Gigamon Deep Observability Pipeline

Supercharge your security and observability tools with network-derived intelligence to eliminate blind spots and reduce tool costs.

LEARN MORE

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

TRAFFIC INTELLIGENCE

A NEW AI ERA BEGINS

AI builds on deep observability to enhance traffic intelligence, threat detection, and governance across the hybrid cloud.

MEET GIGAMON AI

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

OVERVIEW

GET SUPPORT

ASK THE COMMUNITY

voice of the customer

Gigamon serves the most security conscious government agencies and businesses around the world, enabling them to gain deep observability they require to better secure and manage hybrid cloud infrastructure.

CUSTOMERS

cegedim

U.S. Holocaust Memorial Museum

Building a foundation for data integrity and security.

 

Corpay (formerly FLEETCOR)

Corpay

Enhances hybrid cloud security through proactive threat identification.

DoD

Department of Defense

Confidently feeds different tool sets in the physical and virtual world.

 

Resource Library

Your one-stop hub to explore content resources and stay current on the latest in how to amplify the power of your cloud, security and observability tools.

RESOURCES

navthumb precryption

Recalibrate Risk Now

2025 survey now live.
AI threats are rising.
See how to gain control.

navthumb precryption

AI for Deep Observability

Insights and governance redefined.

tech hub

Tech Hub

Explore short demos highlighting real-life use cases.

WHY GIGAMON

We offer a deep observability pipeline that efficiently delivers network-derived intelligence to cloud, security, and observability tools to eliminate blind spots, optimize traffic, and reduce tool costs, enabling you to better secure and manage hybrid cloud infrastructure.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Company Overview

Gigamon Overview: A Leader in Deep Observability

See the full picture. Secure your hybrid cloud.

GPTW

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Security / June 11, 2026

Mythos and the New Economics of Cybersecurity

Gareth Maclachlan Chief Operating Officer at Gigamon Gareth Maclachlan  

Why Network-Derived Telemetry is Becoming Essential for Modern Security Operations.

Anthropic’s Mythos is a clear signal that the security game is changing again. The real shift is not that artificial intelligence (AI) can now find more bugs. The real shift is that the economics of security research are changing. Capabilities that once required specialized expertise, significant time, and substantial resources are becoming faster, cheaper, and more scalable. Exploit development is also becoming easier to automate, compressing the time between discovery and operational use.

The implications for security teams are significant.

  • Signature-based detection and prevention become less effective when new vulnerabilities and exploit techniques emerge faster than defensive content can be created, tested, and deployed
  • Security teams’ ability to validate, prioritize, and patch known vulnerabilities is already constrained. AI-driven discovery places even greater pressure on those processes
  • Attackers may increasingly use compromised infrastructure, cloud services, or trusted network elements as staging points, expanding the scope of what security teams must monitor
  • Logs and alerts remain essential, but security teams must account for the possibility that some sources may be incomplete, delayed, misconfigured, or compromised

Mythos may be an early signal, but the broader trend is clear: AI-assisted discovery is becoming more accessible, and security teams should plan for this capability to become part of the normal threat landscape.

When Discovery Becomes Cheaper, Validation Becomes the Bottleneck

Some fundamentals do not change. Enterprises still need strong identity, segmentation, patching discipline, and threat-informed hunting.  What changes is the assumption security leaders must make: unknown vulnerabilities may exist across the hybrid environment, and AI-driven discovery may surface them faster than traditional validation and remediation processes can absorb.

As discovery accelerates, the challenge shifts from finding vulnerabilities to understanding which findings matter, how attackers might use them, and how quickly organizations can respond. That shift places new pressure on security teams to validate exposure, identify suspicious activity, and prioritize response efforts with greater speed and confidence.

  • Attack activity monitoring: identify traffic that may indicate exploitation attempts against critical assets.
  • Chained activity detection: observe sequences of application traffic that may suggest movement across systems
  • Trusted infrastructure monitoring: detect unusual traffic involving networks, proxies, firewalls, hypervisors, cloud services, and other trusted infrastructure, not just endpoints.

To achieve each of these successfully requires consistent, comprehensive network telemetry across the entire hybrid environment. Security leaders need to understand not only what reaches the perimeter, but how systems, services, and trusted infrastructure communicate inside the environment.

As unknown vulnerabilities become easier to discover and exploit, organizations can no longer assume that every threat will be stopped at the perimeter. The ability to observe and investigate internal traffic becomes increasingly important to understanding risk, detecting compromise, and responding with confidence.

Why Logs Alone Are Not Enough

Logs remain essential, but they can provide an incomplete view of attacker behavior, especially when activity moves laterally across internal systems or when logging sources are inconsistent, delayed, or compromised.

Security teams have long struggled to piece together a complete picture from logs across firewalls, proxies, VPNs, endpoints, cloud services, and other tools. That challenge becomes more acute when attackers use unknown vulnerabilities, move through internal systems, or manipulate the telemetry sources defenders rely on.

Combining logs with comprehensive network-derived telemetry changes the investigation model. Instead of relying only on what systems choose to report, security teams gain an independent view of how systems, applications, and users actually communicate.

