I have written extensively about network observability and how IT operators can use it to gain fast, automated insights and deploy recommendations to improve security postures, remediate issues and optimize network and application performance. Important as it is, observability has become a crowded market that needs a solution provider who can raise the bar and provide impactful differentiation. Gigamon may have cracked the code on this front with its recent launch of Precryption and what I deem to be observability’s “sixth sense.”
Defining Gigamon Precryption
Gigamon positions its Deep Observability Pipeline as a solution that delivers continuous network-derived intelligence to existing cloud, security and other observability tools. The benefits of the cloud are undeniable, given its ability to scale and provide high-availability IT services. However, along with its expansiveness come blind spots and a massive threat surface that can be challenging to manage. Bad actors have taken advantage of these vulnerabilities quickly, often concealing their threat activity within encrypted cloud traffic. This challenge is what Gigamon hopes to solve with its new Precryption technology.
At a high level, Precryption provides threat visibility in all encrypted cloud traffic across a diverse set of threat detection tools. What I like about the solution is that it does away with traditional key management or virtual network routing, which often introduce incremental operational complexity. Key collection is rendered obsolete with a concept called perfect forward secrecy (PFS), a capability that ensures only intended endpoints can decrypt messages. The Precryption technology is also backward-compatible, working with legacy encryption schemes as well as modern architectures that employ containers exchanging lateral or “east-west” traffic—flows that are often difficult to monitor. From my perspective, what Gigamon has created here is compelling both for its operational simplicity and for the way it protects organizations’ cloud investments.
Decrypting the un-decryptable
The notion of decrypting the un-decryptable may seem paradoxical, and in many ways it is. Gigamon aims to accomplish this by eliminating the need for keys and tapping cloud traffic either before it’s encrypted or after it’s decrypted. On the surface, this may seem like a back door purposely created by a developer for troubleshooting, one that breaks the conventions of zero trust and confidential computing. However, many organizations believe it is riskier not to decrypt, including the U.S. National Security Agency (NSA), which recommends an approach of “Do it well, do it once.”
In the vein of doing it well, Gigamon provides data-masking capabilities that remove sensitive information, plus the Precryption solution integrates with Linux and OpenSSL. For those who are unfamiliar, the OpenSSL project is a toolkit that supports general-purpose cryptography and secure communication in the open-source community. Gigamon is leveraging OpenSSL to provide deeper visibility and the ability for security tools to detect threats quickly. It’s a clever approach that takes advantage of open source’s broad ecosystem, both upstream and by applying native Linux kernel functionality to downstream projects. A bonus is that this architectural design mitigates the friction often faced by application developers. Because Precryption does not execute in the application container or virtual machine (VM) layers, it does not introduce any of the performance, stability and compatibility issues often associated with deployed agents.
The network observability category continues to mature, and organizations of all sizes stand to gain through vastly improved visibility into threats, especially in hybrid, multi-cloud environments. In this context, Gigamon has created something special with its Precryption technology. Precryption avoids the typical overhead created by inline proxy decryption, centralized decryption agents and key management libraries. In doing so, Gigamon delivers plaintext visibility of encrypted cloud traffic to the full security stack.
Forbes Daily: Get our best stories, exclusive reporting and essential analysis of the day’s news in your inbox every weekday.
The extent of Precryption’s functionality is what leads me to call it a sixth sense, the ability to see things—in this case,threats—when other tools can’t. (It reminds me of one of my favorite movies, The Sixth Sense.) Delivering this capability could position Gigamon for substantial future upside, given Precryption’s unique functionality.