April 2, 2025

What is it?

Network Detection and Response (NDR) tools are an essential component of an organization's cyber defenses. These tools typically perform deep inspections of network packets and detect suspicious activities, which enables prompt incident response and facilitates enhanced threat hunting. 

With the Gigamon Deep Observability Pipeline, your customers will be provided with the pervasive, high-fidelity and automated network visibility across on-prem, hybrid-/multi-cloud, Internet of Things (IoT), Operational Technology (OT), containers and virtual machine (VM) environments. This powerful network enables NDR tools to provide much deeper insights into the interactions between and within these environments than other cloud provider tools, such as cloud logs. 

Why should you care?

For environments, such as IoT and OT where agents and other technologies cannot be used, NDR is the only effective way to detect malicious activity. However, NDR tools can only respond to threats that they can see, and any blind spots represent vulnerabilities that threat actors can exploit. With today's rapidly evolving landscape of hybrid cloud infrastructure, IoT/OT devices, containers and virtual machines, these blind spots pose unique challenges for NDR tools. 

Additionally, malware hidden in encrypted TLS/SSL traffic is a growing threat to organizations and the use of ephemeral keys in TLS 1.3 renders legacy decryption techniques useless. Gigamon eliminates network blind spots across all common hybrid cloud infrastructure platforms and provides a single automated pipeline that delivers network-derived intelligence to all of your customer's security and observability tools. 

Lastly, reducing tool spend is always an important objective. Gigamon can help you demonstrate value to your customers by reducing tool costs in several ways:

• By eliminating duplicate packets, filtering out traffic from low-risk applications and using other techniques (such as advanced flow slicing), Gigamon can typically reduce traffic to tools by 50 to 80 percent. The ROI payback period to implement these traffic optimizations is typically less than nine months.
• With Gigamon, businesses can leverage these optimization techniques to use a single common toolset across their entire computing footprint. For example, by using just one set of tools for both on-prem and public clouds, your customers will experience significant savings and operational efficiencies. 
• Without Gigamon, NDR tools in public clouds must use the hyperscaler's native packet mirroring service. For typical NDR sensor deployment, the use of a cloud load balancer is required, which drives the network volume per-GB costs up. But with the Gigamon Universal Cloud Tap (UCT), businesses can save up to 80 percent or more on cloud infrastructure costs to run NDR tools. For public clouds like Azure that do not have a packet mirroring service, Gigamon is the only choice. 
• The savings are additive. The more network observability tools an organization utilizes, the more money they save with Gigamon.

How does it work?

Gigmon extends the value of cloud, security and observability tools with real-time network intelligence derived from packets, flows and application metadata to deliver defense-in-depth and complete performance management across hybrid and multi-cloud IT infrastructures. 

This is accomplished with a single consistent access mechanism that is fully integrated with all the major public/private cloud platforms. Network-derived intelligence and insights contribute strong value to security postures when used in combination with MELT (metrics, events, logs and traces) tools or when this intelligence is used to generate metadata  that provides network telemetry in a form that can be consumed directly by MELT tools, such as a SIEM.

Let's break that down into what Gigamon does with the data in-motion. 

• GigaVUE Fabric Manager provides a consistent automation and orchestrated access to all the network traffic on a hybrid infrastructure — eliminating blind spots at any scale. These workloads can be moved into production, and the required visibility is provided automatically. This includes physical, virtual and container traffic across all major hypervisors, hyperscalers and hyper-converged infrastructures. GigaVUE Fabric Manager's orchestration capabilities and the ability to leverage a single tool stack across a hybrid enterprise results in significant cost savings and much greater operational efficiency. 
• Gigamon understand this traffic by using deep packet inspection. That means, they know exactly what the traffic is, which tools need to consume it and in what form they need to consume it (packets or metadata).
• Gigamon transforms the traffic and optimizes it for the tools that need it. That could mean something as simple as deduplication/filtering or something more sophisticated like decryption. 

Differentiation in the market

When speaking with your customers, be sure to highlight the following Gigamon value adds:

• Gigamon invented packet broker technology over 20 years ago, and in that time, they have maintained both market and technology leadership with over 150 patents. 
• Gigamon has a commanding lead in private/public cloud visibility and orchestration via GigaVUE Fabric Manager and GigaVUE Cloud Suite, which automates the instantiating, configuring and monitoring of hybrid infrastructure in support of DevOps, NetOps and SecOps teams. Extensive integrations with orchestration tools like Ansible, Terraform, Chef and Puppet, AWS CloudWatch, Azure Network Watch, VMware vCenter, Nutanix Prism, OpenStack Controller and others make the Gigamon Deep Observability Pipeline ready for any modern compute environment. 
• Only Gigamon provides network visibility within container nodes, cloud subnets, VMs and physical network infrastructures to existing security, observability and monitoring tools. 
• Where others provide simple export of network metadata as L4 flow data, Gigamon Application Intelligence uses deep packet inspection to export rich application metadata for over 4,000 apps and close to 6,000 metadata attributes. Modern export formats include JSON and Open Cybersecurity Schema Format (OCSF). 
• Gigamon has by far the most extensive and modern capabilities for packet decryption, including TLS 1.3 and container traffic via their breakthrough Gigamon Precryption technology. 

How do you position and sell the Gigamon Deep Observability Pipeline?

The Gigamon Deep Observability Pipeline is a critical component of any tool set that requires or greatly benefits from network-derived intelligence in the form of packets, flows or application metadata. This includes many cybersecurity, application performance management (APM) and network performance management (NPM) solutions. Any time you are speaking to customers or prospects about securing or optimizing their hybrid infrastructure, Gigamon should be introduced to illustrate how these tools are more effecitve, simplify visibility architecture and operations and provide significant cost savings — especially in public clouds. 

More information

Arrow's Gigamon team is here to help you grow your business and meet your customer's network observability needs. Our channel business managers are experts in the entire Gigamon product line and programs. 

Arrow can also help you integrate the Gigamon capabilities with SIEM's (such as Splunk, QRadar and ArcSight), NDR/XDR solutions (such as Forescout, Palo Alto Networks, NETSCOUT, Trend Micro, CrowdStrike and others), as well as NPM/APM solutions (such as Riverbed).

In addition, our certified Gigamon engineers have years of experience in selling and supporting the entire Deep Observability Pipeline solution and they stay on top of all the latest technical developments. 

Reach out to us today!

To learn more, check out this Gigamon blog by Ryan Mahoney entitled, Save 80% on Cloud Monitoring Costs. No, this Isn't Vendor BS.