This document summarizes a presentation about extending network visibility in Azure using Microsoft, Gigamon, and Fidelis. It discusses Azure Virtual Network TAP, Gigamon Cloud for aggregating and distributing traffic in Azure, and how Fidelis Network can be used for threat detection, content inspection, and automated response. The integration of these solutions provides security and operations teams visibility into network traffic across Azure environments to more effectively monitor for threats and inspect content.

1. EXTENDING AZURE
NETWORK VISIBILITY
WITH MICROSOFT, GIGAMON AND FIDELIS

2. Presenting today
Karthik Ananthrakrishnan
Program Manager Azure Networking
Microsoft
Baseer Balazadeh
Senior Technical Marketing Engineer
Gigamon
Tom Clare
Senior Product Marketing Manager
Fidelis Cybersecurity
2

3. Agenda
• Overview of Microsoft Azure Virtual Network TAP
• Gigamon Cloud Overview
• Examine Gigamon Cloud for Azure
• Integration with Fidelis Network
• Review how to detect threats, inspect content and automate
response with Fidelis Network
3

4. Azure Virtual Network TAP
Karthik Ananthakrishnan
Program Manager, Networking

5. Forensics
On-Premises
Microsoft
Azure
Network Packet
Broker
TAP
Internet
Network traffic visibility in on-premise networks
5

6. First native distributed cloud scale TAP
available in public cloud!
6

7. Virtual Network TAP
Azure Load
Balancer
App Tier Subnet
Web Tier Subnet
Network Packet
Broker
Monitoring Subnet
VM Production Traffic
VM Mirrored Traffic
Virtual Network
TAP
Tools
Security
Operations
Network
Operations
Application
Operations
Forensics
7

8. Virtual Network TAP
Continuous streaming of virtual machine network traffic to packet collector
Agentless!
Enabling network and application performance management solutions, security
analytics tools​
Complete segmentation ​of security ops and VM owner in a monitoring boundary. VM
owner cannot delete TAPs configured by Security Ops
8

9. Gigamon Cloud
Baseer Balazadeh – Sr Technical
Marketing Engineering, Cloud

10. © 2018 Gigamon. All rights reserved. For Internal Use Only 10
Security
Intelligence
Visibility Nodes
Physical, Virtual, and Cloud Infrastructure
Management and
Orchestration
Gigamon Product Portfolio
GigaVUE-FM
▸ Flow Mapping® ▸ Clustering▸ Inline Bypass
▸ GigaVUE H Series
Intelligent Visibility
Virtual
▸ GigaVUE TA Series
Tap Aggregators
▸ G-TAP
Taps
GigaVUE-OS
▸ GigaStream®
Physical
▸ GigaVUE-VM
Tap Aggregator
Cloud
▸ GigaVUE V Series
Intelligent Visibility
▸ G-vTAP
Virtual Taps
Core Intelligence
Insight
Data Store
▸ Detect
▸ Investigate
GigaSMART® Application Intelligence
► Application Visualization
► Application Filter Intelligence
► Application Metadata Intelligence
Subscriber Intelligence
▸ GTP Correlation
▸ FlowVUE® Flow Sampling
▸ SIP/RTP Correlation
▸ 5G/CUPS Correlation
Traffic Intelligence
▸ De-duplication
▸ Slicing
▸ Masking
▸ SSL/TLS Decryption
▸ NetFlow Generation
▸ Advanced Load Balancing
▸ Tunneling
▸ Adaptive Packet Filtering
▸ Header Stripping
API IQL

11. 2019 Gigamon. All rights reserved. 11
Assure the public cloud is being used securely by entire enterprise
Not just identity and access management
Deploy more applications in the public cloud while meeting the needs of compliance and
security
Detect and respond to security or network anomalies
Detect application bottlenecks
Detect lateral movement of threats
Detect data exfiltration
Deploy a well-defined cloud security architecture
Challenges for Cloud Ops and Security Ops Teams

12. 2019 Gigamon. All rights reserved. 12
Public Cloud Visibility Challenges and Gigamon Solution
X Inability to access all traffic
X Discrete vendor monitoring agents per instance
X Impacts workload and virtual network performance
X Static visibility with heavy disruption
✓ Minimize agent overload
✓ Aggregate, select, optimize, and distribute traffic
✓ Customize orchestration and
single-pane-of-glass visualization
✓ Elastic Visibility with ATS as workloads scale-out
Database
Web
Tier
App
Tier
Load Balancer
Tool Tier
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Load Balancer
GigaSECURE Cloud
RDS
Web
Tier
App
Tier
ELB
ELB
Tool Tier
Region
AZ
VPC
Database
Web
Tier
App
Tier
Load Balancer
Load Balancer
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Visibility Tier
GigaVUE-FM
Tool
Tier
Load Balancer Subnet Database Availability Zone (AZ)ToolInstances

