Use Case Examples

Refer to the following sections to view the use case examples for Gigamon Glimpse visualizations:

■   Troubleshooting
■   Security Posture
■   PCI Compliance
■   DevOps

Troubleshooting

Below are some of the use case examples for Troubleshooting:

Use Case 1: Problem Statement - Network Slowness between Client-Server Communication

Symptoms:

  • Increased response times for applications
  • Slow-loading web pages or delayed transactions
  • Unresponsive services

How to troubleshoot using the Dashboards:

  1. Check Server Latency
    1. The server latency dashboard displays the Application, Client, Server, and the Server Latency in seconds.
    2. Review latency metrics for high values.
    3. Identify whether specific clients or servers consistently show delays.

  2. Analyze HTTP Response Times

    1. Go to Slow Performing Applications Dashboard.
    2. Compare response times across different applications.
    3. Identify spikes in response time during high traffic periods.
  3. Check Network Latency
    1. Go to the Network Latency Dashboard.
    2. Use the TCP Round-Trip Time to check network delays.
    3. Identify sudden spikes indicating congestion or routing issues.

  4. Validate TLS Version Usage

    1. Open TLS Info Dashboard
    2. Check if outdated TLS versions (e.g., 1.0, 1.1) are in use.
    3. Determine if encryption overhead contributes to slowness.

  5. Review DNS Query Performance

    1. Examine Top DNS Queries Dashboard.
    2. Identify slow DNS resolution times or rogue servers causing delays.

Corrective Action:

To address network slowness between client-server communication:

  • Start by identifying whether latency originates from the network or server. Optimize server performance by reducing request overload, balancing traffic, and upgrading hardware if necessary.

  • Minimize network latency by addressing congestion, prioritizing critical traffic , and fixing routing inefficiencies.

  • Improve HTTP response times by optimizing database queries, leveraging caching, and using a CDN. Ensure secure and efficient encryption by upgrading to TLS 1.2 or 1.3.

  • Reduce DNS resolution delays by configuring caching and using reliable DNS services. Finally, monitor server resources, scale capacity as needed, and optimize application code to prevent bottlenecks.

Use Case 2: Problem Statement - Application responding slowly

Symptom:

  • Slow-loading Applications

How to troubleshoot using the Dashboards:

  1. Check Server Latency 
    1. Inside Troubleshooting Insights for Network Traffic tab, check for server latency.

    2. Under server latency, filter and look for the application that is slow at the moment.

  2. Check Network Latency
    1. Go to the Network Latency Dashboard.
    2. Use the TCP Round-Trip Time to check network delays.

  3. Check the response codes for each application

    1. In the application layer, look for response codes that are more than 400.
    2. Check for any failures.
    3. Identify spikes in response time for API endpoints.

Corrective Action:

To resolve this issue, begin by checking the server and network latency for your applications. If the network latency is normal and the application is performing well, but server latency is high, then the problem is server-related, not network-related. Identifying whether the server or the network causes the slowdown enables an immediate and targeted response.

Another way to analyze performance is by reviewing response codes for each application. The NPM dashboards display response codes, mostly 200s, indicating no outright failures. However, response times have significantly increased, particularly for certain API endpoints. This confirms that the application is slow due to server latency rather than network issues.

Refer to the below video for a visual demonstration of the Troubleshooting use case.

Security Posture

Problem Statement - Detect security threats and improve overall security posture

Symptoms:

  • Unusual spike in weak ciphers
  • Limited Network Visibility
  • Vulnerability to data breaches due to outdated ciphers

How to troubleshoot using the Dashboards:

  1. Monitor Encrypted Traffic
    1. Use Security Posture dashboards to identify weak ciphers
    2. Review detailed data on encrypted traffic.

  2. Identify Vulnerable Servers

    1. Look for traffic using weak ciphers and outdated ciphers.
    2. Identify which services or servers are vulnerable.
    3. Locate application servers using outdated security standards.
  3. Analyze TLS Version Usage
    1. Look for traffic operating on deprecated TLS versions.
    2. Gather insights on DNS, HTTP, and TLS traffic behavior.

Corrective Action:

To strengthen security posture, you must address vulnerabilities associated with outdated encryption protocols and weak ciphers. First, all traffic relying on insecure ciphers (like RC4 and 3DES) should be identified and transitioned to modern alternatives (such as AES-256). Additionally, any instances of deprecated TLS versions (1.0 and 1.1) should be upgraded to TLS 1.2 or 1.3 to ensure secure communication channels. Continuous monitoring using Gigamon Glimpse dashboard enables near real-time detection of threats and anomalies within network traffic, allowing security teams to proactively mitigate risks.

Refer to the below video for a visual demonstration of the Security Posture use case.

PCI Compliance

Problem Statement - Ensuring PCI Compliance Through Network Traffic Analysis

Symptoms:

  • Weak Encryption Methods
  • Unencrypted Cardholder Data Transmission
  • Unexpected Communication Between PCI-Compliant and Non-Compliant Devices

How to troubleshoot using the Dashboards:

  1. Monitor compliance-specific traffic
    1. Look for traffic using strong ciphers and weak ciphers.
    2. Look for traffic which is non-compliant.

  2. Identify key exchange protocol

    1. Look for Cryptographic Hash functions
    2. Look for traffic services, protocols, or ports that transmit data or authentication credentials

Corrective Action:

To ensure PCI compliance, you must eliminate security vulnerabilities and enforce encryption protocols. All cardholder data must be encrypted using strong ciphers like AES-256 while discontinuing the use of weak encryption methods such as RC4 and 3DES, which fail to meet PCI DSS standards.

Regularly monitoring cryptographic hash functions and key exchange protocols is essential to prevent unauthorized data exposure. Additionally, you should identify and remediate instances where sensitive authentication credentials are transmitted in clear text, replacing them with secure encrypted communication.

Dashboards can be used to continuously monitor compliance-specific traffic, ensuring that PCI-compliant devices do not interact with non-compliant systems, thereby minimizing exposure to security risks. Proactive threat detection and enforcement of secure protocols will significantly strengthen data protection.

Refer to the below video for a visual demonstration of the PCI Compliance use case.

DevOps

Problem Statement - API security and identifying vulnerabilities

Symptoms:

  • Untracked APIs in the Environment
  • Unauthorized Access and Data Exposure
  • Performance Issues Due to API Misuse

How to troubleshoot using the Dashboards:

  1. Build an API Inventory
    1. Navigate to the HTTP Dashboard to view all API request and response data.
    2. Filter traffic by endpoint patterns (e.g., /api/v1/*) to identify undocumented or misconfigured APIs.

  2. Detect API Vulnerabilities

    1. In the API Vulnerabilities dashboard, monitor for security risks.
    2. Check for broken access control and unauthorized user-agent requests.
    3. Identify high-risk APIs with insecure cookies or exposed credentials

  3. Monitor API Version Usage - Inspect API versions (v1, v2) to enforce security measures.

Corrective Action:

To enhance API security within a DevOps environment, you should establish a robust API inventory, ensuring all endpoints are monitored. Any undiscovered or misconfigured APIs should be immediately identified. High-risk APIs must be restricted from unauthorized access, mitigating threats such as broken access control or unauthorized user agents.

Legacy API versions (v1, v2) should be monitored closely, as they often lack modern security features; you must implement extra security measures or phase them out where possible.

Continuous monitoring through Gigamon Glimpse ensures near real-time detection of vulnerabilities, enabling security teams to swiftly identify, analyze, and mitigate risks before they become critical threats.

Refer to the below video for a visual demonstration of the DevOps use case.