니까?
NETWORK OPSSECURITY OPS
© 2018 Gigamon. All rights reserved. 8
Tools and Apps
보안에대한새로운접근방법필요
G i g a S E C U R E ® S E C U R I T Y D E L I V E RY P L AT F O R MNext generation network packet broker, purpose built for security-specific capabilities
DATAPhysical, Virtual and Cloud Infrastructure
SSL DecryptionPhysical, Virtual and Cloud Metadata Engine Application Session
Filtering Inline Bypass
© 2018 Gigamon. All rights reserved. 10
플랫폼기반의네트워크보안설계
Data Loss Prevention
Data Loss PreventionData Loss
Prevention
IPS(Inline)
IPS(Inline)
IPS(Inline)
Email Threat Detection
Email Threat Detection
Email Threat Detection
Forensics
ForensicsForensics
IntrusionDetection SystemIntrusion
Detection System
IntrusionDetection System
Internet
Routers
“Spine”Switches
“Leaf”Switches
VirtualizedServer Farm
Anti-Malware(Inline)
Anti-Malware(Inline)
Anti-Malware(Inline)
IntrusionDetectionSystem
Data Loss Prevention
Email Threat Detection
IPS(Inline)
Anti-Malware(Inline)
Forensics
Isolation of applications for
targeted inspection
Visibility to encrypted traffic for
threat detection
Inline bypass for connected security
applications
A completenetwork-wide reach: physical and virtual
Scalable metadata extraction for
improved forensics
Security Delivery Platform
ü All tools still connectedü Fewer network touch points
ü Enhanced tool efficiencyü Decreased OPEX costs
© 2018 Gigamon. All rights reserved. 11
Without Platform
Firewall
IPS
WAF
ATP
Router
Switch
문제점
• 여러장애포인트존재
• 보안장비의 Physical interfaces 는네트워크와반드시매치
• 보안장비로인한네트워크성능저하
• 보안장비확장의어려움
• OS업그레이드시혹은교체시네트워크단절위험
• 비대칭라우팅으로인한보안장비탐지의어려움
© 2018 Gigamon. All rights reserved. 12
With Platform
중단없는보안장비추가,삭제및업그레이드
Single Point Failure한계극복(Bypass-protected 솔루션)
Inline 및 OOB보안솔루션통합
보안툴효율극대화
보안모니터링범위확장IPS WAF WAF OOB
ATP ATP ATP ATP
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 13
Firewall
Routers
Remotesites
Spine switches
Leafswitches
Public cloud
Internet
Virtualizedserver farm
161718131415 101112
IDSATP Forensics
#1 - OOB 네트워크보안솔루션효율화
7 41
DLPSIEMUEBA
8923 56
S E C U R I T Y D E L I V E R Y P L A T F O R MRouters
API
OOB�보안 솔루션들에맞는트래픽만선별하여전달- 초기 투자비감소및탐지/분석률 향상
특정Application에대한세션선별
SSL 암/복호화
트래픽수집- Physical가상화Public
메타데이타생성
(DNS, URL, SSL, HTTP Res. Code)
HTTP, FTP 메타데이타 웹,이메일스트리밍/비디오를
제외한모든트래픽
스트리밍/비디어,MS업데이트등제외한나머지
스트리밍/비디어,MS업데이트등제외한나머지
중복패킷제거
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 14
#1 - OOB 네트워크보안솔루션효율화(계속)OOB�솔루션에 대해 12가지의 트래픽인텔리전트기능제공
SSL/TLSDecryptionMasking
•패킷내부개인정보마스킹
NetFlow &Metadata Generation
•수집된패킷에대한100% NetFlow 및메타데이타생성
•암호화된 SSL/TLS트래픽을복호화(Inline or OOB)
Header Stripping
• VLAN, VxLAN, MPLS와같은헤더제거
Tunneling/ERSPANTermination
•본사/지사간암호화된트래픽전달 (L2GRE)
FlowVUE™
• IP, User, 세션기반 Flow –aware 트래픽샘플링
PacketSlicing
•패킷분할을통한패킷사이즈최적화
Source PortLabeling
•개별패킷에인입포트라벨을추가
GTP Correlation
•통신사가입자기반트래픽필터링
De-duplication
•다중구간에서수집된중복패킷제거
Adaptive Packet Filtering
• L7기반의 패턴기반트래픽필터링(패킷단위)
Application Session Filtering
• L7기반의 패턴기반트래픽필터링(세션단위)
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 15
#2 - Inline 네트워크보안솔루션효율화인라인장비구성및운영에대한유연성, 생존성 & 손쉬운확장성제공 보안 대응태세향상
Firewall
Routers
Spine switches
15
WAF
DDoS
IPS• 인라인바이패스
• SSL복호화
SSL -복호화
인라인솔루션
OOB솔루션
포렌식Leafswitches
Virtualizedserver farm
UEBA/APT
15
Health Check(Link, NIC, App.)
