Securing the Data Highway

This interview with Michael Dickman, Gigamon Chief Products Officer, was first published in PCR.

Updated October 28, 2021.

Over the last year, digital transformation initiatives have evolved from a long-term goal to a necessity for maintaining business continuity. Michael Dickman, the new Chief Product Officer (CPO) at Gigamon, chats about the importance of being a trusted partner to help with the optimization and security of emerging hybrid architectures.

Could you tell me a bit more about Gigamon?

Gigamon is the first company to deliver unified network visibility and analytics on all data in motion, across the hybrid cloud network to solve critical security, performance, and budget requirements — freeing organisations to accelerate digital transformation initiatives. We ensure that network performance and security is optimised by aggregating, transforming and analysing network traffic, as well as enabling rapid threat detection and response. Gigamon has 1,000 employees, spans over 15 countries, and serves more than 3,000 organisations (including 80 percent of the Fortune 100).  

With our Channel-first strategy, we are proud of our strong global partner network, which has grown more than 35 percent over the last year and enables us to deliver high return on investment solutions to our customers. Together with our partners, we help organisations adjust to the “new normal” so they can run fast and stay secure.

What products and services does it offer?

Gigamon offers a range of products and solutions that allow organisations to discover, optimise, and secure their network traffic. This includes physical and cloud virtual visibility processing nodes, TAPs, and Traffic Aggregators that enable IT teams to reliably manage and control all their data in motion. Gigamon products also allow businesses to extract traffic intelligence including application metadata and filtering, thus optimising data flow. Gigamon works with both enterprises and service providers who especially value our services for 5G, CUPS, and GTP correlation.

Gigamon also specialises in cloud and network security, as well as incident response, promoting a Zero Trust architecture and supporting a number of industries in protecting their data, including financial services, healthcare, and education.

What are the current threats driving need for greater security?

Security challenges have increased significantly over the last 12 months. Our recent survey into Zero Trust found that 84 percent of organisations had seen a rise in threats since the start of 2019 and the global pandemic has only accelerated cybercrime.

As one example, the mass shift to home learning for higher education institutions has meant that online student traffic has increased, while more unsecured endpoint devices have been accessing student intranets. Universities are common targets of cyberattacks and it is therefore essential their network traffic is visible, meaning threats can be quickly detected and data breaches prevented. Industries like finance and healthcare also clearly need visibility for security given their significant technological evolution over the last ten years, meaning they now leverage a large volume of critical data.

How has the focus on data and how we handle it changed over recent years?

Automation for data analysis has been a much bigger focus in recent years. As IT teams face the challenge of doing more with less, budgets continue to be cut, while digital transformation initiatives remain imperative.

A report by the Ponemon Institute found that 60 percent of IT leaders said automation helps to reduce the stress faced by their IT teams. Insights from aggregated data help IT understand the bottlenecks within the infrastructure and simplify them. For example, a security tool may not be as effective if irrelevant traffic is clogging up the network. Metadata has become much more important as raw packet volume with “Big Data” at Cloud-scale becomes overwhelming without intelligent pre-processing.

Why are data analytics an important consideration?

You cannot manage what you cannot see, and it is impossible to accurately analyse and secure all data in motion without full visibility into all — even encrypted — traffic. By integrating data analytics tools, NetOps teams can become more productive, networks can run more efficiently, and cybersecurity improves significantly.  Analytics tools categorise data in motion and intelligently identify threats for further inspection. For example, internal data between Microsoft Teams, Slack, or Zoom is likely to be very low risk. Low-risk, duplicate, or irrelevant data will therefore no longer clog up the network or tool capacity. For IT and SecOps teams, there will be fewer, more reliable alerts that they can act on more efficiently and productively.

How should businesses be looking to secure their data?

All organisations produce, store, or interact with sensitive data of some sort. Financial Services firms, for example, protect hugely critical data and a second-rate cybersecurity system is out of the question. With dispersed and often remote teams, plus the growth of personal and unmanaged IoT devices, Gartner has confirmed that one of the most useful and important tools is Network Detection and Response (NDR). The best NDR tools should be measured not on how many detection alerts they produce, but on the quality of investigations and speed of responses they enable. Effective outcomes require expert curation of detections, powerful investigation capabilities like search, and the right set of ecosystem integrations for appropriate response. An additional consideration is the benefit of using a centralised decryption tool to enable full visibility of threats which increasingly ride in encrypted network data.

Please could you explain a bit more about cloud visibility, and why it is important?

Cloud visibility is important not just within a single cloud but across all the clouds that an organisation may touch. Most organisations are operating with a hybrid infrastructure whether intentional or accidental, creating a gap in visibility. Network tools lack visibility into cloud traffic, and cloud tools lack visibility into network traffic. This gap results in “islands of visibility” that forces IT teams to re-do compliance processes and struggle to optimise user experience and security at the enterprise level, versus IT optimisation within each siloed cloud.

The solution to this gap is elastic visibility across the hybrid cloud. End-to-end visibility is needed to unify data and metadata from different clouds with different methods of data ingestion and different versions of tools.

What is the current threat of data breaches and how can we safeguard against this?

The threat is higher than ever, sadly having worsened during the global pandemic, as evidenced by both reported breaches and unreported breaches implied by industry studies. One approach is to consider the Zero Trust framework, which is a set of principles to minimise implicit trust given to individuals or devices. There are many actions to take within this framework, but the essence is to recognise that breaches have become more of a “when” than an “if,” and that Information Security teams must complement threat prevention with threat detection and response.

Good hygiene with network segmentation is a key first step. Endpoint Detection and Response can increase the chances of detecting a threat via managed (but not unmanaged) endpoints. Visibility into the network itself becomes the critical backstop, since East-West threat movement, command and control beaconing, and much more may be visible only in the data in motion. Channel partners have a huge opportunity to act as trusted advisors, helping each customer build towards a Zero Trust Architecture in the manner that is right for them.

How is the increase in data volume impacting our networks?

Data volume continues to grow exponentially, which has implications far beyond upgrading the “speeds-and-feeds” on an enterprise local area network. Monitoring itself becomes more difficult with less margin for error as inline monitoring and security tools can become overwhelmed. One interesting trend is 5G, which will dramatically increase and improve data volumes for mobile users. Channel partners can help Enterprises form their own 5G strategies, taking advantage of opportunities from cost reduction to even greater agility and experience for mobile users. Visibility in the 5G network is absolutely critical, especially considering the control plane and user (data) plane will be separated, making it more challenging to assure experience.

Please could you explain a bit more about managed services and the importance of this?

Channel partners must become trusted advisors to customers to help them navigate the complexity of today’s IT world. The first step is consultative selling, but this can be followed by taking a much more active role in directly supporting customers with their challenges by managing specific services for them, even including security services. The channel always must ensure its customers are getting the best value from the technologies they are investing in, and can create a win-win by going beyond advice and implementation, into management, operation, and administration. From here, a more lucrative partnership is being built between channel partners and customers.