Leveraging GigaSECURE Inline TLS Decryption for Threat Detection using ThreatINSIGHT (5.15)

Introduction

SSL decryption is critical to securing today’s enterprise networks due to the significant growth in applications and services which uses encrypted traffic. Threat creators, such as Malware, botnet, command, and control (C2C) increasingly use SSL/TLS as a channel to hide with confidence that security tools will not be able to detect or block the threats. Gigamon ThreatINSIGHT Guided-SaaS NDR provides the security teams visibility into historical network data that helps them identify adversary activity while improving incident response and removing tool maintenance distractions thus easing an analysts’ tasks.
Most enterprise security teams avoid inspecting the east-west traffic due to the necessity of decrypting and encrypting the this traffic.

In this design, we will utilize Gigamon’s GigaSECURE Inline Decryption solution to eliminate the dark spaces and blind spots thus strengthening the organization’s security posture. This is done by sending the decrypted traffic of both east-west and north-south traffic from the GigaSMART engine to the security tools and Gigamon ThreatINSIGHT sensor.  

 

Design Topology

Design Overview

This design illustrates decrypting the internal traffic (east-west) and the internet traffic (north-south) traversing via the gateway firewall. GigaVUE-HC2 node is deployed to intercept the SSL connections and forward it to the Intrusion Prevention System (IPS) and Web-application firewall (WAF) for inspection. A copy of the decrypted traffic is sent to the ThreatINSIGHT sensor for Threat Analytics and Detection. 

To learn more about this solution, read complete details on the Gigamon Community: Leveraging-GigaSECURE-Inline-TLS-Decryption-for-Threat-Detection-using-ThreatINSIGHT-5-15