부하분산(세션기반)
서비스체이닝(Flexible Inline Arrangement)
비대칭트래픽이슈해결
Maintenance프로세스개선
네트워크업그레이드시기존보안장비유지및투자보호
추가 Tap기능제공
툴별성능고려트래픽전달분석대상트래픽선별전달
인터넷관문포함,전체네트워크트래픽수집및전달
전체트래픽(SSL -복호화)
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 16
Inline SSL Decryption
Inline SSL Decrypt
x2
x3 x4
x1
User
x5
IDS(OOB Tool)
IPS(Inline Tool)
H Series
BPS Pair
Web Server
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 17
서비스체이닝동작
인라인보안솔루션특성에따른트래픽전송및보안서비스체인구성
All Traffic
Inline traffic component Other Traffic
Inline traffic component Gateway FTP
Inline traffic component Gateway Web
Inline traffic component Gateway Crypto
IPS 0-Day DLP FWSSLProxy/WAF
URLFilter SSL
Core Switch
SSL 443 SSL 443
DMZServer A
Router
80/8080 80/8080
FTP 21 FTP 21
Other Other
ALL ALLDMZ
Server B
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 18
서비스체이닝동작 - A센터예SDP 인라인배치및보안솔루션별필요한트래픽만전달 초기 도입비용절감및생존성/유연성극대화
서비스체인구성예
§ DDoS의심트래픽
ü DDoS의심트래픽à DDoS à IPS
§ SSL트래픽
ü TCP 443 à SSL 복호화à IPS
àWAF à SSL암호화
§ 웹트래픽
ü TCP 80 à IPS à WAF
§ 전체트래픽
ü 나머지트래픽à IPS
Firewall
Routers
Spine switches
15
WAF
DDoS
IPS인라인바이패스
인라인솔루션
OOB솔루션
IDSLeafswitches
Virtualizedserver farm
APT
15
전체트래픽(SSL -복호화)
SSL
© 2018 Gigamon. All rights reserved. 19
HC SeriesGigamon Product
HC2 HC3
16 – 32 ports
10M/100M/1G/10G ports
2Gbps
1 (Integrated)
284 Gbps
1RU
2 – 96 ports
1G/10G/40G/100G ports
3-15Gbps
1-5 (Modular)
960 Gbps
2RU
32 – 128 ports
10/40/100G ports
12-48Gbps
1- 4 (Modular)
6.4Tbps
3RU
TAP1 TAP2 TAP3 TAP4
RDY
POWER ON/OFF
RDY
POWER H/SX1/X2 X3/X4A1 B1 M1 A2 B2 M2
X1/X2
RDY PWR FAN PTP PPS M/S
Stack/PTPMgnt / Con G1 / G2 G3 / G4
USB
X3/X4 X5/X6 X7/X8 X9/X10 X11/X12
Port Count
Port Speeds (1)
TLS Performance
GigaSMART engines
Bypass (Cut-Thru) capacity
Form Factor
Notes: (1) Bolded text indicates the availability of physical inline bypass (aka. “fail to wire”) on this appliance(2): TLS performance includes BOTH decrypt and re-encrypt operations, thus representing true through-put.
