Gigamon Fortifies Its Security Analytics Solution with Certificate Metadata

Kelvion New Plate Heat Exchanger

Gigamon (NYSE: GIMO), a provider of traffic visibility solutions, has announced that its Metadata Engine, a key part of the GigaSECURE Security Delivery Platform (SDP), can now generate Hypertext Transfer Protocol (HTTP) Secure Sockets Layer (SSL) certificate metadata.

Gigamon‘s GigaSECURE would expedite the time to detection of potentially malicious web servers and unwanted SSL communications by providing security analytics technologies with the information they need to identify invalid SSL certificates.

SSL-based attacks are on the rise and many phishing sites would use fake SSL certificates to appear legitimate so that targets and infected machines will connect to them. Security analytics tools like Security Information and Event Management Systems (SIEMs) can spot these potentially harmful web communications by flagging inconsistencies in the fields of SSL certificates. Still, the certificate data needed for the detection can be difficult to retrieve pervasively and continuously from broad and distributed networks.

GigaSECURE can expedite anomaly detection by monitoring SSL certificate exchanges and providing metadata that includes indicators of potentially falsified certificates. Examples of the Gigamon-supplied metadata include: information about the issuing certificate authority, requested and responding domain names, dates of expiry, which ciphers are being used and whether the certificates are self-signed.

“Sifting through raw packet streams to identify malicious network activity can be a slow and cumbersome process in a world where real-time threat identification and remediation is critical,” said Robert Lowe, Information Security Manager, Fannie Mae. “Gigamon’s network visibility and new HTTP SSL certificate metadata capabilities provide an added layer of intelligence and the context needed to more quickly, effectively and efficiently protect both network infrastructure and data.”

Network Traffic

Certificate metadata lets Gigamon, together with its ecosystem partners in the security analytics and SIEM markets, leverage the network to shorten the time to detection and response.

“Organizations know that their network traffic contains a lot of potential intelligence that can help remediate breaches,” said Jai Balasubramaniyan, Director, Security Product Management, Gigamon. “Gigamon is revolutionizing big data security analytics by uniquely extracting metadata from this data-in-motion and delivering it at network speeds to security technologies that use it to detect and remediate threats faster.”

Delivered as one pillar of the GigaSECURE Security Delivery Platform, the Metadata Engine generates the following security analytics enabling information:

  • NetFlow/IPFIX records
  • URL/URI information
  • CDP/LLDP information
  • SIP request information
  • HTTP response codes
  • DNS queries