Partner Spotlight: Power of Three With Gigamon, ExtraHop, and WWT

The Gigamon Power of Three initiative combines Gigamon, a Gigamon channel partner, and a leading networking, security, or observability technology alliance partner to provide customers with technology integrations and support to deploy and manage solutions more efficiently.

This Power of Three combines Gigamon deep observability with the network security of ExtraHop and the integration support of channel partner WWT. We talked to Michael Dickman, chief product officer of Gigamon; Mark Bowling, senior vice president, chief risk, security, and information security officer of ExtraHop; and Matt Berry, WWT’s AVP and global field CTO for cyber about what their companies bring to this alliance.

Gigamon: Can you explain the concept of deep observability? What business issues drive the need for deep observability, and how does Gigamon play into that?

Michael: Deep observability brings networking-level depth and granularity to observability of applications and operations. Such depth and granularity are essential to secure and assure these applications and operations in a world of hybrid infrastructure, complex data flows, and an ever-evolving threat landscape that has proven time and again the risk of overreliance on perimeter and endpoint security.

Nearly all large organizations today are hybrid, meaning they use all physical, virtual, public cloud, and containerized environments. Observing data in motion within and across these environments is a major technical challenge. Blind spots become security vulnerabilities that create business risk and operational inefficiencies.

The Gigamon Deep Observability Pipeline addresses this challenge by providing a single, consistent view into all the data in motion within and across an organization’s hybrid infrastructure. Gigamon enables security and assurance tools with a full breadth and depth of telemetry and insight, from the application level down to the packet level.

Gigamon: What additional value does Gigamon provide to traffic within clouds, VMs, and containers above and beyond existing telemetry toolsets?

Michael: Gigamon is the long-established leader in network visibility and traffic optimization and enrichment. This leadership extends to virtualized and containerized environments, including public clouds like AWS and Azure, and private clouds like VMware and Red Hat OpenShift.

Beyond network visibility, Gigamon generates application metadata — granular insight into what is actually being communicated between VMs and containers — that complements traditional logs, which are limited and at risk of being disabled or manipulated. This combined intelligence aligns network and security teams around NDR, observability, or SIEM dashboards that extend the capabilities of these solutions to precisely identify threats and operational issues that could impact business operations.

Gigamon: Can Gigamon help with the challenges clients face with encrypted traffic?

Michael: Yes! Gigamon has deep experience with the challenges of encrypted traffic, gained from years of working with some of the most secure organizations worldwide. We have a range of solutions that leverage our deep packet inspection capabilities to provide clients with visibility into encrypted traffic. These solutions are designed to alleviate the decryption burden on individual tools by providing a centralized “decrypt once, share many times” capability.

Additionally, the recently announced Gigamon Precryption^™ technology provides a unique solution to the challenges of managing encrypted data in the cloud.

Gigamon: What are the main enterprise security problems that ExtraHop^® helps customers solve?
Mark: Customers use the RevealX^™ platform from ExtraHop for a wide range of security use cases, including cloud threat detection and response, cloud workload and cloud network security, security hygiene, threat hunting, and forensic analysis of network transmission.

RevealX also fills in critical visibility and threat detection gaps associated with log and agent-based tools, firewalls, credential policies, and CSP-native controls to reduce risk and build business resilience.

Furthermore, RevealX is uniquely critical in helping threat hunters and active defense in the SOC by most effectively implementing the following network analysis tasks: identifying any encrypted data that is atypical or above trends, analyzing activity and changes in your network structure, and associating any existing network vulnerabilities with identified TTPs, IOCs, or hostile actions.

Mark: ExtraHop provides solutions in three areas:

• Visibility: RevealX automatically discovers and classifies every device communicating across the network, with real-time, out-of-band visibility and packet header decryption, so security operations teams can observe and respond to hidden attackers and crucial transaction details without compromising either compliance or privacy. With full East-West visibility from the data center to the cloud to the edge, organizations can understand their hybrid and multi-cloud attack surface in a single, cloud-native solution.
• Detection: RevealX detects evolving threats in real time by applying cloud-scale machine learning to metadata and analysis of 5,000+ L2–L7 protocol metadata features. RevealX automatically identifies critical assets and compares peer groups to deliver high-fidelity behavioral detections correlated with risk scores, and CrowdStrike threat intelligence so organizations can both prioritize the highest-risk threats for attention and filter out those detections that are understood to be benign in the customer’s network environment.
• Investigation and response: The RevealX workflow takes analysts from security events to associated records and packets in a few clicks, erasing hours spent manually identifying, collecting, and parsing data. Instant answers enable immediate, confident responses. Robust integrations with security tools, including Crowdstrike, Splunk, Palo Alto Networks, and more help organizations automate investigation and act in time to stop attacks before they become breaches.