HC1
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 20
인라인바이패스 –장비(전원) Fail극복
광스플릿터이용, 전원 Fail시에도 네트워크생존성보장
� ( )-�
Internet
관문 라우터
백본 스위치
보안그룹#1
보안그룹#2
보안그룹#3
Only HTTP, FTP
전체 트래픽
Only HTTP(S)
Only Email
보안그룹#4
광스플릿터
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 21
인라인보안솔루션가용성체크
HEALTH�CHECK 방식 및 바이패스방안
• Positive�HB:�ARP/IP�패킷을양방향으로전송
• Negative�HB�:� 보안장비차단패킷을양방향으로전송(차단: 정상)
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 23
보안장비라이프사이클연장
VoIP Analyzer
Application PerformanceManagement
Intrusion Detection System (IDS)
Packet Capture
10Gb+ 1Gb10Gb+ 1Gb
• 보안 및 분석 솔루션의 라이프사이클 연장 및투자 규모 시기의 탄력적 계획 가능
Intrusion DetectionSystem
VoIPMonitor
Application PerformanceManagement
PacketCapture
• 네트워크 업그레이드에 따라기존 보안 및 분석 솔루션 업그레이드 필요
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 24
인라인보안장비구성및운용Backbone Switch
OSPF Routing/
Multicast Routing
보안장비 장애 시 불필요한 라우팅 경로 변경 발생
- 장비 장애 발생 시 불필요한 라우팅 경로 변경에 따른 서비스 안정 저하
- 장비 내 트래픽 홀딩 시 트래픽 처리 불가에 따른 트래픽 손실 발생
- 보안 장비에 따라, Active-Standby 운용
OSPF Routing/
Multicast Routing
장애 시 라우팅 경로 변경 발생
보안장비 장애 시에도 라우팅 경로 변경 없음
- 보안장비 장애 발생 시 기가몬 장비에서 트래픽 바이패스를 통한 정상 처리
- 기존 운영 네트워크망에서 불필요한 라우팅 경로 발생이 없음
- 구성 변경없이 Active-Active 운용
장애 시에도 라우팅 경로 변경 없음Inline-Bypass
고객접속구간 Backbone Switch
Backbone Switch
고객접속구간 Backbone Switch
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 25
3rd Party SSL 복호화솔루션연동
IPS
DLP
SSL 장비
DPI
SSL 장비
IPS
DLP
SSL Proxy
DPI
Inline Tools
SSL Proxy (Decryption)
IPSDLPDPI
1
12
2
3
49 6 58 7
10
11Encrypted Traffic
Clear Text
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 26
비대칭라우팅환경구성시
Internet Internet
Internet
Distribution
2 TrafficPaths
4 TrafficPaths
Internet Internet
Internet
Distribution
2 TrafficPaths
4 TrafficPaths
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 27
보안장비효율화 – Application Intelligence(3,200+ App.자동인식)
Internet Internet
UBA/NBA(행위기반 보안분석 시스템)
보안장비 보안장비 보안장비 보안장비
불필요한 트래픽
관련 트래픽
보안장비 보안장비 보안장비 보안장비
관련 트래픽
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 28
가상화환경의트래픽모니터링
• vCenter통합
• Bulk GigaVUE-VM 실행• Virtual traffic 정책생성
• 모니터링정책의자동마이그레이션GigaVUE-FM
PrivateCloud
SERVER I SERVER II
ApplicationPerformance
Network Management
Security
Virtual Traffic Policies
TunnelingInternet
Production Network Tools and Analytics
• VMWare ESXi• OpenStack/KVM• AWS, Azure• Cisco ACI, VMware NSX
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 29
Fabric Manager: Map Traffic Flows with Flexible Inline
GigaVUE-FM
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 31
ü 2016년기준미국기술기업내가장빠르게성장하는기업 5위
ü 설립연도 : 2004년 (Pioneered Market)
ü 본사위치 : 미국, 캘리포니아산타클라라
ü 주요사업 : 보안및관리툴을위한가시성시장의리더및 Innovator
ü 사업분야 : 모바일(Mobile), 데이터센터(Datacenter), 클라우드 (Cloud)
ü 보유기술 : 26 개핵심특허권, 28 개특허심사중
ü 주요고객 : 2900+ 고객
(포춘 100대기업중 83개+, 전세계글로벌 100대통신사중 50개+)
31
Gigamon has a full portfolio of network monitoring equipment, addressing the whole range of deployments from small to very large.
