Security / January 16, 2023

LogRhythm and Gigamon Join Forces to Simplify Security and Neutralize Threats

LogRhythm is a leading security information and event management (SIEM) solution helping defend enterprises from security threats. The company launched almost 20 years ago in a garage in Boulder, Colorado, and is now based in sunny Broomfield, Colorado, with international offices in England and Singapore.

We spoke with Channel Sales Engineer Jake Haldeman to find out how LogRhythm and Gigamon work together to empower customers’ security teams so they can reduce noise, prioritize work, and quickly secure their environments.

Gigamon: Who is LogRhythm, and what is the company’s history?

Jake: LogRhythm was founded by two friends, Phil Villella and Chris Peterson, in 2002. They joined forces with the shared vision of developing solutions to the growing and constant threat of cyberattacks. For the last 20 years, LogRhythm has empowered security teams across the globe with the LogRhythm SIEM solution.

Our company envisions a future of fast, agile, and high-performing security teams empowered with the most intuitive and contextual analytics available in cybersecurity.

Gigamon: Describe your company culture. What makes you tick?

Jake: Cyber threats happen quickly, so LogRhythm is a fast-paced company. I remember thinking it was like drinking from a firehose when I first started. There is so much to learn about SIEM and security. At the end of the day, I’m part of a team of extremely bright and talented individuals, all hyperfocused on providing best-in-class security to our customers. I’m continuously encouraged to learn and grow, and I feel like my time at LogRhythm has helped me develop new skills, sharpen the ones I have, and become a better person.

Gigamon: If you had to describe Gigamon with just one word, what would it be?

Jake: Flexibility. Gigamon Deep Observability Pipeline easily captures network traffic, summarizes it, and ships it to a SIEM or sends rare PCAPs to LogRhythm NDR regardless of the infrastructure that you are deploying against. Gigamon offers a unique solution that complements the LogRhythm product suite.

Gigamon: How do you see LogRhythm fitting together with Gigamon to solve your customers’ problems?

LogRhythm Channel Sales Engineer Jake Haldeman

Jake: LogRhythm and Gigamon help organizations increase visibility and protect against modern cyberattacks through the integration of the LogRhythm NDR and SIEM platform and the Gigamon Deep Observability Pipeline. Our strategic partnership empowers security teams to detect, prioritize, and neutralize damaging internal and external cyber threats.

When customers have compute nodes across multiple locations and technologies, Gigamon can come in, capture data, and direct it to the LogRhythm NDR platform in an easy and manageable experience. This makes it possible for LogRhythm NDR to analyze network traffic from public or private clouds and physical, virtual, and container-based infrastructures in just a few minutes.

Gigamon: What are some of your market’s specifics, advantages, and challenges when it comes to network security and visibility?

Jake: With Gigamon Deep Observability Pipeline, LogRhythm NDR captures network traffic and quickly parses and analyzes it, leveraging machine learning models to determine whether the risk is actionable or not. LogRhythm SIEM and the Gigamon Deep Observability Pipeline allow for the SIEM to obtain valuable data points regarding network activity to correlate against other activities detected in a network.  With this additional data point, LogRhythm can help detect and respond to incidents faster and with better visibility into what is going on thanks to Gigamon’s ability to ship network activity data to LogRhythm SIEM.

Gigamon: Which Gigamon features stand out the most and make the product outstrip its competitors?

Jake: The Gigamon user experience makes it easy to determine which networks and what type of traffic will be captured and sent to LogRhythm SIEM or NDR. Customers can quickly maximize their LogRhythm value by filtering at the Gigamon level before it hits our products. Gigamon also makes it incredibly easy to feed network data into multiple destinations –– LogRhythm SIEM and NDR as well as other application and network performance monitoring tools –– all with just a few clicks of the mouse.

Gigamon: What is the most memorable moment associated with Gigamon as a partner?

Jake: Working with Gene Ballard has been so much fun. His experience is top notch! When you sit down and have a beer with him, things get fun. With his guitar playing and technical background, he can take something mundane and make it fun. His passion is infectious and leaves me more excited than ever to integrate the LogRhythm platforms with the visibility powered by Gigamon.

Gigamon: What are the wow moments associated with Gigamon?

Jake: Many customers use Azure, Kubernetes, and various virtual environments that are hard to find support for. With Gigamon’s any-cloud concept, a customer can quickly and effectively capture network traffic and send it to LogRhythm NDR or summarize it and send it to LogRhythm SIEM.

Gigamon: What are some of the new challenges you see in the market that the partnership with Gigamon can solve?

Jake: Many customers want to monitor Kubernetes network traffic to watch for data exfiltration or invalid use of the containers. With Gigamon, that visibility is there, and it can help secure workloads that are small but important.

Gigamon: What are the positive business outcomes as a Gigamon alliance partner?

Jake: Partnering with Gigamon enables organizations to ensure that all devices and network traffic in scope can be captured and shipped to respective LogRhythm products. This makes it easy to grow as an organization using the cloud integrations that Gigamon supports.

Gigamon: What unique capabilities does this partnership bring to our joint business?

Jake: There are so many. For one, the partnership brings actionable, network-derived intelligence and easy access to traffic from physical, virtual, and cloud networks with the Gigamon Deep Observability Pipeline. Also, the aggregation, filtering, and distribution of relevant traffic to LogRhythm SIEM help accelerate processing throughput. We can mask private and sensitive data to meet industry regulations before sending to LogRhythm SIEM.

Another capability is that generated metadata can be selected from over 7,000 attributes across 3,000 applications (for example, HTTP response codes and DNS queries) to provide highly detailed contextual analysis when looking at network events. We can also generate NetFlow from any traffic flow and decrypt SSL traffic to avoid unnecessary processing. Automatic traffic load balancing helps optimize the performance of LogRhythm SIEM. Finally, Microsoft Azure, GCP, AWS, or almost any other cloud provider (public or private) can now integrate into and direct data into LogRhythm NDR thanks to Gigamon.

Gigamon: Who is the target audience (such as SecOps, NetOps, or DevOps) for our joint solution, and how do they benefit?

Jake: SecOps teams will benefit from this capability. When network traffic is properly directed to SIEM and NDR products, it enables visibility that can help confirm surface threats that were previously hard to detect.

Gigamon: Thank you, Jake, for making time for us and for being such a wonderful partner.


People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today

Back to top