The era of relying solely on antivirus software is over. Today, the tactics of malicious actors have become so advanced that enterprise security now requires a multi-faceted approach, including data encryption, employee training, and crucially, maintaining complete visibility.
For the latter, there’s Gigamon, a company specialising in network observability and analytics solutions. Rather than focusing on detecting and removing malware, their products aim to reduce blind spots in complex IT environments—a task complicated by the prevalence of data encryption.
In this exclusive interview, Frontier Enterprise speaks with Michael Dickman, Chief Product Officer at Gigamon. The conversation covers a range of topics, from network observability to cybersecurity trends in the Asia-Pacific region, and finding a way to provide visibility into encrypted traffic.
As we approach the end of 2023, what are Gigamon’s top technology priorities for 2024?
Gigamon’s mission is to provide organisations with the tools they need for quick innovation, enhanced security, and optimised IT operations. As customers modernise applications, we aim to improve their security posture through complete visibility as workloads migrate to private and public clouds, and sometimes back to on-premises environments.
For 2024, we plan to expand on our existing Precryption technology, which offers access to lateral virtual communications, including visibility into encrypted traffic. Until now, this was the biggest blind spot that made security, monitoring, and troubleshooting difficult.
Another focus for 2024 is to provide customers with the option to enhance their existing tools through telemetry from network traffic. Currently, observability, APM, and SIEM tools are limited in that they can’t process network packets, thereby lacking detailed context about network communications. Our deep observability aims to fill this gap by extracting data from network traffic, offering customers an opportunity to expand the capabilities and applications of their current tool set. This has various potential use cases, from enhancing security posture and expediting troubleshooting to verifying that cloud providers’ service level objectives (SLOs) are met.
What recent cybersecurity trends are you seeing that are unique to the APAC region?
Despite the increasing adoption of cloud technology, only 28% of organisations in APAC secure all their cloud workloads themselves. Meanwhile, 23% opt to outsource their security needs, and the remainder either partially secure or leave their cloud workloads unsecured. Achieving robust cloud security continues to be a hurdle for organisations in APAC, as they face challenges like improving visibility in a growing IT landscape. The ability to future-proof one’s cloud visibility has become paramount.
Regulatory pressures are also intensifying in the region, prompting organisations to seek a more comprehensive view of their threat landscape. Notably, a recent survey we conducted found that only 25% of security and IT leaders in Singapore say that they have visibility across networks, systems, and applications to support a zero-trust approach.
There’s a noticeable gap between perception and reality among organisations. Our survey found that over a quarter of IT and security leaders in Singapore are fully confident in their entire IT infrastructure, with an additional 66% being confident, despite all having experienced security breaches. This disparity underscores the risks that come with complacency in security matters.
Additionally, there’s a significant lack of awareness about blind spots and misconceptions regarding the risks of encrypted traffic. Although blind spots are a major concern for CISOs, our survey indicated that over 75% of IT and security leaders in Singapore allow encrypted data to flow without restrictions. This points to a lack of understanding about the risks associated with hybrid cloud blind spots and the dangers of not analysing data simply because it’s encrypted or limited to internal network traffic.
What is Gigamon doing to address these trends?
Security and IT leaders are grappling with challenges such as unexpected blind spots, increasing complexity in cyberthreats, and changing legislative and regulatory landscapes. These factors make securing and managing hybrid cloud infrastructure a complex and time-consuming task.
To address this, Gigamon designed a solution that seeks to go beyond traditional monitoring methods, which usually rely on metrics, events, logs, and traces (MELT). Our Deep Observability Pipeline solution extends the functionality of cloud, security, and observability tools by offering real-time network intelligence from packets, flows, and application metadata.
This approach aims to provide comprehensive performance management across hybrid and multi-cloud settings, so that organisations can improve their cybersecurity measures, safeguard sensitive data, and maintain the integrity of their hybrid cloud infrastructure.
As cloud adoption continues to grow across various private and public platforms, organisations are increasingly concerned about hidden threats within encrypted traffic. Decrypting this traffic has traditionally been both complex and costly. To address this, our Precryption technology offers visibility into encrypted traffic, reducing critical blind spots that could hide threat activity. By capturing traffic either before it’s encrypted or after it’s decrypted, Precryption provides network-based intelligence that can reveal threat activities, such as lateral movement and malware distribution, within virtual, cloud, and container applications.
How do Gigamon’s products integrate with other technology platforms to provide a more comprehensive approach to observability and security?
First, it’s crucial to clarify that the Deep Observability Pipeline is neither an analytics nor a security tool; rather, it supplies the telemetry each tool needs to operate as effectively and efficiently as possible.
Gigamon collaborates with an ecosystem of over 100 technology partners who provide operations and security analytics. Gigamon’s products have long been utilised to eliminate blind spots and offer straightforward access to all network traffic for tools, contributing to more effective and efficient IT operations.
The Deep Observability Pipeline is designed to extend network visibility with application-level metadata, which is intelligence extracted from raw traffic. This feature enables tools that cannot ingest packets, such as observability and SIEM tools, to broaden their use cases to include security and more in-depth troubleshooting, applicable to both managed and unmanaged hosts.
Generative AI exploded in popularity in 2023. Are there unique ways in which Gigamon is using this technology to enhance internal processes?
Many of Gigamon’s customers are exploring how generative AI, particularly large language models (LLMs), can be applied to their business. Our involvement in generative AI is focused on the model’s data ingestion.
While each of our customers’ generative AI initiatives is unique and mostly confidential, effective data ingestion is foundational for every AI use case. Gigamon helps ensure the telemetry used for training is:
- Complete, without blind spots and unreadable encrypted data.
- Correct, which speaks to the “truth” of network communications.
- Compliant, satisfying regulatory needs.
Can you walk us through Precryption’s journey from initial concept to product launch? What challenges did you encounter? Were there any ‘aha’ moments that occurred during its development? What did you learn from them?
It started very organically, as we had already been leveraging eBPF technology in our container tapping solution, and a couple of our engineers were exploring what else they could do with it. At the same time, we were searching for ways to build a decryption solution that made sense for the cloud. The intersection of these two journeys was the spark that lit the flame.
We started down the path of development based on an instinct that this could be something really interesting in the market. But the ‘aha’ moments came when we started socialising with analysts and trusted customers, and they got super excited, which in turn fuelled our excitement.
The EMA Research report was another key moment, because it highlighted that encrypted cloud visibility was a huge market problem, and nobody had a great solution for solving it. It was from this market feedback that we decided to plan and execute a tier-1 launch around Precryption. During this stage, it only got bigger and bigger, as everywhere we turned, we kept seeing, reading, and hearing more evidence of the market problem that Precryption addresses.
We had a few adjustments along the way, too. Precryption was originally conceived to solve an efficiency problem by decrypting traffic without having to perform a decryption. But the market conversations really highlighted that Precryption was bigger than that; it was principally eliminating blind spots, which is a higher-order problem than inefficiency.