- IHS Technology, Network Monitoring Equipment Annual Report (May 2017)
“기가몬은마켓리더로서, 네트워크전반의가시성을제공하는모든제품군을제공하고있다. “
“The Gigamon Visibility Platform enables our customers to accelerate …migration of their existing applications and workloads for richer content nspection and protection of their mission-critical workloads and data.” - Tim Jefferson, Global Ecosystem Leader-Security, Amazon Web Services, Inc.,
November 2016“기가몬은퍼블릭클라우드상에서중요데이터에대한
가시성을제공하여클라우드비즈니스로의이전을가능하게한다."
“Gigamon is the market share leader…delivering Layer 2 through Layer 7 visibility, filtering and correlation via its GigaSMART platform.”
- Market Guide for Network Packet Brokers, January 2016
“기가몬은전세계 NBP 마켓의 37.5%를차지하는마켓리더이다"
“기가몬은복잡한보안아키텍처를단순화하는데도움을준다.“
“A Security Delivery Platform helps eliminate many of the security architectural deficiencies that have led to so many high-profile breaches.”
- Jon Oltsik, Senior Principal Analyst, ESG, July 2015
회사소개
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 32
5.2 주요 에코 파트너사
1377670
TM
PerformanceManagement
ServiceProviderSecurity and Vulnerability Management
Infra-structure
회사소개
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 33
A broad spectrum of brand-name customers.
엔터프라이즈
글로벌 TOP 100 SP내50+ 사업자
서비스사업자
2980+ 글로벌고객 (As of Q3,18’) Fortune 100대기업내 83+ 고객
TECHNOLOGY GENERAL ENTERPRISE / MISC.
RETAIL /SERVICES FINANCE HEALTHCARE
정부기관
레퍼런스
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 34
어플리케이션Gigamon
Applications3rd Party Apps
(e.g. Splunk, Viavi) Applications & Tools
Infrastructure,User Community
트래픽인텔리전스
패브릭 노드
(물리적환경, 가상화환경, 원격지노드및향후 SDN 상용
네트워크)
패브릭서비스Flow Mapping®
패브릭 컨트롤(관리 SW)
Inline Bypass
GigaVUE-HC2
H S
erie
s
TA S
erie
s
Virt
ual V
isib
ility
TAPs
G-TAP
G-TAP A Series
G-TAP BiDi
Embedded TAPs
GigaVUE-FM
Clustering
GigaVUE-HC3
G-TAP M Series
FabricVUE™ Traffic Analyzer
De-duplication
Slicing
FlowVUE™
Masking
GTP Correlation
Header Stripping Tunneling
SSL Decryption
Adaptive Packet Filtering
Application Session Filtering
Time Stamping
API
NetFlow Generation
API
GigaVUE-TA10
White Box –GV/OS
GigaVUE-TA40
GigaVUE-TA100GigaVUE-VM
VMWare, OpenStackAWS, Azure
GigaVUE-HC1
API
API
포트폴리오
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 35
Forrest 컨설팅리포트 – The Total Economic Impact of Gigamon
153%ROI
7 months투자회수기간
50%보안비용절감
The Total Economic ImpactTM, Forrester Consulting, April 2016.
Customer Validation
Confidential and Proprietary. For Internal Use Only. © 2018 Gigamon. All rights reserved. 36
결론 - Key benefits
1. Full 네트워크가시성제공ü 본사,원격지,가상화, Public네트워크에대한 Full 가시성확보ü SSL(In & Outbound)트래픽가시성제공
2. 네트워크/보안솔루션효율화ü 필요한트래픽만솔루션전달(초기도입비용감소)ü 운영효율극대화(탐지/분석률 향상및운영비용감소)
3. 네트워크보안유연성/생존성극대화ü 인라인/OOB 장비구성및운영에대한유연성/생존성제공ü Event발생시신속한대응가능(트래픽확보및신규대응솔루션추가)
QnA인성디지탈 기가몬영업팀 양대상 차장 E. [email protected] | T. 02-2105-4636 | M. 010-2675-1744