Gigamon targets encrypted network traffic with new Precryption technology

Precryption technology is a more efficient way of finding threats in encrypted network traffic, which examines the data before it is encrypted, and has wide appeal to reseller and strategic alliance partners alike.

Bassam Khan, VP of Product and Technical Marketing Engineering at Gigamon

Today, deep observability vendor Gigamon has announced the availability of the new Gigamon Precryption technology, which they are highlighting as the first truly effective innovation to counter threats in encrypted network traffic. Precryption technology has been added to the company’s GigaVUE 6.4 software release, which was also announced today.

“We weren’t doing this before,” said Bassam Khan, VP of Product and Technical Marketing Engineering at Gigamon. “Nobody was doing it before, because it wasn’t possible to do this before.”

What Gigamon and its competitors did do before was a technique Khan said is known as ‘break and inspect.’

“With decryption, you grabbed traffic on the wire,” Khan explained. “We sat on the wire and looked at all the traffic. It was difficult once the traffic was encrypted, however. It also wasn’t ideal because there is potential for errors, even though this has gotten better over time. It’s also only for virtual traffic, and container decryption is very hard. Most users don’t inspect it at all, especially east-west traffic, because they say it’s not possible.”

Precryption leverages Gigamon’s eBPF [enhanced Berkeley Packet Filter] technology inside the Linux kernel to capture traffic before encryption or after decryption to intercept and inspect. It thus reveals previously concealed threat activity within encrypted traffic, including lateral movement, malware distribution, and data exfiltration inside virtual, cloud, and container applications.

“We can now grab it before it hits the wire,” Khan said “We intercept requests within the Linux kernel before it even hits the wire. This is a brand new approach that’s being patented right now.”

.Khan said thar it is an approach that takes advantage of Gigamon’s focus on the network traffic rather than broader network security.

“The broad hurdle was knowledge of how to access network traffic,” he stated. “Not a lot of companies have focused on accessing network traffic as a business. With NDR [Network Detection and Response] companies, the focus is on security rather than traffic, so traffic is not its core function. Gigamon’s focus is on the traffic, and eliminating blind spots, so we were able to come in with a different approach. The kernel tells us what traffic is going in to be encrypted, and we get a copy for inspection.”

Precryption is big news for both Gigamon’s channel partners and strategic alliance partners even though it’s part of the GigaVUE software and not sold separately as a source of new revenue, said Dee Dee Acquista, vice president of Worldwide Channel and Alliances at Gigamon.

Dee Dee Acquista, vice president of Worldwide Channel and Alliances at Gigamon

“We brought our Partner Advisor Council together next week to announce this to them under embargo,” Acquista said. “One of our larger partners there said that this was a utopian gift, and will get us to talk to high level people among both prospects and customers.  Our partners are in this with us to win, so they want us to shout this from the mountain tops.”

Acquista also said that Precryption will strengthen Gigamon’s overall reputation and stickiness with customers.

“It will help us secure our position as a security vendor when some still think of as a ‘tap and add’ vendor,” she indicated. “It will help us get our rightful attention on the security side of the house. It’s also the kind of thing that makes a product stickier with customers. And we think it will reset us with some partners who have seen the light with this.”

Acquista also noted that Gigamon’s strategic alliance vendor partners also see great value in Precryption for them.

“Strategic partners like ExtraHop and others are exited too,” she said. “It makes our ‘better together’ story even stronger.”

“We now have the ability to extract intelligence and send that over, which some vendors can do and some can’t,” Khan said. “Now we can see some suspicious things, and we rely on the security vendors to report that.”

“This also lets us do things like verify whether SLAs from the big hyperscalers are met,” he added. “They generally say they are, but the customer has no way to tell. We can verify if what they say is true, and if the likes of Azure and AWS are meeting their SLAs. No one else can do that in the world today.”

Other new features in GigaVUE 6.4 add new security capabilities, including extending traditional on-prem decryption capabilities further to Cloud SSL Decryption, by adding support for more virtual and cloud platforms. They also introduced Universal Cloud Tap, a single, executable tap that extends across VMs and containers with pre-filtering at the source, and Application Metadata Intelligence Integration  for detection of vulnerabilities and suspicious activities across both managed hosts and unmanaged ones in IoT devices.

“These other new features also ensure that we handle the precrypted traffic in a secure way, so are not an end, but a means to an end,” Khan said.