The Metadata Engine, a key part of the GigaSECURE Security Delivery Platform (SDP), can now generate Hypertext Transfer Protocol (HTTP) Secure Sockets Layer (SSL) certificate metadata.
Gigamon’s GigaSECURE expedites the time to detection of potentially malicious web servers and unwanted SSL communications by providing security analytics technologies with the information they need to identify invalid SSL certificates.
Security analytics tools like Security Information and Event Management Systems (SIEMs) can spot SSL-based attacks by flagging inconsistencies in the fields of SSL certificates. Still, the certificate data needed for the detection can be difficult to retrieve pervasively and continuously from broad and distributed networks.
GigaSECURE can expedite anomaly detection by monitoring SSL certificate exchanges and providing metadata that includes indicators of potentially falsified certificates. Examples of the Gigamon-supplied metadata include, information about the issuing certificate authority, requested and responding domain names, dates of expiry, which ciphers are being used and whether the certificates are self-signed.
Certificate metadata lets Gigamon, together with its ecosystem partners in the security analytics and SIEM markets, leverage the network to shorten the time to detection and response.
“Organizations know that their network traffic contains a lot of potential intelligence that can help remediate breaches,” said Jai Balasubramaniyan, director of security product management, Gigamon. “Gigamon is revolutionizing big data security analytics by uniquely extracting metadata from this data-in-motion and delivering it at network speeds to security technologies that use it to detect and remediate threats faster.”