13. GigaVUE-Cloud for Azure

14. 2019 Gigamon. All rights reserved. 14
Visibility into Microsoft Azure
Azure: Generally Available
GigaVUE-Cloud is an intelligent network
traffic visibility solution that enables
enterprises to secure mission-critical
workloads in Azure

15. 2019 Gigamon. All rights reserved. 15
Deployment Scenario: Azure Hybrid Infrastructure
Availability Set
Web Tier
Subnet
Azure Load
Balancer
Virtual Network
Availability Set
App Tier
Subnet
Azure Load
Balancer
SQL
Database
Visibility Tier
Tool
Tier
Tool
Tier
GigaVUE-FM
2
Deploy Visibility Tier2
Tunneling
4 4
Aggregate and distribute
customized traffic to tools
4
Azure
APIs
1
Integrate with Azure APIs1
Copy Virtual Machine traffic3
3
3
On-Premises Data Center
Data center
RouterVPN Gateway

16. 2019 Gigamon. All rights reserved. 16
Deployment Scenario: Azure Centralized Visibility
Visibility Subnet Tool
Subnet
Visibility Subnet
GigaVUE-FM
Azure APIs
On-Premises
Data Center
Security, Performance Management,
and Analytics Tools
App Tier
Subnet
Web Tier
Subnet
Applications SecOps Business
Units
Visibility Subnet
App Tier
Subnet
Web Tier
Subnet
ExpressRoute

17. 2019 Gigamon. All rights reserved. 17
Deployment Scenario: PaaS
Availability Set
Web
Tier
Subnet
Availability Set
Business
Tier
Subnet
Internet
Virtual Network
Data
Tier
Subnet
Availability Set
REST APIs
GigaVUE-FM
Azure
APIs
Cloud Tools
Configure
Policies
GigaVUE® V Series

18. 2019 Gigamon. All rights reserved. 18
Visibility Tier
Virtual Network 1 Virtual Network 2
Azure Load
Balancing
Azure Load
Balancing
Tool Tier
WireShark
West Central RegionWest US Region
Tool Tier
Splunk
Insight
Fidelis
Peering
Fabric Manager
Application
Performance
Netflow
v5, v9, IPFIX
Slicing
WordPress
Node.js
WebApp
DVWA
Windows
Server
NOC/SOC
Agentless Visibility (Azure vTAP)
Azure API

19. 2019 Gigamon. All rights reserved. 19
GigaVUE V Series
Visibility nodes that aggregate, select, optimize and distribute
traffic
• Acquire and aggregate traffic from G-vTAP agents and Azure vTAP
• Advanced filtering using Flow Mapping
• Generate summarized flow records from network traffic with
NetFlow/IPFIX generation
• Obscure sensitive data with Header Transformation
• Optimize selected traffic with GigaSMART® slicing, sampling, and
masking
• Distribute optimized traffic to tools located anywhere
• Elastic scale and performance
Traffic Aggregation, Optimization, and Distribution
RDS
Web
Tier
App
Tier
ELB
ELB
Tool Tier
Region
AZ
VPC
Database
Web
Tier
App
Tier
Load Balancer
Load Balancer
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Visibility Tier
GigaVUE-FM
Tool
Tier
GigaVUE V Series

20. 2019 Gigamon. All rights reserved. 20
GigaVUE FM
Centralized orchestration and single-pane-of-glass visualization
• Tight integration with cloud provider APIs (AWS and Azure)
o Quickly detect compute instance changes
o Automatically adjust Visibility Tiers
• Open REST APIs can be consumed by tools
o Dynamically adjust traffic received
• Auto-discovery and end-to-end topology visualization
Orchestration and Management
RDS
Web
Tier
App
Tier
ELB
ELB
Tool Tier
Region
AZ
VPC
Database
Web
Tier
App
Tier
Load Balancer
Load Balancer
Virtual Network or Virtual Private Cloud
AZ
CSP IaaS
NW
Visibility Tier
GigaVUE-FM
Tool
Tier
GigaVUE-FM

