Exclusive: Gigamon CEO highlights importance of deep observability
In an increasingly digital world, deep observability has become a crucial aspect of network security, according to Shane Buckley, the President and CEO of Gigamon.
The company has been protecting some of the largest and most complex networks globally for 21 years. With customers including major Western governments, leading service providers, and many of the world's largest enterprises, Buckley stressed the seriousness of their mission, during an exclusive interview with TechDay.
"It's a cat-and-mouse game," he explained. "We help organizations ensure hackers do not gain unauthorized access to networks, while hackers continually seek new and inventive ways to breach security measures."
Gigamon has long been a visibility provider, extracting network packets from high-performance networks and optimizing their flow to various tools.
However, the company's deep observability takes this a step further by looking deeper into network packets, all the way to the application layer, using deep packet inspection engines. This allows Gigamon to extract and stitch together rich telemetry data, providing actionable intelligence to tool stacks, whether on-premises or cloud-native.
"We create a rich stream of telemetry that can be formatted to fill dashboards of technologies like Splunk, Dynatrace, New Relic, and others," Buckley said.
The importance of deep observability is heightened as companies undergo digital transformation, often moving workloads into virtualized environments or public clouds. This shift can increase risks related to compliance and security. Gigamon's deep observability helps CIOs move application workloads without compromising security.
"You can maintain your security posture regardless of where the workload moves," Buckley said. "That's a really powerful capability for organizations today."
Overall, the deep observability market grew 61 percent in 2023 and continued to expand as organizations increasingly embrace hybrid cloud infrastructure, with a forecasted CAGR of 40 percent and projected revenue of nearly $2B in 2028, according to research firm 650 Group.
"CIOs are moving workloads to wherever it makes the organization more effective and efficient, whether that's public cloud, on-premises, or a hybrid approach," Buckley explained. "The key is to ensure there's no increased risk to the organization, and the security profile remains constant."
Gigamon's recent introduction of its technology, Precryption, is an example of its innovative approach to security. This technology enables Gigamon to sit in the middle of the data stream, gathering unencrypted traffic and sending it to the appropriate tools while ensuring compliance with privacy rules. "Precryption is the ability for us to actually look at unencrypted traffic between containers and virtual machines," Buckley explained.
"It's a very simple solution to deploy, providing exceptionally powerful capabilities that up to now have not been possible without a huge amount of network redesign."
Gigamon's customers have responded positively to Precryption, particularly those implementing zero-trust frameworks, which require continuous inspection of traffic, especially encrypted streams. "We enable that to happen out of the box with our Precryption technology," Buckley said. However, he added that while many customers are using this solution, he could not publicly name them without their approval.
"Often when it comes to encryption inside large networks, customers don't want the public to know what they're doing, as it could give an advantage to potential attackers."
Gigamon's role as a neutral provider of telemetry to various tools, including Splunk and Dynatrace, is a significant part of its value proposition. The company prides itself on its Switzerland-like neutrality, providing high-quality metadata that enhances the capabilities of these tools. "We provide the best quality telemetry anyone can use for application performance and security," Buckley said.
"We process information once and share it with many different tools, making it much more efficient."
Looking at the competitive landscape, Gigamon's comprehensive visibility across all workloads--whether physical, virtual, or cloud-based--sets it apart. Buckley noted that while individual platform providers might offer basic visibility, Gigamon's ability to provide a comprehensive view across different environments is unmatched. "Islands of visibility are an oxymoron," he explained.
"If you've got an application on the public cloud connecting back to a physical data center and a virtual environment running microservices, you need to understand the communications across all of them."
One of the key challenges keeping CISOs awake at night, according to Buckley, is ensuring that moving application workloads doesn't compromise security.
As applications move from the relative protection of physical data centers to public clouds, the risk increases. "Public cloud networks are not secure," Buckley stated. "The challenge for CISOs is to ensure they don't increase the blast radius and create higher risks for their organization."
Buckley underscored that while nation-state actors might eventually find a way into any network, the key is how quickly an organization can identify and expel them. "If an attacker thinks they're going to be found faster and exfiltrated quicker, then the juice isn't worth the squeeze," he said. Gigamon's role is to make sure that intruders are detected and dealt with swiftly, minimizing potential damage.
The increasing importance of cybersecurity at the board level was another critical point raised by Buckley.
He stressed that CISOs must have direct access to the board to ensure that security remains a top priority. "In some organizations, the CISO doesn't report to the CEO or have board access, which can lead to critical budget cuts," he said. "It's crucial for board members to be aware of the risks the organization is taking by not implementing appropriate security measures."
"Our job is to make sure the juice is not worth the squeeze, so attackers will go somewhere else that doesn't have our level of protection."