December 20, 2024
What is Gigamon Application Intelligence?
Gigamon Application Intelligence is a set of capabilities for providing visibility and context across the Gigamon Deep Observability Pipeline for discovering, managing, and securing complex, multi-tier applications regardless of their location.
Gigamon Application Intelligence is designed to give IT teams full visibility into applications running in their data centers and public clouds. It allows businesses to maintain a consistently strong security posture across their entire hybrid environment, as well as get to the root causes of vulnerabilities and performance bottlenecks.
Gigamon Application Intelligence is available for all GigaVUE HC Series physical appliances and GigaVUE Cloud Suite with GigaVUE V Series.
Why should you care?
Most visibility tools (including SIEMs and the native tools provided by AWS/Azure/Google/etc.) are limited to metrics, events, logs and traces (MELT). While essential, telemetry based only on MELT omits a critical key to deep observability—pervasive visibility into network traffic.
Adding Gigamon Application Intelligence’s deep packet-level views of network activity to your customers’ tool and telemetry stacks is essential for the following reasons:
- All cyberattacks are conducted and coordinated across the network.
- Unlike logs, network packets are an immutable evidence trail for cyberattacks.
- Network detection and response (NDR) is unique in that it can monitor threats to environments where the endpoints cannot typically run a security agent.
How does Gigamon Application Intelligence work?
Gigamon Application Intelligence utilizes the following GigaSMART deep packet inspection capabilities with the following tools:
- Application Metadata Intelligence provides summarized and context-aware information about raw packets based on the analysis of layers 4-7 for use by ecosystem solutions, such as SIEM and performance monitoring tools.
- Application Filtering Intelligence brings granular application awareness to on-prem and cloud-based network and security operations centers by automatically identifying, selecting and delivering only the most important application data.
Application Metadata Intelligence
Gigamon Application Metadata Intelligence (AMI) generates more than 6,000 attributes for over 4,000 applications without impacting the users, devices, applications, or the network appliances. This feature identifies applications even when the traffic is encrypted. Hybrid-cloud blind spots, both East-West (such as between container nodes within VMs) and North-South (when application traffic transits between multiple environments) are eliminated. This enables rapid identification of indicators of compromise (IoC) for security analytics and forensics tools.
There is no need for your customers to buy additional tools or change their monitoring processes. Gigamon has pre-built integrations with the most common security and observability tools. Now, the top item on an operations team’s wish list—to have a single-pane-of-glass for unified visibility across all environments—is a reality!
Click on image to view a larger version.
MELT + Networked-derived intelligence = Unified and pervasive visibility
Gigamon AMI Starter Packs are available and are comprised of pre-defined tool templates and plugins. The pre-defined tool templates help to export the relevant metadata attributes from the Gigamon device, and the plugins help to visualize the use cases in our partner ecosystem tools. Customers can download the plugins from the partner’s marketplace as applicable. There are Starter Pack templates for Security Posture, Anomalous Traffic, Troubleshooting, Suspicious Activities, Rogue Activities, and M-21-31 Logging.
Application Filtering Intelligence
Application Filtering Intelligence (AFI) directs traffic by application (or application family) to the appropriate tools for over 4,000 apps. Using simple flow control, your customers can pass specific traffic or drop irrelevant application traffic to their tools, saving storage and processing resources. Use cases show AFI can increase efficiency and capacity by up to 80 percent.
AFI employs flow pattern matching, bi-directional flow correlation, heuristics, and statistical analysis to accurately identify thousands of standard and custom applications, and directs that information, along with AMI, to selected tools to improve their efficiency.
In the chart below, you will see how Application Filtering Intelligence helps filter applications and send the right data to the right tools.
Click on image to view a larger version.
Application Filtering Intelligence provides the ability to isolate the application (and its components and protocols) and direct that traffic using the GigaVUE-FM Fabric Manager. To further facilitate apps-to-tool matching, policies can easily be enforced on categories of applications. For example, administrators can define a set of tools that analyze all corporate traffic, another for all database traffic, and a third set for shadow IT and P2P traffic.
Gigamon Deep Observability Pipeline
The Gigamon Deep Observability Pipeline addresses the challenges of providing pervasive packet-level visibility for both on-prem networks, as well as private/public clouds. Access to packets is orchestrated across any virtual, cloud, or on-prem environment by GigaVUE-FM Fabric Manager using a combination of physical TAP/SPAN and orchestrating virtual network taps in hypervisor/hyperscaler environments. Once the packets enter the pipeline, they are transformed by GigaSMART applications, such as deduplication and decryption to maximize the efficiency and effectiveness of every tool in your customer’s stack.
The chart below illustrates how Gigamon accesses packets pervasively to create an optimized pipeline of enriched network data to an organization’s tools.
Click on image to view a larger version.
The ultimate purpose of the Gigamon Deep Observability Pipeline is to efficiently deliver network-derived intelligence to existing tools to gain real-time visibility into all network traffic. Maximum efficiency is achieved by combining GigaSMART applications to eliminate unwanted or unnecessary traffic for each individual tool. Once unwanted “noise” is eliminated, packets can be sent to the tools that need them, or metadata can be exported in multiple formats.
Click on image to view larger version.
Differentiation in the market
With a typical reduction of data sent to tools of 60 to 80 percent, Gigamon Application Intelligence capabilities provide immediate savings on tool spend and efficacy for any environment. A core component of the Gigamon Deep Observability Pipeline, the GigaVUE Cloud Suite offers a much more cost-effective solution for cloud visibility, eliminating the need for expensive default services.
In addition, the GigaVUE Universal Cloud Tap (UCT) captures traffic efficiently, and the GigaVUE V Series virtual packet broker provides intelligent routing and load balancing. This combined approach delivers superior visibility and cloud cost management, as well as automated scaling and consistent management of visibility across hybrid and multi-cloud environments.
More information
Arrow’s Gigamon team can help you grow your business and meet your customers’ cybersecurity and network visibility needs. Our channel business managers are experts in the entire Gigamon product line and programs, and our certified Gigamon engineers have years of experience in selling and supporting the entire Gigamon portfolio. Reach out to us today!
To learn more, check out these additional resources:
About the author
