Recently
Shane
Buckley,
Gigamon’s
president
and
CIO,
sat
down
with
Shira
Rubinoff,
president
of
Green
Armor
Solutions
and
one
of
the
most
informed
cybersecurity
experts
in
the
information
technology
(IT)
and
security
community.
With
the
alarming
rise
in
online
threats
being
top
of
mind
for
cyber
professionals,
we
discussed
some
of
the
biggest
obstacles
facing
today’s
enterprises,
specifically
how
and
why
deep
observability
is
the
answer.
Key
takeaways
from
our
chat
follow.
Deep
observability
broken
down
‘Observability’
has
been
around
for
some
time
and
is
a
non-intrusive
way
to
keep
an
eye
on
how
systems
are
working.
Typically
it
uses
metrics,
events,
logs
and
traces
(MELT)
to
understand
what’s
happening
within
an
application.
However,
what
many
organisations
don’t
realise
is
that
MELT
is
incomplete
and
easy
to
spoof.
Sophisticated
threat
actors
can
overwrite
logs
and
fool
the
security
systems
in
place,
sending
false
information
to
the
security
operations
centre
(SOC)
teams.
My
company
augments
log-based
observability
methods
by
going
‘deep’
and
providing
organisations
with
actionable
network-level
intelligence
from
immutable
metadata
that
is
used
to
validate
the
authenticity
of
the
log-based
observability
insights.
Our
technology
takes
it
to
the
next
level
by
going
into
all
seven
layers
of
security
to
extract
reliable
metadata
from
network
traffic,
reformulate
the
information,
and
provide
it
to
a
variety
of
observability
tool
vendors.
In
doing
so,
we’re
able
to
provide
a
pipeline
of
high-fidelity
traffic
to
these
tools
in
real-time,
which
validates
the
authenticity
of
the
data,
reduces
false
positives
for
the
SOC,
and
advances
the
overall
security
posture
of
an
organisation.
The
cat-and-mouse
game
The
biggest
challenge
Gigamon’s
customers
face
currently
is
that
the
industry
is
moving
away
from
a
self-contained,
on-prem
cloud
structure.
The
second
the
cloud
goes
off-prem,
it
reduces
and
sometimes
eliminates
the
firm
boundary
that
existed
between
trusted
networks
and
the
untrusted
internet.
CISOs
have
expressed
that
this
is
their
number
one
security
priority,
and
they
are
growing
increasingly
concerned
that
there
is
no
true
solution
for
this
today.
Every
security
professional
I’ve
spoken
to
highlights
the
difficulty
of
prioritising
noisy
alerts.
Because
adversaries
hide
in
traffic,
such
as
encrypted
web
communications,
it
is
extremely
difficult
for
defenders
to
distinguish
this
activity
from
the
noise
of
everyday
operations.
To
put
it
lightly,
we’re
in
a
cat-and-mouse
game,
and
the
mouse
is
winning.
It’s
time
we
change
that.
Deep
observability
gives
organisations
the
upper
hand
We
continue
to
see
unprecedented
growth
in
hybrid
cloud
adoption
for
organisations
worldwide.
Security
of
hybrid
cloud
remains
the
number
one
challenge
for
CISOs
and
their
organisations.
My
company’s
deep
observability
pipeline
provides
a
similar
level
of
protection
to
hybrid
cloud
workloads
as
we
have
delivered
for
the
past
15
years
for
on-premises
workloads.
It
provides
full
visibility
into
all
traffic,
both
north/south
and
east/west
movement,
eliminating
blind
spots
and
making
it
much
more
difficult
for
threat
actors
to
dwell
within
customer
networks.
The
technology
provides
the
only
source
of
immutable
actionable
network-level
intelligence
to
security
tools,
which
is
critical
for
organisations
to
remain
secure
in
hybrid
and
multi-cloud
environments.
To
accomplish
this
and
help
bolster
enterprises’
security
postures,
we
recently
launched
an
expansive
set
of
advanced
capabilities
for
our
deep
observability
pipeline.
This
allows
our
customers
to:
-
Acquire
container
traffic
over
any
container
network
interface
(CNI)
and
any
container
orchestration,
including
auto-discovery
of
new
nodes.
Developers
can
now
run
fast,
and
security
teams
can
ensure
monitoring
of
all
East-West
communications,
including
ephemeral
workloads. -
Access
new
network-derived
application
metadata
from
any
observability
platform,
including
Dynatrace,
New
Relic,
and
Sumo
Logic.
Customers
can
now
extend
their
current
tools
for
new
security
functions,
such
as
identifying
rogue
services
or
activities
and
illegal
crypto
mining. -
Scale
their
on-premises
network
telemetry
processing
with
the
new
GigaVUE-HC1-Plus
visibility
appliance,
offering
twice
the
performance
in
half
the
physical
footprint
and
power
requirements.
Overall,
with
a
combination
of
the
layered
product
architecture,
advanced
threat
research,
and
direct
guidance
from
our
threat
and
incident
response
experts,
SOC
teams
can
feel
better
equipped
to
level
the
playing
field
with
threat
actors.