Gigamon’s Precryption technology uses Linux’s eBPF to inspect pre-encryption and post-decryption network traffic for malicious activity. Credit: iStock With promises of unprecedented visibility into encrypted traffic across virtual machines (VM) and container workloads, deep observability company Gigamon has launched a new “Precryption” technology. Gigamon’s GigaVUE 6.4 will deploy the Precryption technology to enable IT and security teams to conduct encryption-centric threat detection, investigation, and response across the hybrid cloud infrastructure. “There’s encryption everywhere now, including traffic or lateral movement within all virtualized and containerized environments, which is a good thing because it provides confidentiality for all of our information,” said Michael Dickman, chief product officer at Gigamon. “The danger is that attackers can use encryption to hide their own movement and their own attacks, making it look like just another encrypted traffic flow, and that goes undetected.” The new Precryption technology will be delivered as a part of Gigamon’s existing licenses and will be charged per usage (eg. Terabytes). Gigamon’s Precryption uses eBPF The new Precryption technology by Gigamon leverages Linux’s Extended Berkeley Packet Filter (eBPF) technology to insert custom observability programs into the workload networks and bring them back to a centralized location. eBPF is a flexible technology in the Linux kernel that allows users to write and load custom programs that run within the kernel space. eBPF programs are typically used for network packet filtering, monitoring, and other kernel-level tasks, but their use cases have expanded to various aspects of system observability and control. Simply put, “Gigamon’s new technology allows network traffic to be inspected by capturing traffic before encryption or after decryption using eBPF,” said Christopher Steffen, vice president of research at EMA. “It doesn’t require encryption keys and doesn’t need to perform resource-intensive decryption.” “With the new tech, you don’t actually have to manage, track or use keys,” Dickman said. “There’s no computing needed for an additional overlay of secondary decryption because that’s how decryption usually works where you interrupt a traffic stream, and then decrypt it and re-encrypt, which is quite expensive, compute-wise.” Update receives additional capabilities The latest GigaVUE release has added a few other capabilities, other than the Precryption technology, to support visibility and decryption in a host of environments. With the new “Cloud SSL decryption” capability, Gigamon looks to extend classic on-premises decryption capabilities to virtual and cloud platforms. “Application Metadata Intelligence” is another capability that allows for the detection of vulnerabilities and suspicious activities across both managed and unmanaged hosts. Most significant and integral to Gigamon’s Precryption is the “Universal Cloud Tap” capability that serves a single, executable tap for platforms to allow control and configuration of eBPF. “UCT is how we pull out visibility to network data in containers as well as VMs in a very efficient manner,” Dickman said. Gigamon’s latest capabilities are well received by analysts who deem it long overdue. “So many organizations have network encryption requirements, but many do not have a method of adhering to these requirements of implementing network encryption while retaining the ability to monitor network traffic,” Steffen said. “Precryption solves this problem, allowing security and network administrators to deliver on encryption controls while maintaining their ability to protect company resources by not losing visibility on their internal and external network traffic.” Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe