RESEARCH NOTE: Gigamon’s Perspective on the Zero-Trust Journey

By Will Townsend - February 21, 2024

Earlier this month, I spoke with Gigamon’s chief product officer Michael Dickman about observability and zero trust in a conversation that was streamed live. Unfortunately, there is a lot of whitewashing and inflated claims related to both zero trust and observability, which is creating confusion for organizations. Dickman is well positioned to comment on this because Gigamon has a demonstrated track record of facilitating improved security outcomes.

In this research note, I will dive deeper into that conversation, highlighting my key takeaways from our LinkedIn Live session. In particular, I’ll detail what Gigamon believes is valuable in bringing together deep observability and zero-trust security for organizations of all sizes.

Defining Zero Trust

Before we get to the specifics of my conversation with Dickman, let me provide some background on zero trust. Zero trust is rooted in the principle of trusting nothing in a computing environment as secure. At a high level, a zero-trust security architecture authenticates users or devices to a specific application or workload rather than to a flat network, as is the case with VPNs. Static identity constructs are easy to hack; in the case of traditional network access, this means that bad actors who penetrate defenses can move laterally across the network and steal valuable data, deploy ransomware, or carry out denial of service attacks. What’s needed instead is an intelligent, dynamic access policy that incorporates real-time threat intelligence and continually validates authentication.

The National Institute of Standards and Technology (NIST) cybersecurity framework specifies several criteria for establishing zero trust, including identification, protection, detection, response, and recovery. While the NIST framework is an extremely valuable reference point, the reality is that organizations have widely varied levels of security maturity based on their industry, size, and depth of cybersecurity acumen.

One size does not fit all, and with that said, there are also many pitfalls found along a zero-trust journey that can easily derail protection. Most significantly, there are considerable dangers in adopting an endpoint-only approach to zero-trust network access (ZTNA). To be truly effective, ZTNA must be universal in its deployment cross-domain; it must also extend both inside and outside of network perimeter walls, comprehending IT and OT environments and a wide variety of devices, sensors, and automation control systems that are often embedded and headless.

Navigating the Zero-Trust Journey

During our conversation, Dickman and I focused on four topics related to zero trust:

  • Building a zero-trust framework as you go — The reality is that most organizations do not have the luxury of starting with a blank canvas when it comes to cybersecurity. Dickman points out that there is often a mix of legacy and modern infrastructure and applications that increases complexity and creates blind spots for security teams. From my perspective, it can be valuable to feed continuous threat intelligence into existing tools to refine posture, and to harness the power of emerging observability tools such as Gigamon Precryption. These approaches are valuable because they address the needs for consistent visibility and the application of zero-trust principles across all domains.
  • Why identity and data should both be central to any zero-trust strategy — The growing sophistication of generative AI is allowing bad actors to thwart once-secure identity access management (IAM) tools. The need to maintain compliance inside and outside of highly regulated industries and safeguard personal identifiable information (PII) is paramount, and can come at a significant cost in fines and customer churn if not addressed. Dickman and I wholeheartedly agree that zero trust can not only strengthen identity controls, but also protect data-in-motion though observability tools that comprehend who as well as how, when, and where.
  • Opportunities and challenges with deploying zero trust in the cloud — The deployment of multi-cloud, multi-domain, and containerized infrastructure provides agility, high degrees of scalability, and economies of scale. However, it also creates visibility gaps in heterogeneous networking architectures. Dickman highlights that this often results in swivel-chair security management, but we conclude that blending zero-trust capabilities with granular visibility delivered by today’s modern observability tools can equip organizations to deal with an ever-evolving threat landscape.
  • Best practices for implementing zero trust in complex environments — As previously mentioned, one size does not fit all from a security perspective, as evidenced by the sprawl of tools that are employed to safeguard organizations. However, Dickman and I believe that a fundamental approach that incorporates both zero trust and improved visibility is key. The prescription is to begin with basic hygiene and implement multi-factor authentication (MFA), modernize remote access with universal ZTNA that authenticates access per application and workload, and leverage the growing number of observability tools that aim to improve connectivity resiliency and harden security.

Final Thoughts

The disaggregated nature of modern IT infrastructure provides agility and economic advantages, but often at the cost of added management complexity. The combination of zero trust and observability has the potential to greatly ease these operational burdens while also hardening security. From my perspective, Gigamon continues to demonstrate its leadership in the observability category, as evidenced by my recent conversation with Dickman. If you are interested in learning more, Gigamon is also co-hosting the Visualyze Zero Trust Summit in Washington, D.C., on February 29.

+ posts
Will Townsend manages the networking and security practices for Moor Insights & Strategy focused on carrier infrastructure providers, carrier services, enterprise networking and security. He brings over 30 years of technology industry experience in a variety of product, marketing, channel, business development and sales roles to his advisory position.