Modern environments make this harder. Traffic spans on-premises data centers, public cloud and private cloud, virtual machines, and containers. Applications are decomposed into microservices, services are ephemeral, and data paths change constantly. Reconstructing Mythos-class activity from logs alone leaves security teams without critical behavioral context.

Deep observability provides a more complete picture of exposure, activity, and risk, helping security teams validate what matters, investigate with greater confidence, and respond more effectively as AI accelerates the pace of cybersecurity.

What Network-Derived Telemetry Adds to the Picture

This is where network-derived telemetry moves beyond a visibility discussion and becomes a critical source of evidence.

The Gigamon Deep Observability Pipeline delivers network-derived telemetry from across hybrid cloud infrastructure, including packets, packet flows, network metadata, and application metadata. Combined with log data, identity signals, and EDR events, this telemetry provides the deep observability needed to understand exposure, detect suspicious behavior, investigate activity, and accelerate response.

That evidence includes context such as:

  • Which application traffic is reaching critical assets, regardless of port or header
  • Whether internal traffic may indicate exploitation activity
  • DNS behavior that hints at tunneling or command-and-control activity
  • TLS posture, including weak ciphers and certificate issues that raise risk
  • Traffic behaviors that may indicate exploitation attempts, lateral movement, staging activity, or exfiltration

As AI-driven discovery tools surface more findings, security teams need a way to distinguish theoretical risk from observed activity and real-world exposure. Network-derived telemetry helps bridge that gap by showing which systems and services communicate over active business-critical pathways, which assets interact with sensitive systems, and where suspicious traffic patterns may indicate exploitation or compromise.

For CISOs, this becomes highly practical. You can start to answer questions like:

  • Is traffic targeting this vulnerable service or application being observed in the environment?
  • Which systems participate in critical business flows or high-value data paths?
  • Did observed traffic patterns change after a patch, configuration update, or segmentation change?

In other words, Mythos lowers the cost of discovery and exploitation. Network-derived telemetry increases the ability to detect suspicious behavior, investigate compromise, and respond with confidence.

Why AI Application Traffic Visibility Matters

The Mythos conversation highlights a broader challenge. Organizations are rapidly adopting AI services, agents, copilots, and autonomous workflows across the enterprise, often faster than governance programs can keep pace.

As more teams adopt generative AI services, agents, and copilots, organizations need to understand where these tools are being used, what data is being shared, and how AI interactions intersect with critical business systems. Visibility into AI application traffic is becoming foundational for AI governance. Organizations need to understand:

  • Where AI tools are being used, both sanctioned and unsanctioned
  • What data is flowing to and from those services
  • How that traffic moves across your internal environment
  • The impact of agentic traffic on applications, data stores, and network infrastructure

Gigamon Application Metadata Intelligence (AMI) is designed to detect and monitor traffic associated with many widely used large language models, including commercial AI services, enterprise-hosted open-source models, RAG deployments, and MCP servers deployed within enterprise environments. Using deep packet inspection and application identification techniques, AMI helps organizations understand AI usage patterns across their environments and enrich downstream security and observability tools with application-level context.

Practically, this allows your teams to:

  • Uncover shadow AI usage that may introduce data-handling, compliance, or attack-surface risk
  • Differentiate sanctioned from unsanctioned AI services
  • Enrich downstream tools with application-level context that supports policy enforcement, investigation, and governance

In a world where AI agents themselves may soon make security-relevant decisions and changes, organizations will need independent evidence of what those systems are doing, what data they are accessing, and how they are interacting with critical infrastructure. Once again, network-derived telemetry provides an essential source of that evidence.

Fitting Gigamon into Existing SecOps Architectures

East-West network telemetry complements EDR and identity-based detection by providing missing context between users, devices, applications, and infrastructure.  When customers bring network-derived telemetry into NexGem SIEM, NDR, and security operations workflows, they can:

  • Extend coverage into blind spots such as encrypted traffic, East–West (lateral) segments, virtual networks, and cloud platforms
  • Identify rogue assets, validate EDR agent coverage, and identify suspicious traffic to and from critical assets
  • Expand investigation and threat hunting workflows using network traffic, accelerating lateral movement detection and incident scoping
  • Support targeted decryption of suspicious internal and external flows, with event-based packet capture when needed.

As more organizations move toward AI-assisted security operations and autonomous response workflows, having clean, consistent, and comprehensive telemetry is critical. AI systems amplify the quality of the signals they receive. Incomplete visibility can lead to faster mistakes. High-fidelity telemetry supports better decisions.

The Bottom Line for CISOs and Enterprise Security

Mythos is not the story. The story is what happens when the economics of discovery and exploitation change faster than the security architectures designed to defend against them.

Simply reacting faster will not be enough. Organizations need better evidence, broader visibility, and cleaner telemetry to understand what is happening across hybrid environments and respond with confidence. The Gigamon Deep Observability Pipeline provides the network-derived evidence security teams need to detect suspicious behavior, enrich investigations, and make better decisions as AI accelerates both attack and defense. 

See how AI-powered deep observability turns network-derived telemetry into instant guidance for security teams.

LEARN MORE
CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today

  • © Gigamon 2026
Back to top