21. 2019 Gigamon. All rights reserved. 21
Network &
Application
Performance
Management
Azure: Cloud Validated Tools
Security and
Vulnerability
Management
Infrastructure
Open Source

22. 2019 Gigamon. All rights reserved. 22
Summary
• Patented Flow
Mapping® to customize
and distribute traffic of
interest
• GigaVUE-FM: Intuitive
drag-and-drop user
interface
• Automatic Target
Selection®: Elastic and
automated visibility for
new workloads
• Open REST APIs for
Automation and
Orchestration
• Patented GigaSMART®
traffic intelligence:
Slicing, Masking,
Sampling,
NetFlow/IPFIX*
• Optimize Tool
performance, reduce
network backhaul
• Multi-Cloud: Azure,
AWS, VMware,
OpenStack
• Benefits any tool any
where that needs
network traffic for
analysis

23. Fidelis Network
DETECT. HUNT. RESPOND.

24. © Fidelis Cybersecurity
What You Get With Fidelis Network
24
VISIBILITY
Minimize false positives and
shift from clues to conclusions
so you can quickly address
the alerts that matter most.
Conduct real-time network
analysis and identify behaviors
that indicate compromises.
Automate detection for the
proactive discovery of attackers,
suspicious hosts, and malware.
Identify threats and data
leakage using deep inspection
and analysis of all forms of
content, including unpacking
and extraction of deeply
embedded files.
DETECTION RESPONSE
Threat Prevention
and Detection
Rich Metadata of
Content & Context
DLP for Network,
Email & Web
Automated Response
Playbooks & Scripts
Threat Research &
Intelligence Feeds

25. © Fidelis Cybersecurity
Detection & Response Visibility
25
• All ports and protocols with DPI, DSI (Layer7), and PCAPs
• Bi-directional analysis with full session reassembly
• Protocol, application, and deep content decoding with
recursive extraction
• Direct, internal, email, web and cloud traffic sensor
locations for wide visibility
• Cyber terrain asset profiling and classification including
importing external sources
• Structured metadata for over 300 attributes, indexed for
fast queries to investigate and hunt
• Enhanced metadata (e.g. alerts, threat intel, geo-
location, policy tagging, ID2IP)
• Custom tags from content of decoded objects (e.g.
author, footer, keyword)
• Metadata storage on-premises or cloud for 360+ days for
retrospective analysis
North-SouthEast-West
Office 365

26. © Fidelis Cybersecurity
Configuration, Investigation, Analysis, Response, Integration
Deep Session Inspection®
Metadata
and Tags
D E E P S E S S I O N I N S P E C T I O N ®
Content Analysis,
Malware Detection
Deep Content
Decoding
Protocol and
Application Decoding
Full Session
Reassembly
Real-Time
Threat
Detection
Network
Non-
Selective
Network
Memory
Fidelis
CommandPost
FidelisCollector
Fidelis
Sensors
26

27. © Fidelis Cybersecurity
Deep Content Decoding and Analysis
Deep, Recursive Content Decoding and Analysis
Detects content-level threats that are invisible to other network security systems
Able to apply threat intelligence over a larger detection surface
27
Network
Packets
Session Buffers (RAM)
Content Buffers (RAM)
Content Buffers (RAM)
Non-Selectively “Exploding” Recursively
Embedded Content Objects in RAM
Session
Reassembly
Content Decoders
and Analyzers
Content Decoders
and Analyzers
Protocol and
Application Decoders
and Analyzers

28. © Fidelis Cybersecurity
Deep Content Visibility
Visibility into Deeply Embedded Network Content (Inbound and Outbound)
28
PDF
DeflateText
Malware
ExcelText
ZIP
PPT
MIME
SMTP
Text
Malicious
Inbound
Content
Classified
Sensitive
Outbound
Content

29. © Fidelis Cybersecurity
Comprehensive Sensors
29
Fidelis Network Direct Sensor
Fidelis Network Mail Sensor
Fidelis Network Internal Sensor
Fidelis Network Web Sensor
Gateway sensor, all ports and protocol
visibility, 10G sensor HW performance
Datacenter sensor, handles SMB,
DB transactions, and Cloud VMs
Enables graceful quarantine, prevention
of email traffic for DLP and threats
Web proxy traffic via ICAP with web page
redirects for policy violations (DLP, threats)

