Application Intelligence Capabilities Are Coming with Gigamon OS 5.6
Last month we brought you an overview of what’s upcoming when we launch Gigamon® OS 5.6 with Application Intelligence. We want you to be fully prepared for its launch at the end of March, so we’re posting it again this month so you can be prepared to talk to your customers about Application Intelligence capabilities and its many benefits.
- Application Intelligence delivers application awareness to improve the effectiveness of your customers’ entire ecosystem, making all of their tools more efficient and reducing effort and costs
- Application Intelligence addresses key challenges for both network operations and security operations buyers.
All this means that you’ll be able to help your customers address these tough problems:
- Network analytics, security and application monitoring tools that are inundated with low‐risk and low‐value network traffic
- Difficult‐to‐identify applications on the network or contributors to network traffic growth
- A management challenge requiring time and tedious effort to manually classify applications, either through regex or hardwiring ports
- Security tools cannot quickly isolate mission‐critical applications that need extra protection
- Not having visibility to application context makes it easier for a cybercriminal to hide their attacks
- Inundated forensics, compliance and other network security tools with low‐risk and low‐value network traffic
- Attackers bypassing defenses using port and packet spoofing
The Application Intelligence Suite
The Application Intelligence suite of applications includes:
- Application Visualization, which allows customers to quickly visualize the top applications running on the network
- Using Application Filtering Intelligence, customers can automatically identify and classify their high‐value and high‐risk traffic by application
- Application Metadata Intelligence (available as beta in 5.6) provides contextual security information about application activity so that you can quickly identify and remediate threats
Ananda Rajagopal, Vice President of Products and Solutions at Gigamon, explains that many organizations struggle to discern exactly what kind of application traffic flows across their networks, and by extension, how to make sure their networks are safe and secure.
“The number-one pain point,” he says, “is very limited visibility of applications in a network. The consequence of that is that many customers do not have operational context. It becomes hard for them to either detect anomalies or do the necessary things to efficiently secure or monitor these applications.”
Part of the problem, he says, is the massive growth in web traffic. A lot of low‐risk and high‐volume traffic ends up clogging the tools, with the classic example being social media and video streams, such as from YouTube, Netflix and Facebook.
There’s no point in sending such traffic to monitoring tools when the sheer volume of such traffic could threaten to overwhelm the capacity of these tools. For example, if the tool used is a packet forensics tool, this ability to efficiently filter on social media applications could translate into a material increase in retention period for the forensics tool.
Seeing Applications Up Close
When explaining Application Intelligence, Rajagopal likes to compare it to seeing a 3D movie. “You need 3D glasses to watch a 3D movie, right? If you try to watch it with the naked eye, you don’t really get the full view. Application Intelligence is very much like that. It provides you visibility just like the 3D glasses so that you can parse out the perspective and dimensions that are important.
“Digital transformation initiatives in organizations has led to more applications becoming web-based; so understanding and parsing out the different tiers of these applications versus just viewing them as IP packets in a network requires advanced visibility. That is what Application Intelligence provides”
Application Intelligence evaluates traffic at the application level, as opposed to just looking at a stream of packets on the network. As Rajagopal puts it, “The theme of right data to the right tools is now elevated to the right application data to the right tools.”
Practical Use Cases for Application Intelligence
Consider mission‐critical applications. As the figurative crown jewels, affected by challenging uptime requirements and SLAs, many organizations expend the most time, money and effort in monitoring their performance and securing them from threats.
Further, today’s applications have a large number of tiers that increases the interdependencies across tiers, making troubleshooting that much more complex. It’s much, much easier to do this when the core visibility infrastructure to which these monitoring and security tools connect can instantly identify all traffic headed to or from these applications.
With Application Intelligence built right into the core visibility infrastructure, there’s no need to limit oneself to just Layer 3 or 4 (that is, IP subnet or TCP/UDP port boundaries). Instead, Gigamon Application Intelligence provides administrators the flexibility to identify and isolate applications independent of IP addresses or TCP/UDP port numbers, that is, extract relevant traffic automatically all the way up to Layer 7.
Or consider the common hacker strategy of port spoofing, which lets attackers bypass defenses by using nonstandard port numbers. For example, they might try to establish an SSL session on port 1,000, instead of the typical 443. Standard countermeasures set to monitor only port 443 would miss SSL traffic on other ports. With Application Intelligence, Gigamon can detect such a spoofing attempt by identifying the session or application of interest regardless of the port number being used.
To summarize, the key capabilities at play here are:
- Application visualization to visualize all applications on the network
- Application Filtering Intelligence to take filtering actions corresponding to specific applications
- Detect and classify more than 3,000 standard applications
- Programmable to detect custom enterprise applications
- Filter specific apps/app categories
- Identify apps independent of encapsulation, port number or encryption
- Generate rich contextual metadata corresponding to applications seen on the network to power advanced analytics
You’ll be able to offer these powerful new features of Application Visualization and Application Filtering Intelligence to your prospects and customers on the GigaVUE‐HC1, GigaVUE‐HC2 and GigaVUE‐HC3 product lines starting in late March 2019, but you can start quoting them today.