George Washington University Leverages Gigamon's GigaSECURE

Case Study
George Washington University Leverages Gigamon’s GigaSECURE
to Improve Network Visibility and Security Posture
“Security today is more than just prevention; now more than ever, strong security includes
advanced detection and remediation techniques. The ability to filter out irrelevant traffic based
on regular expression at line speed has made our entire tool chain more effective.”
–Mike Glyer, Director of Information Security Services, George Washington University
Summary
Challenges
Elite university is able to focus security
solutions on the most crucial traffic and
increase efficiencies across the board.
As a university with thousands of students and staff members living and working on
multiple campuses, The George Washington University (GW)’s information security services
team is tasked with supporting the myriad of ways its network is utilized on a daily basis.
Over the past couple of years the staff has seen the traffic volume generated by streaming
services such as Netflix skyrocket, with the service representing 50% of all the university’s
network traffic. Given this data does not need the same level of scrutiny as other traffic
circulating via the network, GW turned to Gigamon for help with separating it out.
Customer Benefits
• Higher visibility for security tools
• Improved security infrastructure
performance
• Manageable investment
In addition, GW is housed on three campuses spread across the District of Columbia
and Virginia. This presented its own unique set of challenges in terms of traffic flow and
security among multiple data centers.
Gigamon Products
Solution
• Administrative ease
• GigaVUE H Series fabric nodes
• GigaSMART® applications: Adaptive
Packet Filtering and Application
Session Filtering
Gigamon has been a trusted partner of GW since 2010, when its team originally turned to
the company for advice on how to get more visibility into their network. GW implemented
GigaSMART® de-duplication technology, reducing the number of data packet copies being
funneled through its security solutions. Gigamon also helped GW to create multiple
connections into a consolidated set of security tools, both homegrown and commercially
available, to increase GW’s visibility into threats on the network.
Given GW’s new challenges with the amount of streaming traffic on its network, the
University asked Gigamon to help ensure their passive security sensors were not being
overloaded with traffic they did not need to inspect. Gigamon recommended Application
Session Filtering (ASF), its new, patent-pending GigaSMART feature which provides a
powerful filtering engine that identifies applications based on signatures or patterns
appearing within a packet. It can also identify packets that form the application flow of
network traffic. Once positively identified, ASF extracts the entire session corresponding
to the matched application flow, from the first packet to the last, even if the match occurs
well after the initial packet. By combining GigaSMART Application Session Filtering with
GigaSMART Adaptive Packet Filtering, GW was able to identify Netflix and Hulu traffic
© 2015-2016 Gigamon. All rights reserved.
1
Case Study: George Washington University
Results
in the payload and eliminate the entire sessions associated with
it (see Figure 1). This ensured primarily “traffic of interest” was
forwarded to the appropriate security appliances. Consequently,
there was significant expansion in the threat detection coverage
across GW’s security infrastructure that includes an intrusion
prevision system, network threat prevention platform, advanced
persistent threat and malware protection solutions, and forensic
packet capture tool.
In addition, Gigamon has helped GW with its initiative to
standardize its entire network and create repeatable processes
across all of its data centers. Given the increased visibility GW has
into its network, the enforcement of standards is much easier.
As a result of its partnership of its implementation of Gigamon’s
solutions, GW has reduced the video steaming traffic on its
network from one of the top five applications routing data through
its security and application performance solutions to one of the
top 25. The university is now able to take advantage of centralized
security processing and scale across multiple data centers (see
Figure 2). GW’s IT team has created a high-bandwidth security
and performance monitoring architecture that can serve as a
blueprint for other locations and universities.
“Security today is more than just prevention; now more than ever,
strong security includes advanced detection and remediation
techniques,” said Mike Glyer, Director of Information Security
Services at The George Washington University. “The ability to
filter out irrelevant traffic based on regular expression at line
speed has made our entire tool chain more effective."
OTHER HTTP OTHER HTTP OTHER HTTP
NETFLIX OTHER NETFLIX
HTTP
NETFLIX OTHER NETFLIX
HTTP
NETFLIX OTHER NETFLIX
HTTP
Application
Session
Filtering
HTTP
HTTP
HTTP
Pattern match
occurred on
NETFLIX
NETFLIX
OTHER
OTHER
OTHER
Security
Advanced
Persistent
Threat
Network
Threat
Detection
NETFLIX
NETFLIX
NETFLIX
NETFLIX
Figure 1: GigaSMART® Application Session Filtering was able to extract Netflix traffic, accounting for 50% of all the university’s
network traffic, and send only traffic of interest to security tools for improved security infrastructure performance.
© 2015-2016 Gigamon. All rights reserved.
2
Case Study: George Washington University
Tunneling
Centralized Security
Tools
POWERED BY
GigaSMART®
Application
Session Filtering
Adaptive
Packet Filtering
Header
Stripping
Tunneling
GigaSECURE Security Delivery Platform
Deduplication
IPS
Network
Threat
Protection
Advanced
Persistent
Threat
Malware
Protection
Forensic
Packet
Capture
Figure 2: With a GigaSECURE Security Delivery Platform, GW is able to take advantage of centralized security processing,
scale across data centers, and improve security performance.
About George Washington University
About Gigamon
The George Washington University (GW) was created in 1821
through an Act of Congress, fulfilling George Washington’s vision
of an institution in the nation’s capital dedicated to educating
and preparing future leaders. Today, GW is the largest institution
of higher education in the District of Columbia with more than
20,000 students from around the world. GW comprises three
campuses—Foggy Bottom and Mount Vernon in Washington, D.C.,
and the GW Virginia Science and Technology Campus in Ashburn,
Virginia—as well as several graduate education centers in the
metropolitan area and Hampton Roads, Virginia.
Gigamon provides an intelligent Unified Visibility Fabric™
to enable the management of increasingly complex networks.
Gigamon technology empowers infrastructure architects,
managers and operators with pervasive visibility and control
of traffic across both physical and virtual environments without
affecting the performance or stability of the production network.
Through patented technologies, centralized management
and a portfolio of high availability and high-density fabric
nodes, network traffic is intelligently delivered to management,
monitoring and security systems. Gigamon solutions have been
deployed globally across enterprise, data centers and service
providers, including over half of the Fortune 100 and many
government and federal agencies.
For more information about Gigamon visit: www.gigamon.com
© 2015-2016 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or
other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks
of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
3300 Olcott Street, Santa Clara, CA 95054 USA | +1 (408) 831-4000 | www.gigamon.com
3177-02 02/16