Gigamon: What makes the Gigamon–ExtraHop integration such a compelling business proposition for market adoption?

Mark: The Gigamon–ExtraHop integration is a fundamental and persuasive business proposition because it enables the collection, aggregation, and visibility of all cloud network transmission into the enterprise security operations center. It provides this visibility in a way that is technically elegant, operationally efficient, and financially responsible. It reduces the total net cost of implementing matchless cloud and on-premises network visibility such that the enterprise SOC can provide the protection it needs to, at a velocity required for effectiveness, at a great price. It is the only solution that can scale to large, multi-zone clouds at a good price.

Gigamon: How does WWT contribute to deep observability, and what are the key features that the Gigamon and ExtraHop solution brings to your customers?

Matt: WWT’s deep expertise in cloud and software-defined infrastructure (SDI) drives customers toward a Zero Trust network foundation, emphasizing segmentation and dynamic scaling that matches the workloads they support. As networks mature and shift toward SDI models, WWT helps ensure that observability and security are tightly integrated across both cloud and on-prem environments.

While many cloud service providers (CSPs) offer native telemetry, third-party tools like Gigamon and ExtraHop still provide substantial value by enriching this telemetry and offering deeper insights, especially in hybrid or multi-cloud architectures.

These tools enhance visibility into network flows and traffic inspection pre- and post-encryption, making them critical for environments transitioning toward Zero Trust but still needing comprehensive traffic monitoring. WWT enables customers to leverage Gigamon and ExtraHop to extend their observability into areas CSP telemetry alone might not cover, helping organizations assess risk and respond to threats in real time.

Gigamon: How can Gigamon and ExtraHop help meet the compliance needs of clients with traffic monitoring requirements?

Matt: For clients with strict regulatory requirements for traffic monitoring, such as those in financial services, healthcare, or operational technology (OT), Gigamon and ExtraHop play a crucial role. These tools provide comprehensive monitoring across traditional network architectures and flat networks, ensuring compliance even in highly segmented or complex environments.

While highly segmented or cloud-native networks might face a higher cost-benefit challenge as they scale, WWT works with customers to assess where Gigamon and ExtraHop can deliver the most value. In environments where agent installation may be restricted, such as OT or hospital networks, these tools can monitor traffic where other solutions might struggle, ensuring regulatory compliance while protecting critical assets. WWT helps customers identify where Gigamon and ExtraHop are best deployed to meet these compliance needs, even in the most complex or regulated environments.

Gigamon: What can WWT, Gigamon, and ExtraHop do to support customers in the wake of the Broadcom/VMware acquisition?

Matt: As organizations look for alternatives due to the Broadcom–VMware acquisition, WWT sees many customers exploring SDI platforms like RedHat OpenShift and Canonical MAAS as they look to reduce reliance on costly VMware licensing. While VMware remains a dominant player, the move toward SDI alternatives is gaining momentum, and customers are beginning to downsize their VMware environments in favor of cloud-native and hybrid architectures.

During this transition, Gigamon and ExtraHop provide critical visibility into legacy on-prem environments, uncovering decades of forgotten service dependencies, flow patterns, and third-party service hooks. This visibility is essential for reducing risks and downtime during the migration to a private cloud hosting model. WWT, working alongside Gigamon and ExtraHop, helps ensure a seamless migration by providing deep observability into these legacy flows, minimizing disruption, and preparing customers for a hybrid or private cloud future. Once re-hosted, Gigamon and ExtraHop can continue to provide value by ingesting telemetry from private cloud platforms, helping to maintain visibility and security throughout the migration process.

You can hear more from this trio by watching their on-demand webinar, Maximizing Network Threat Detection: Enhancing Security.