This document summarizes a presentation about extending network visibility in Azure using Microsoft, Gigamon, and Fidelis. It discusses Azure Virtual Network TAP, Gigamon Cloud for aggregating and distributing traffic in Azure, and how Fidelis Network can be used for threat detection, content inspection, and automated response. The integration of these solutions provides security and operations teams visibility into network traffic across Azure environments to more effectively monitor for threats and inspect content.
2. Presenting today
Karthik Ananthrakrishnan
Program Manager Azure Networking
Microsoft
Baseer Balazadeh
Senior Technical Marketing Engineer
Gigamon
Tom Clare
Senior Product Marketing Manager
Fidelis Cybersecurity
2
3. Agenda
• Overview of Microsoft Azure Virtual Network TAP
• Gigamon Cloud Overview
• Examine Gigamon Cloud for Azure
• Integration with Fidelis Network
• Review how to detect threats, inspect content and automate
response with Fidelis Network
3
7. Virtual Network TAP
Azure Load
Balancer
App Tier Subnet
Web Tier Subnet
Network Packet
Broker
Monitoring Subnet
VM Production Traffic
VM Mirrored Traffic
Virtual Network
TAP
Tools
Security
Operations
Network
Operations
Application
Operations
Forensics
7
8. Virtual Network TAP
Continuous streaming of virtual machine network traffic to packet collector
Agentless!
Enabling network and application performance management solutions, security
analytics tools
Complete segmentation of security ops and VM owner in a monitoring boundary. VM
owner cannot delete TAPs configured by Security Ops
8
11. 2019 Gigamon. All rights reserved. 11
Assure the public cloud is being used securely by entire enterprise
Not just identity and access management
Deploy more applications in the public cloud while meeting the needs of compliance and
security
Detect and respond to security or network anomalies
Detect application bottlenecks
Detect lateral movement of threats
Detect data exfiltration
Deploy a well-defined cloud security architecture
Challenges for Cloud Ops and Security Ops Teams
12. 2019 Gigamon. All rights reserved. 12
Public Cloud Visibility Challenges and Gigamon Solution
X Inability to access all traffic
X Discrete vendor monitoring agents per instance
X Impacts workload and virtual network performance
X Static visibility with heavy disruption
✓ Minimize agent overload
✓ Aggregate, select, optimize, and distribute traffic
✓ Customize orchestration and
single-pane-of-glass visualization
✓ Elastic Visibility with ATS as workloads scale-out
Database
Web
Tier
App
Tier
Load Balancer
Tool Tier
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Load Balancer
GigaSECURE Cloud
RDS
Web
Tier
App
Tier
ELB
ELB
Tool Tier
Region
AZ
VPC
Database
Web
Tier
App
Tier
Load Balancer
Load Balancer
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Visibility Tier
GigaVUE-FM
Tool
Tier
Load Balancer Subnet Database Availability Zone (AZ)ToolInstances
14. 2019 Gigamon. All rights reserved. 14
Visibility into Microsoft Azure
Azure: Generally Available
GigaVUE-Cloud is an intelligent network
traffic visibility solution that enables
enterprises to secure mission-critical
workloads in Azure
15. 2019 Gigamon. All rights reserved. 15
Deployment Scenario: Azure Hybrid Infrastructure
Availability Set
Web Tier
Subnet
Azure Load
Balancer
Virtual Network
Availability Set
App Tier
Subnet
Azure Load
Balancer
SQL
Database
Visibility Tier
Tool
Tier
Tool
Tier
GigaVUE-FM
2
Deploy Visibility Tier2
Tunneling
4 4
Aggregate and distribute
customized traffic to tools
4
Azure
APIs
1
Integrate with Azure APIs1
Copy Virtual Machine traffic3
3
3
On-Premises Data Center
Data center
RouterVPN Gateway
16. 2019 Gigamon. All rights reserved. 16
Deployment Scenario: Azure Centralized Visibility
Visibility Subnet Tool
Subnet
Visibility Subnet
GigaVUE-FM
Azure APIs
On-Premises
Data Center
Security, Performance Management,
and Analytics Tools
App Tier
Subnet
Web Tier
Subnet
Applications SecOps Business
Units
Visibility Subnet
App Tier
Subnet
Web Tier
Subnet
ExpressRoute
17. 2019 Gigamon. All rights reserved. 17
Deployment Scenario: PaaS
Availability Set
Web
Tier
Subnet
Availability Set
Business
Tier
Subnet
Internet
Virtual Network
Data
Tier
Subnet
Availability Set
REST APIs
GigaVUE-FM
Azure
APIs
Cloud Tools
Configure
Policies
GigaVUE® V Series
18. 2019 Gigamon. All rights reserved. 18
Visibility Tier
Virtual Network 1 Virtual Network 2
Azure Load
Balancing
Azure Load
Balancing
Tool Tier
WireShark
West Central RegionWest US Region
Tool Tier
Splunk
Insight
Fidelis
Peering
Fabric Manager
Application
Performance
Netflow
v5, v9, IPFIX
Slicing
WordPress
Node.js
WebApp
DVWA
Windows
Server
NOC/SOC
Agentless Visibility (Azure vTAP)
Azure API
19. 2019 Gigamon. All rights reserved. 19
GigaVUE V Series
Visibility nodes that aggregate, select, optimize and distribute
traffic
• Acquire and aggregate traffic from G-vTAP agents and Azure vTAP
• Advanced filtering using Flow Mapping
• Generate summarized flow records from network traffic with
NetFlow/IPFIX generation
• Obscure sensitive data with Header Transformation
• Optimize selected traffic with GigaSMART® slicing, sampling, and
masking
• Distribute optimized traffic to tools located anywhere
• Elastic scale and performance
Traffic Aggregation, Optimization, and Distribution
RDS
Web
Tier
App
Tier
ELB
ELB
Tool Tier
Region
AZ
VPC
Database
Web
Tier
App
Tier
Load Balancer
Load Balancer
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Visibility Tier
GigaVUE-FM
Tool
Tier
GigaVUE V Series
20. 2019 Gigamon. All rights reserved. 20
GigaVUE FM
Centralized orchestration and single-pane-of-glass visualization
• Tight integration with cloud provider APIs (AWS and Azure)
o Quickly detect compute instance changes
o Automatically adjust Visibility Tiers
• Open REST APIs can be consumed by tools
o Dynamically adjust traffic received
• Auto-discovery and end-to-end topology visualization
Orchestration and Management
RDS
Web
Tier
App
Tier
ELB
ELB
Tool Tier
Region
AZ
VPC
Database
Web
Tier
App
Tier
Load Balancer
Load Balancer
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Visibility Tier
GigaVUE-FM
Tool
Tier
GigaVUE-FM
21. 2019 Gigamon. All rights reserved. 21
Network &
Application
Performance
Management
Azure: Cloud Validated Tools
Security and
Vulnerability
Management
Infrastructure
Open Source
22. 2019 Gigamon. All rights reserved. 22
Summary
• Patented Flow
Mapping® to customize
and distribute traffic of
interest
• GigaVUE-FM: Intuitive
drag-and-drop user
interface
• Automatic Target
Selection®: Elastic and
automated visibility for
new workloads
• Open REST APIs for
Automation and
Orchestration
• Patented GigaSMART®
traffic intelligence:
Slicing, Masking,
Sampling,
NetFlow/IPFIX*
• Optimize Tool
performance, reduce
network backhaul
• Multi-Cloud: Azure,
AWS, VMware,
OpenStack
• Benefits any tool any
where that needs
network traffic for
analysis