30. © Fidelis Cybersecurity
Cyber Terrain Mapping
• Provides Insights of an Organization’s Resources
• Passive Identification, Profiling and Classification
• Assets
- Devices (servers, endpoint, IoT, legacy systems)
• Data
- OS, Applications, Ports
• Comm. Channels and Network Servers Usage
- Shadow-IT tools, Legacy Applications, App Servers, Tools
- Servers: FTP, SSH, DNS, Proxy
• Discover
- Automatic Processes Vs. Human Browsing Sessions
- Internal and External Activities
• Visualization Graphs of Asset Connectivity
30

31. © Fidelis Cybersecurity
Prevent Threats and Data Loss
31
• Threat Prevention using static signatures, multi-
dimensional behavior rules, threat intelligence feeds,
plus emulation and heuristics
• DLP using data profiling and classification with pre-built
policies for known compliance regulations across
network, email and web sensors to alert on policy
violations
• Data Leakage/Theft where direct and internal sensors
drop sessions, email sensors quarantine, drop, re-route,
or remove attachments, and web sensors redirect web
pages or drop sessions
• Email security via MTA for on-premises or cloud SaaS
email with pre-click URL analysis, attachment analysis,
and OCR image to text analysis for data leakage
• Security analytics based on high and low frequencies,
plus sequencing analysis
North-SouthEast-West
Office 365

32. © Fidelis Cybersecurity
Detect and Hunt
32
• Threat Detection using cloud-based sandboxing, network
behavior analysis, new threat intelligence automatically
applied to retrospective metadata, plus machine learning
anomaly detection
• Profiling TLS encrypted traffic based on metadata and
certificates, determining human browsing versus
machine traffic, plus evolving data science models to
detect hidden threats
• Threat intelligence open feeds (Fidelis Insight,
Reputation, STIX/TAXII, YARA, Suricata) plus internal
threat intel including custom rules and indicators
• Threat hunting with real-time content analysis or
retrospective indexed metadata supporting fast iterative
and interactive queries to test hunting hypotheses
• Threat Research as a Service (TRaaS) provides on-
demand threat research, intelligence, counter measures,
services, and training
North-SouthEast-West
Office 365

33. © Fidelis Cybersecurity
Automate Response
33
• Derive conclusions within one solution with aggregated
alerts, context, and evidence
• Automate prevention, detection, investigation and response
with playbooks and custom scripts
• Expose misuse of assets and encryption, plus discover proxy
and security circumvention
• Custom protocol detection, de-obfuscation, attack paths,
and internal threat detection
• Risk scoring with behavioral and historical analytics, plus
policy and alert management
• Open policy interface, plus sending alerts and data to SIEM
or SOAR solutions
• MDR Service provides 24/7 response using our security
stack, metadata, defenses and threat intelligence
North-SouthEast-West
Office 365

34. © Fidelis Cybersecurity34
Sensors Agents Decoys
Threat Intelligence
Fidelis Insight
3rd Party Threat Intel
Customer Defined Intel
Sandboxing
Execution Analysis
File & Web Analysis
ML-based Malware Detection
ACurated Security Stack— Integrated,Automated & Correlated
FIDELIS ELEVATE™
SIEM
Real Time Analysis –
Detect and Respond
Historical Metadata –
Hunt and Investigate
Response Automation and Analytics Engine
Breadcrumbs | Decoys
AD | MITM
Gateway | Internal |Cloud
Email | Web
Windows | Linux
Mac | Cloud
Data Science
Statistical analysis
Supervised learning models
SOAR

35. Questions and Next Steps
Learn More
• Fidelis Integration with Azure: https://www.fidelissecurity.com/technology-partners/microsoft-azure
• Fidelis Network Datasheet: https://www.fidelissecurity.com/resources/datasheets/network
See Fidelis in Action
• Free Trial of Fidelis Network: https://www.fidelissecurity.com/network/trial
• Schedule a 1-on-1 Demo: https://www.fidelissecurity.com/products/network/demo35
azurevnettap@microsoft.com
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview
https://azure.microsoft.com/en-us/pricing/details/virtual-network/
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#virtual-network-tap
Free Trials
• 30 Day Free Trial in Azure Marketplace: https://azuremarketplace.microsoft.com/en-
us/marketplace/apps?search=gigamon&page=1
• 1 Hour Test Drive: https://www.gigamon.com/solutions/use-cases/cloud/gigasecure-cloud-azure.html

36. Thank You