Security / November 13, 2023

We See You, Threat Actors. We Know Where You Hide.

A huge cybersecurity threat exists because threat actors are hiding in one of the very mechanisms created to protect us — encryption. That’s why in September we launched a breakthrough cybersecurity technology for the world, specifically designed to eliminate this blind spot.

Today, over 90 percent of all communications are encrypted, including organizations’ internal communications, and threat actors are increasingly hiding their activity under the cover of encryption. As attackers have grown more sophisticated, they are even employing encryption for their own lateral movement, data siphoning, and data exfiltration. Moreover, they are doing this on virtual and cloud workloads, where the security measures are still maturing.

More advanced security organizations have been attempting to address this using decryption. The U.S. National Security Agency (NSA), among others, promotes TLS decryption as necessary for a strong security posture. Unfortunately, decryption can prove costly, modern TLS 1.3 has made it wicked hard, and it’s an outright nightmare in cloud and containers, where systems and microservices are designed to take advantage of efficient lateral communication. According to a report by EMA, a staggering 90 percent of organizations expressed concern over the lack of visibility that comes with TLS 1.3.

This problem set is now directly addressed with our new technology — Gigamon Precryption™ — which gives security teams the ability to shine a bright spotlight on encrypted lateral (also known as East-West) traffic across virtual, cloud, and container workloads. Leveraging Linux eBPF and standard encryption libraries, Precryption technology offers plaintext visibility into all encrypted communications before the payload is encrypted — hence the name Precryption. With Precryption, no decryption is required — the first of several reasons why this is a breakthrough technology.

Rather than try to break something that wasn’t meant to be broken, we access traffic at the most basic level, then efficiently and securely deliver it to the full security stack for further inspection. We’re leveraging a process that’s already happening, making this an elegant solution and not some unnatural act.

And not only is it elegant, it’s independent. Precryption technology is part of the GigaVUE® Universal Cloud Tap, which runs independently of other applications or containers. In this way, we’re simultaneously providing an independent, immutable source of truth, while avoiding any operational entanglements around testing and upgrades commonly associated with embedded agents.

Today, a proper solution for plaintext visibility is more important than ever. As organizations modernize their security posture to become perimeter-less or adopt Zero Trust architecture, inspection becomes mandatory for lateral traffic. This point always gets head nods by those who understand how cybersecurity breaches are perpetrated — and even bigger head nods when considering they need to apply it to modern virtual or cloud workloads. Precryption technology meets them exactly where they are.

The goal with Precryption technology is to broaden the scope of an organization’s security posture, extending it all the way to lateral movement. And to do so efficiently and at scale. Since no decryption is taking place, this means we don’t have to manage keys, we don’t sniff keys, we don’t expose keys, we don’t need key libraries, and we certainly don’t care about cipher strength. We also aren’t having to break and inspect the encrypted channel: nothing gets broken, no proxies, no re-encryption, no retransmissions. But the critical plaintext inspection still happens.

Lastly, Precryption technology is an extension of the Gigamon Deep Observability Pipeline. The plaintext access is just the first step: Along with that comes a whole host of filtering, optimization, transformation, and replication capabilities. Packets get delivered to NDR tools, metadata gets enriched for SIEM tools, and the whole security stack works better because it now knows what’s inside the encrypted traffic versus guessing with other approaches.

Too often organizations get serious about modernizing their security posture only after they’ve had a breach. With Gigamon, you can move from reactive breach management to proactive threat detection and can now see where threat actors hide — especially in the cloud.

Request a live demo to learn more about Gigamon Precryption technology.

Featured Webinars

Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.


People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today

Back to top