Gigamon Insights enables better network telemetry for organizations

The agentic AI application integrates with AWS, Elastic, and Splunk to help Security, IT, and NetOps teams detect threats, troubleshoot performance issues, and close compliance gaps at scale.

Gigamon Insights is an agentic AI application that is purpose-built for network-derived telemetry. Unveiled recently, the application delivers instant guidance for Security and IT operations teams.

Gigamon Insights can be integrated into SIEM and observability platforms from Elastic and Splunk and cloud services from AWS, boosting IT productivity by accelerating investigations without manually combing through dashboard data. It advances the company’s AI vision to help organizations detect previously unseen threats, resolve performance issues faster, and close compliance gaps across hybrid cloud environments.

Building on the Gigamon Deep Observability Pipeline, the solution helps close visibility gaps in SIEM and cloud tools by combining AI with trusted network data, providing immediate context-rich intelligence to help analysts respond faster and with greater precision.

Specifically, Gigamon Insights enables teams to use GenAI prompts to query metadata for insights across security, compliance, and performance as well as uncover hidden threats across cloud, container, and on-prem environments. Security teams will also be able to expedite time-to-insights in seconds without additional staffing or exposure of sensitive data and build resilience in hybrid cloud environments while addressing the growing threat landscape and talent shortages.

Better visibility across hybrid cloud environments

According to Shane Buckley, Gigamon CEO, over 90% of organizations are deploying hybrid multi-cloud networks, and that creates a lot of complexity. The complexity these large organizations face is where tools like Gigamon Insights can make a difference as it simplifies complexities and enables customers to be able to much more effectively leverage the tool stack that they have.

Buckley, who was in Singapore recently, shared with CRN Asia that cyberattacks in Asia are increasing over 29% year over year. This is quite consistent with what Gigamon is seeing in other parts of the world.

While the rate of cyberattacks is going up, organizations are challenged with their cybersecurity budget, given economic forces in the world, where interest rates still are quite high and there are no signs of abating in the short term.

“Security leaders are under a lot of budgetary pressure. There's been a lot of discussion and trends of tool consolidations, moving to kind of platform approaches. That's very dangerous because typically if you go with a single vendor solution, single vendors tend to have one or a small number of ways of actually capturing the bad people, the bad actors,” Buckley said.

Buckley explained that cybersecurity has always been a defence in depth.

“Traditionally, security professionals have always had multiple mousetraps to catch the mouse. If you have kind of one way to catch a mouse and the mouse gets past that mousetrap, then you're kind of exposed. So that's definitely a challenge for customers,” he added.

This is also where he believes Gigamon can help customers address these challenges, especially in the multi-hybrid cloud environment. He said Gigamon is capable of dramatically reducing the levels of unnecessary traffic that hit the many tools organizations have in the first place.

“Customers will be able to do a lot more with less. So, by saving money in terms of the tools they currently have, they can keep that diversity of tool stack in place. Because you need to have multi-layered defense for security. And even still, it's becoming very hard. It is a cat and mouse game. And unfortunately, the mouse is winning in many ways,” he said.

Gigamon Insights for CISOs

Buckley also pointed out that CISOs remained concerned on the rise of AI. While there has an increase in AI attacks right across the board for customers, Buckley also believes that AI, in many ways, has got a lot of opportunities.

“There's a lot of excitement. Obviously, we're in the hype cycle for AI, which needs to be tempered somewhat. As technology is moving pretty quickly, one has to be careful. It kind of reminds me over 10 years ago with cloud 1.0, when everyone’s rushing into cloud, assuming that it was safe but it wasn’t. You still need to have your own defenses in cloud, just like you do inside your data centers,” Buckley said.

The number one issue that CISOs report to Gigamon concerns LLMs. He said CISOs want to know what these LLMs are doing to their network.

“Almost nobody understands how the LLM works and there's a decently small and growing community of people who understand how to leverage and use LLMs. But very few people are data scientists that actually understand how these things actually work inside the infrastructure. And we've seen a growing number of reports of inadvertent access to information because LLMs are not actually instrumented correctly inside networks. They don't follow companies' content management rules,” he said.

This is where Gigamon Insights helps deliver faster investigations and root-cause analysis while maintaining data privacy through a flexible AI architecture that supports private or “bring-your-own” LLMs. Its agentic interface enables Security and IT teams to use pre-defined prompts or craft free-form queries to run analyses, generate insights, and take action.

At the core of these capabilities is Gigamon Application Metadata Intelligence (AMI), which enriches network-derived telemetry with application-level context, helping to ensure that the insights generated are both trusted and actionable.

“The Zero Trust framework is broadly applicable in organizations around the world. It's somewhat ironic because Zero Trust mandates that security professionals need to make sure that users only have access to information they're authorized to access, using things like identity management, using things like micro-segmentation, looking at continuous movements of traffic laterally across the network, inspecting the site, encrypting traffic, etc, doing everything you possibly can to see if users are actually getting access in an appropriate way,” he said.

As Buckley puts it, ironically, organizations are dropping LLMs into their large networks that seemingly can connect everything.

“So, on one hand, you're trying to shut information down. And on the other hand, you're saying, hey, open the gates and let this tool that nobody knows anything about connect to everything and just hoover up vast quantities of information. And then one wonders why people at the wrong levels get access to information they're not supposed to get. It remains a very big trend that CISOs have mentioned to us,” Buckley added.

As part of Gigamon’s AI roadmap, AMI enables customers to track what these LLMs are doing.

“We support 35 native protocols for LLMs. So, we can see exactly what the LLMs are talking to inside the customer's network. We can report that back into their SIEM, like Splunk, for example, or into Elastic or any form of data lake service. It can go to the SOC. The SOC can then review this and put ACLs or rules in place to limit the LLMs so it doesn't inadvertently access information it shouldn't,” Buckley said.

“So that's a perfect example of a real challenge that the customer has and the solution that we're putting in place. We have to put something else in place for a new feature, which is a kind of over-back exercise. That's the way security has been working for decades,” he concluded.