Gigamon says it can analyze attacker SSL traffic without hitting performance

29.10.2014

Other security related vendors are using this method to look at the traffic and run checks, but it is done in-line or in-band, as the traffic is moving back and forth. Since that traffic is live, there is a limit on the amount of scans that can be done without impacting performance.

What Rajagopal said Gigamon has cracked is the ability to run many more security checks on the decrypted SSL traffic. Gigamon peels off SSL traffic and analyzes it without disrupting the flow of data by creating a copy of it and subjecting it to many more analyses.

"There is a limit in terms of how many tools can be deployed in band," Rajagopal said. "Your performance is as strong as the weakest link."

In-line products tend to only have a firewall, an anti-malware scan and intrusion protection system to maintain performance, Rajagopal said.

Gigamon runs the copied SSL traffic through what it calls its "Visibility Fabric," which runs a range of checks, including intrusion detection, anti-malware, file activity monitoring, customer experience management, security information and event management, data loss prevention as well as network and application performance management checks.

Zur Startseite