Gigamon adds ability to address data retention security issues as well as data acquisition with ICEBRG acquisition

ICEBERG, a startup, was still in the direct selling stage and selling to larger companies, but Gigamon will fully open the SaaS offering up to partners, including MSP partners to take this lower in the market.

Phil Griston, Gigamon’s Senior Director, Partner Marketing and Development

Today, Gigamon is announcing that they have acquired Seattle-based ICEBRG, a Seattle-based startup with a SaaS solution that employs sensors that turn traffic into metadata, then store it in a data lake and make it easily searchable for intelligent curation and use by analytics tools. It’s a capability that Gigamon sees as enormous complementary to its own abilities in security to enhance the visibility of the network.

ICEBRG employs what Phil Griston, Gigamon’s Senior Director, Partner Marketing and Development, referred to as a next-generation technology approach to detect and triage threats.

“They have sensors that sit on-prem, either physical or virtual,” he said. “The sensors take traffic, which is typically streamed from a Gigamon box, since a majority of their customers already use us. They convert that traffic to metadata and do data enrichment, and then store the data in a data lake in a way that makes it easily searchable for security investigation.”

The critical aspect here is not only that the technology is state of the art, but that it performs functionality that Gigamon wasn’t doing at all before. Gigamon was initially a pure network visibility player, who expanded into security when they found some customers were already using them for that purpose, and visibility has remained at the core of their security value proposition.

“This allows us to extend our capabilities to give customers a well-architected, fully searchable away of looking at the historical data in their network, Griston said. “Historically we have not provided any data persistence, and we didn’t have any analytics capability at all. We would provide the network visibility capability, and leave it to the customer to do the analytics. However, our customers told us that as they do security investigations to determine if alerts were a problem, they spent a lot of time trying to normalize the data. What drove this acquisition was the desire to address this issue, by being able to build a standard consolidated set of network data that analytics can be applied to. We have helped customers with data acquisition issues. This will let us help them with data retention issues as well.”

Griston indicated that Gigamon came across ICEBRG in several customer accounts, although he indicated that they were never a strategic partner.

“We had worked with them at a couple large Gigamon accounts,” he said. “We really liked their fully curated data approach. Their installation goes extremely quickly, and can be up and running in an hour or to. When we understood the full value that they have, we realized that our visions matched.”

ICEBRG is not well known in the channel, because they have been largely direct in their go-to-market.

“They have been at that early stage where they are still very close to customers with a direct model, although they do work closely with a couple security service providers that do incident response,” Griston said. “Once that incident response is over, the return is to the direct model.”

As ICEBRG was still in the proof-of-concept stage, they had focused on selling the market to larger customers. Griston said the technology’s potential is broader than that, however.

“It certainly has a broader addressable market than they had been selling to. They had a small footprint, and can greatly benefit from our greater reach into the market. Large mature companies are a great place for this, so that’s where ICEBRG started. However, the real value proposition here is providing an efficient data store and taking away effort the customer has to put in for data curation and data normalizing across different data sets. That fits the needs of a lot of companies that do investigation and detection.

“We will be targeting existing Gigamon customers with this, but there’s no reason we can’t expand beyond our traditional base into the SME as well,” Griston added. “MSPs are the best fit for smaller companies that don’t have a well equipped SOC of their own. It’s a completely multi-tenanted model, so our MSP partners can take this and manage umbrella accounts. The metadata is all anonymized so customer data isn’t seen.”

All of this, Griston said, adds up to a strong opportunity for Gigamon’s channel partners.

“We expect to give our channel full access to this service and a lot of the service-based opportunities around it,” he stated. “For our partners, the fact that this is a considerable extension of our capabilities will be a natural extension of them in an area we believe will be extremely exciting for the security analyst community. It’s a new capability our partners can talk about, building on our expertise. It’s a great upsell opportunity, and also a strong SaaS service that they can build other services around, especially for customers less developed in the SOC world. They can now offer a more complete set of services than a traditional Gigamon sale would have generated alone for them before.”

Griston also pointed out that while the ICEBRG technology facilitates outsourced SOC services, that’s not something that ICEBRG was doing itself.

“They curate the data stored in the data lake and do have a team of security analysts, and they will provide detections which are standard automated alerts and recommendations,” he said. It’s not a real SOC service however, and MSSPs and partners that want to be able to offer those additional services can go further and do that.

Gigamon has indicated that following the close of the acquisition today, they expect to have everything fully integrated and ready to go in a few months.

“Before that time has elapsed however, if partners see an opportunity, we can still absolutely transact it,” Griston said.