Case Study George Washington University Leverages Gigamon’s GigaSECURE to Improve Network Visibility and Security Posture “Security today is more than just prevention; now more than ever, strong security includes advanced detection and remediation techniques. The ability to filter out irrelevant traffic based on regular expression at line speed has made our entire tool chain more effective.” –Mike Glyer, Director of Information Security Services, George Washington University Summary Challenges Elite university is able to focus security solutions on the most crucial traffic and increase efficiencies across the board. As a university with thousands of students and staff members living and working on multiple campuses, The George Washington University (GW)’s information security services team is tasked with supporting the myriad of ways its network is utilized on a daily basis. Over the past couple of years the staff has seen the traffic volume generated by streaming services such as Netflix skyrocket, with the service representing 50% of all the university’s network traffic. Given this data does not need the same level of scrutiny as other traffic circulating via the network, GW turned to Gigamon for help with separating it out. Customer Benefits • Higher visibility for security tools • Improved security infrastructure performance • Manageable investment In addition, GW is housed on three campuses spread across the District of Columbia and Virginia. This presented its own unique set of challenges in terms of traffic flow and security among multiple data centers. Gigamon Products Solution • Administrative ease • GigaVUE H Series fabric nodes • GigaSMART® applications: Adaptive Packet Filtering and Application Session Filtering Gigamon has been a trusted partner of GW since 2010, when its team originally turned to the company for advice on how to get more visibility into their network. GW implemented GigaSMART® de-duplication technology, reducing the number of data packet copies being funneled through its security solutions. Gigamon also helped GW to create multiple connections into a consolidated set of security tools, both homegrown and commercially available, to increase GW’s visibility into threats on the network. Given GW’s new challenges with the amount of streaming traffic on its network, the University asked Gigamon to help ensure their passive security sensors were not being overloaded with traffic they did not need to inspect. Gigamon recommended Application Session Filtering (ASF), its new, patent-pending GigaSMART feature which provides a powerful filtering engine that identifies applications based on signatures or patterns appearing within a packet. It can also identify packets that form the application flow of network traffic. Once positively identified, ASF extracts the entire session corresponding to the matched application flow, from the first packet to the last, even if the match occurs well after the initial packet. By combining GigaSMART Application Session Filtering with GigaSMART Adaptive Packet Filtering, GW was able to identify Netflix and Hulu traffic © 2015-2016 Gigamon. All rights reserved. 1 Case Study: George Washington University Results in the payload and eliminate the entire sessions associated with it (see Figure 1). This ensured primarily “traffic of interest” was forwarded to the appropriate security appliances. Consequently, there was significant expansion in the threat detection coverage across GW’s security infrastructure that includes an intrusion prevision system, network threat prevention platform, advanced persistent threat and malware protection solutions, and forensic packet capture tool. In addition, Gigamon has helped GW with its initiative to standardize its entire network and create repeatable processes across all of its data centers. Given the increased visibility GW has into its network, the enforcement of standards is much easier. As a result of its partnership of its implementation of Gigamon’s solutions, GW has reduced the video steaming traffic on its network from one of the top five applications routing data through its security and application performance solutions to one of the top 25. The university is now able to take advantage of centralized security processing and scale across multiple data centers (see Figure 2). GW’s IT team has created a high-bandwidth security and performance monitoring architecture that can serve as a blueprint for other locations and universities. “Security today is more than just prevention; now more than ever, strong security includes advanced detection and remediation techniques,” said Mike Glyer, Director of Information Security Services at The George Washington University. “The ability to filter out irrelevant traffic based on regular expression at line speed has made our entire tool chain more effective." OTHER HTTP OTHER HTTP OTHER HTTP NETFLIX OTHER NETFLIX HTTP NETFLIX OTHER NETFLIX HTTP NETFLIX OTHER NETFLIX HTTP Application Session Filtering HTTP HTTP HTTP Pattern match occurred on NETFLIX NETFLIX OTHER OTHER OTHER Security Advanced Persistent Threat Network Threat Detection NETFLIX NETFLIX NETFLIX NETFLIX Figure 1: GigaSMART® Application Session Filtering was able to extract Netflix traffic, accounting for 50% of all the university’s network traffic, and send only traffic of interest to security tools for improved security infrastructure performance. © 2015-2016 Gigamon. All rights reserved. 2 Case Study: George Washington University Tunneling Centralized Security Tools POWERED BY GigaSMART® Application Session Filtering Adaptive Packet Filtering Header Stripping Tunneling GigaSECURE Security Delivery Platform Deduplication IPS Network Threat Protection Advanced Persistent Threat Malware Protection Forensic Packet Capture Figure 2: With a GigaSECURE Security Delivery Platform, GW is able to take advantage of centralized security processing, scale across data centers, and improve security performance. About George Washington University About Gigamon The George Washington University (GW) was created in 1821 through an Act of Congress, fulfilling George Washington’s vision of an institution in the nation’s capital dedicated to educating and preparing future leaders. Today, GW is the largest institution of higher education in the District of Columbia with more than 20,000 students from around the world. GW comprises three campuses—Foggy Bottom and Mount Vernon in Washington, D.C., and the GW Virginia Science and Technology Campus in Ashburn, Virginia—as well as several graduate education centers in the metropolitan area and Hampton Roads, Virginia. Gigamon provides an intelligent Unified Visibility Fabric™ to enable the management of increasingly complex networks. Gigamon technology empowers infrastructure architects, managers and operators with pervasive visibility and control of traffic across both physical and virtual environments without affecting the performance or stability of the production network. Through patented technologies, centralized management and a portfolio of high availability and high-density fabric nodes, network traffic is intelligently delivered to management, monitoring and security systems. Gigamon solutions have been deployed globally across enterprise, data centers and service providers, including over half of the Fortune 100 and many government and federal agencies. For more information about Gigamon visit: www.gigamon.com © 2015-2016 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 3300 Olcott Street, Santa Clara, CA 95054 USA | +1 (408) 831-4000 | www.gigamon.com 3177-02 02/16