skip to main content

Summary

Gigamon has quietly undergone a multiyear transformation from a network packet broker to a multifunction enterprise network security specialist. With its new ThreatInsight offering, Gigamon is pushing into network traffic analytics.

ThreatInsight lowers the barriers to NTA

Gigamon, founded in 2004, began life as a network packet broker, solving a variety of enterprise networking and security problems by increasing network traffic visibility and efficiency.

However, with little fanfare, the company has undergone a dramatic transformation, bolstering its enterprise security capabilities to address a variety of vexing problems that it is well-positioned to solve.

Its ostensible next-generation NPB solution, the Gigamon Visibility and Analytics Fabric (formerly GigaSecure), normalizes and analyzes traffic for heterogeneous network environments, offering network metadata management, application session filtering, and inline bypass for on-premises data centers, remote sites, and public and private cloud network environments.

Its GigaSmart and GigaVUE offerings provide hardware and software, respectively, to offload inline decryption processing and provide telemetry on the decrypted traffic to a variety of other tools. These are much-needed offerings, given that even the most robust next-generation firewalls and other edge security appliances are struggling to address the risk posed by encrypted traffic, now estimated to be in excess of 70% of all inbound flows.

Today, its success is obvious. It was acquired in 2017 by private equity firm Elliott Management for $1.6bn, but data prior to the deal shows it had been growing at a roughly 40% annual pace, and its thousands of customers include nearly all major US government agencies and more than 80% of the Fortune 100.

Now Gigamon has expanded into network traffic analytics (NTA) with the launch of Gigamon ThreatInsight. The cloud-native solution, based on its 2018 acquisition of startup ICEBRG, enables Gigamon to take the traffic it already aggregates and other network telemetry and store it in a cloud-based data warehouse for in-depth analysis and enrichment using Gigamon and third-party threat intelligence.

For existing Gigamon customers, ThreatInsight also lowers the barriers to NTA, because it uses much of the network traffic management infrastructure customers already have in place, and adds metadata analysis to help incident responders, security analysts, and threat hunters to quickly zero in on network threats. The new offering also serves as a salvo to the major players in the NTA and NDR segments including Cisco Systems (Stealthwatch), Darktrace (EIS), FireEye (SmartVision), and Vectra (Cognito). Despite a multiyear shift to refocus itself on enterprise network security, Gigamon is still not widely perceived as an enterprise security player. Expect ThreatInsight to go a long way in changing this perception.

Appendix

Further reading

"Gigamon offers a 'next-generation' network packet broker for security," INT003-000194 (July 2018)

Beyond SIEM: Where security management needs to go next, INT005-000034 (September 2019)

Author

Eric Parizo, Senior Analyst, Infrastructure Solutions

[email protected]