Skip navigation
All Places > Products > RSA NetWitness Platform > Blog > 2017 > July > 20

The cloud is becoming the go-to infrastructure of choice for enterprises worldwide. Why? First and foremost, cloud computing has significantly more flexibility when it comes to scale. If you are leveraging Amazon Web Services (AWS), it takes minutes to spin up an EC2 instance, whereas expanding on-premises infrastructure can take weeks or months. Secondly, organizations can save on infrastructure costs and resources with the cloud and shift budgets to other areas as needed. But despite the obvious benefits the cloud brings, it is still important to have effective security policies in place to protect workloads no matter where they reside.

 

That is why Gigamon and RSA have come together to create a joint integrated solution for AWS customers. Let’s hear from Sesh Sayani, director of product management – cloud at Gigamon, to learn more about what Gigamon and RSA can offer to enterprises moving to AWS. 

 

What kind of challenges are you seeing from customers who are moving to the cloud?

When organizations first started moving to the cloud, they were migrating their Tier 2/3 applications and workloads. Now, as on-premises infrastructure cost and complexity continue to rise, enterprises are beginning to move their mission-critical applications to the cloud as well.

 

This “lift and shift” of Tier 1 applications, however, has raised eyebrows, especially by security architecture teams. When moving to the cloud, enterprises lose visibility into traffic in and out of their workloads. Security teams are concerned about gaining the necessary insight in order to maintain effective forensics, prevent accidental data loss and prepare for security incident responses.

 

Endpoint or malware protection is not sufficient to gain full application insight. To get full visibility, deep packet inspection is required for effective forensics, analysis and protection.  To address this, agents can be deployed in the workloads for traffic inspection. But, for a comprehensive security posture, multiple tools may be required – for example, IDS, SIEM, DLP. Adding so many agents in the workloads is neither a scalable nor cost-effective approach to address this challenge.

 

Can you please tell us a bit about the Gigamon Visibility Platform and the benefits for Amazon Web Services (AWS) customers?

The Gigamon Visibility Platform is the first pervasive visibility solution for the cloud that provides full and deep traffic visibility into your workloads in AWS. This platform is made up of three main elements:

  • GigaVUE-FM Fabric Manager: Orchestration component that ensures scale, automation and elasticity across your AWS deployments.
  • GigaVUE V Series: Virtual visibility nodes deployed as AMIs, used to aggregate traffic across multiple EC2 instances and send customized traffic to multiple security tools as needed.
  • G-vTAP agents: Used to gain access to the traffic from the EC2 instances to the GigaVUE V Series nodes.

 

The Gigamon Visibility Platform can be deployed either on-premises or in AWS. That means organizations don’t have to duplicate the tools they are running on-premises and in the cloud. Let’s take a quick look at an example. If you are running tools on-premises, you don’t want to be forced to deploy additional tools in the cloud because this will drive up cost and the need for resources. Instead, deploy the Gigamon Visibility Platform on-premises and backhaul network traffic of interest to your on-premises tools.

 

Gigamon and RSA have been partners for a while – what are your thoughts on this partnership?

It’s a great partnership and one that we want to continue to expand. RSA is a recognized industry leader in security and now that we both have solutions available for AWS, we can jointly provide a highly scalable, flexible offering that provides visibility and security for our customers across physical, virtual and public cloud deployments.

 

How does Gigamon integrate with RSA on AWS and what are the benefits to customers?

The Gigamon Visibility Platform for AWS includes our lightweight G-vTAP agent, which is deployed on different EC2 instances. The agent copies the network packets, which are aggregated in the GigaVUE V Series node where we apply traffic intelligence and then send the desired network traffic to the RSA NetWitness Suite decoder for deep content inspection. The benefit to customers is full packet capture across compute instances, which provides RSA NetWitness Suite with the ability to identify and mitigate potential threats faster.

 

Gigamon and RSA have put together a joint Test Drive – why would this be exciting for customers?

