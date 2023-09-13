With promises of unprecedented visibility into encrypted traffic across virtual machines (VM) and container workloads, deep observability company Gigamon has launched a new \u201cPrecryption\u201d technology.\n\nGigamon\u2019s GigaVUE 6.4 will deploy the Precryption technology to enable IT and security teams to conduct encryption-centric threat detection, investigation, and response across the hybrid cloud infrastructure.\n\n\u201cThere\u2019s encryption everywhere now, including traffic or lateral movement within all virtualized and containerized environments, which is a good thing because it provides confidentiality for all of our information,\u201d said Michael Dickman, chief product officer at Gigamon. \u201cThe danger is that attackers can use encryption to hide their own movement and their own attacks, making it look like just another encrypted traffic flow, and that goes undetected.\u201d\n\nThe new Precryption technology will be delivered as a part of Gigamon\u2019s existing licenses and will be charged per usage (eg. Terabytes).\n\nGigamon\u2019s Precryption uses eBPF\n\nThe new Precryption technology by Gigamon leverages Linux\u2019s Extended Berkeley Packet Filter (eBPF) technology to insert custom observability programs into the workload networks and bring them back to a centralized location.\n\neBPF is a flexible technology in the Linux kernel that allows users to write and load custom programs that run within the kernel space. eBPF programs are typically used for network packet filtering, monitoring, and other kernel-level tasks, but their use cases have expanded to various aspects of system observability and control.\n\nSimply put, \u201cGigamon\u2019s new technology allows network traffic to be inspected by capturing traffic before encryption or after decryption using eBPF,\u201d said Christopher Steffen, vice president of research at EMA. \u201cIt doesn\u2019t require encryption keys and doesn\u2019t need to perform resource-intensive decryption.\u201d\n\n\u201cWith the new tech, you don\u2019t actually have to manage, track or use keys,\u201d Dickman said. \u201cThere\u2019s no computing needed for an additional overlay of secondary decryption because that\u2019s how decryption usually works where you interrupt a traffic stream, and then decrypt it and re-encrypt, which is quite expensive, compute-wise.\u201d\n\nUpdate receives additional capabilities\n\nThe latest GigaVUE release has added a few other capabilities, other than the Precryption technology, to support visibility and decryption in a host of environments.\n\nWith the new \u201cCloud SSL decryption\u201d capability, Gigamon looks to extend classic on-premises decryption capabilities to virtual and cloud platforms. \u201cApplication Metadata Intelligence\u201d is another capability that allows for the detection of vulnerabilities and suspicious activities across both managed and unmanaged hosts.\n\nMost significant and integral to Gigamon\u2019s Precryption is the \u201cUniversal Cloud Tap\u201d capability that serves a single, executable tap for platforms to allow control and configuration of eBPF. \u201cUCT is how we pull out visibility to network data in containers as well as VMs in a very efficient manner,\u201d Dickman said.\n\nGigamon\u2019s latest capabilities are well received by analysts who deem it long overdue. \u201cSo many organizations have network encryption requirements, but many do not have a method of adhering to these requirements of implementing network encryption while retaining the ability to monitor network traffic,\u201d Steffen said. \u201cPrecryption solves this problem, allowing security and network administrators to deliver on encryption controls while maintaining their ability to protect company resources by not losing visibility on their internal and external network traffic.\u201d