A Test Drive is a great way for our customers to see first-hand how these solutions work and perform in an AWS environment. With this joint Test Drive, customers can see how the Gigamon Visibility Platform provides automated insight into AWS workloads, applies GigaSMART traffic intelligence and distributes copies of traffic. Additionally, customers can see how the RSA NetWitness Suite gathers traffic from the Gigamon Visibility Platform to investigate / identify potential threats to your AWS applications and workloads.

 

Want to learn more?

 

If you’re attending Black Hat July 26-27, come check out the RSA booth #907 to speak to Gigamon and RSA product experts.

 

You can also join us at Gigamon's Cloud Field Day 2. Register today!

With today’s ever growing threat landscape, the volume, sophistication, and potential damages of attacks is increasing. It is becoming increasingly harder to stop attackers from entering your system networks, isolating their motives, and most importantly removing them once they are there.  A typical security environment uses multiple disconnected technologies, supplying an immense amount of information.  Prioritizing a specific piece of data is important to responding quickly to attacks.  At a higher level, however, there is a need to understand if the security strategy is really effective for the business.  In summation, businesses need to change their security strategies.

 

The solution?  RSA provides a top down approach strategically linking business risk management with security events and priorities

  • Make security teams operationally more impactful
  • Strategically manage business risk

By bringing different practices together, linking security incidents with business context allows security teams to respond faster to protect what matters most.

The RSA suite of tools

  • Keeps the bad actors out, but allows entry to those that have legitimate need to easily access the system
  • Enables visibility and analytics to view the big picture to provide insights into specific attacks
  • Provides business context linked to contextual intelligence for a more informed approach
  • which can then be translated into action

The video in this eLearning discusses how RSA’s tools provide both the detailed information linked to the business context to protect the most sensitive assets.

 

https://community.rsa.com/docs/DOC-79242

The idea of a mathematically secure chain of blocks was first mentioned in 1991, first conceptualized as digital currency in 1998 as "Bit Gold" and first implemented as decentralized digital currency as "Bitcoin" in 2009.

 

Blockchain is nothing but chronological chain of blocks where every block contains a set of transactions/records and a reference to the previous block. This idea of a blockchain helps in establishing a digital ledger; which is immutable and can be distributed in a way that peers in the network can come to a global consensus on adding new blocks and also agree on the true state of ledger. This ledger is not at one place but its copies are with all the participants in the distributed network. These copies are updated at same time when all the participants come to a consensus. The privacy and anonymity depends upon the implementation of blockchain.

 

Blockchain can be implemented in many areas such as finance, banking and real estate. There are a wide variety of implementations already in the market. However, the biggest implementation is in the field of cryptocurrency. There are many cryptocurrencies available and two major currencies are Bitcoin and Ethereum.


Bitcoin is a digital payment system and a cryptocurrency. It can be used for transactions all over the world with no central authority or bank involved. There are participant nodes in Bitcoin network that have the copies of Bitcoin distributed ledger. Six times every hour, a group of transactions is collected in a block and that block is added to the blockchain. Then all the participating nodes are synced with this change in the blockchain.

 

Adding new blocks to the chain is called mining. The miners do the following:

  1. They verify if the transactions are valid which helps resolving double-spending problem (i.e. same digital token is spent twice).
  2. Group transactions in a block.
  3. Give reference of the most recent block in the new block about to get created.
  4. Solve a mathematical proof-of-work problem. This is the step where race starts between all the miners and the winner add the new block in the chain and get funds in the mined currency as a reward.
  5. When the mathematical problem is solved the new block is added and the change is communicated along the network with all participating nodes.

 

The following graph by PwC can help you in understanding the flow of a transaction in the world of cryptocurrency [1].

 

                           

 

With the rise of ransomware in the past couple of years, cryptocurrency and in particular Bitcoin gained more popularity. Due to the level of anonymity it provides, Bitcoin became the criminals’ preferred currency to receive the ransom thus playing an important part in the ransomware ecosystem. In the aftermath of a ransomware attack victims hasten to follow the criminal instructions in order to buy bitcoins and to pay the ransom to recover their files. There is no guarantee that a victim would get its data back and the general advice is not to pay the ransom [2]. However, for some organizations that fall victims to those attacks that is not an option and they are more willing to take the risk. In fact some companies started stockpiling Bitcoins in anticipation of ransomware attacks so they can recover their data as quickly as possible [3].

 

Another threat to organizations is the rise of cryptocurrency mining malware. This class of malicious software infects a victim machine and enrolls it in a larger mining botnet. Cryptocurrency mining uses a lot of system resources and might degrade its performance. Recently Proofpoint security researches released a report about Adylkuzz cryptocurrency mining malware [4]. Adylkuzz was spreading via EternalBlue/DoublePulsar exploits and was used to mine Monero; a cryptocurrency that has enhanced anonymity capabilities and used in the dark web markets.

 

Cryptocurrency is not a new technology but as it is getting more attention, it is our hope that this post can help in answering some of the basic questions. Future advisories will cover any emerging threats in that domain and will shed some light on detection techniques using RSA technologies.

 

Thanks to Prakhar Pandey for contributing to this blog post.

 

References:

  1. https://www.pwc.com/us/en/financial-services/fintech/bitcoin-blockchain-cryptocurrency.html
  2. https://www.fbi.gov/news/stories/incidents-of-ransomware-on-the-rise
  3. http://www.nbcnews.com/storyline/hacking-of-america/companies-stockpiling-bitcoin-anticipation-ransomware-attacks-n761316
  4. https://www.proofpoint.com/us/threat-insight/post/adylkuzz-cryptocurrency-mining-malware-spreading-for-weeks-via-eternalblue-doublepulsar

This RSA University Navigator is part of an ongoing campaign by RSA University to make it easier for RSA NetWitness customers like you to find relevant product training. The RSA University Navigator allows you to filter content based on your role within your organization, the skills you would like to develop, and your expertise using RSA NetWitness.

 

The RSA NetWitness Suite Navigator will be updated frequently to ensure you are receiving the most up-to-date content available. There is a dedicated team of RSA professionals at RSA University here to help you take charge and power your way to success with the RSA NetWitness Suite. Over time, we will also update this tool to include NetWitness Endpoint Training.

 

In our continued efforts to provide the best content available, we rely on your feedback. If you cannot find what you are looking for in the Navigator, please reach out to our team by contacting us:

https://community.rsa.com/docs/DOC-40425

 

 You can find the RSA University Navigator Tool on the main RSA University page or by navigating to the following URL:

https://community.rsa.com/community/training/navigator

We know you really want to join the more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017, Oct. 17-19 in Dallas. Now you have one final, limited opportunity to enjoy a $300 savings with our ‘throwback’ to the Early Bird Discount Rate of $645.

 

This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security  strategy in an increasingly uncertain high-risk world.

 

Use the Throwback Thursday code 87CTHRWBCKJUL and save $300 on your attendee pass.

 

Need a little more convincing, in addition to the $300 savings? Well, we have this covered too!

 

Check out our latest Keynote Lineup, including

  • Marc Goodman, Global Security Advisor, and Futurist will explain how to cultivate informed workforce to create a human firewall, in what promises to be a highly engaging and humorous keynote presentation

 

Sneak Peek at our Upcoming Agenda of robust programming you can expect at RSA Charge 2017. Tracks include:

  • Taking Command of Your Risk Management Journey
  • Transforming Compliance
  • Managing Technology Risk in Your Business
  • Inspiring Everyone to Own Risk
  • Detecting and Responding to Threats That Matter
  • Secrets of the SOC
  • Identity and Access Assurance
  • Reducing Fraud, While Not Reducing Customers
  • RSA Archer Technical
  • RSA Archer Technical, Advanced

 

Don’t miss out on your chance to attend RSA Charge 2017 with the limited ‘Throwback Thursday’ event. Use code 87CTHRWBCKJUL to register.

 

Discount code expires Thursday, July 27, 2017, at 11:59 PM PST. Offer cannot be combined with any other promotional code.

 

Filter Blog

By date: By tag: