TAG Cyber Industry Analysis: Gigamon Acquisition of ICEBRG

By now, you’ve likely heard that Santa Clara-based Gigamon has acquired ICEBRG, a small cyber security company located in Seattle. You might know ICEBRG best from its founders – Will Peteroy and Josh Carlson – both veterans of our industry with years logged in places such as Fort Meade and Microsoft. In this brief analysis note, I’ll provide some context for this deal, along with a summary of how the combined entity will benefit customers of both companies.

First, recognize that the modern cadence of ingest, analyze, and mitigate has begun to supplant the obsessive use of the now-tired prevent, detect, and respond. This is important to recognize, because from a sufficiently high altitude, most cyber offerings today – including from both Gigamon and ICEBRG – can be described in this new manner. This is good, because when the highest-level security themes of two companies rhyme, mergers are more easily implemented.

Gigamon, of course, is in the business of making cyber threats visible through advanced network traffic management, performed both on-premise, and across cloud and virtual environments. They do visibility as well as anyone in the world, and their customers include an impressively-high percentage of global banks, technology companies, Internet service providers, Federal agencies, and large Fortune 100 organizations. In these deployments, Gigamon has historically addressed the foundational “ingest” piece in the ingest-analyze-mitigate cadence.

ICEBRG provides a complimentary service through a deployment of data collection sensors that ingest network traffic, extract metadata from the network traffic, and then stream metadata to a cloud-based analytics platform. They curate the process with threat intelligence, and the result is high-quality support for the cyber threat hunt team in the enterprise SOC. ICEBRG completes the “analyze and mitigate” aspects of the security operations cadence. So, as you can see – the offerings have obvious synergies, and one would expect the two partners to make each other stronger.

I asked Kim DeCarlis, Head of Marketing at Gigamon – and an industry veteran herself, about some of the softer issues in the merger, including culture, leadership, and people. “The ICEBRG team, including their founders, have demonstrated a culture that is highly consistent with ours at Gigamon,” she said. “In fact, when we went through our customer channels, we found an amazing degree of correlation, which will drive synergy.”

DeCarlis also emphasized that Gigamon espouses an open data platform strategy that allows security partners and channel partners to leverage data in the ICEBRG cloud platform to offer additional cyber security capabilities for their customers. This is a significant difference compared with many approaches by comparable cyber security companies serving the hunt team in the SOC.

If you are a customer of Gigamon, I’d expect to see accelerated cloud-based analytics offered from this deal. This is a natural direction for Gigamon – one that they’ve already been developing. With this acquisition, my read is that they simply accelerate an existing plan. If you are a customer of ICEBRG, I’d expect you to be delighted with the acquisition, simply because Gigamon brings a level of investment and R&D that no smaller firm could ever match.

Obviously, the challenge here is that just as the combined rhythm of Gigamon and ICEBRG in that ingest, analyze, and mitigate cadence eases the integration, so does it introduce a large swath of competitors. Supporting the threat hunter, for example, has increasingly become a vital component of the security analytics business. So, Gigamon should expect to see continued stiffening competition across the cyber security industry.

My experience with Gigamon is that they are a well-managed, technology-focused company with an extremely loyal customer base. I’d rate this acquisition as high value, and congratulate both companies on a good merger opportunity with lots of business upside for their employees, customers, and investors. I’ll keep watch on the combined entity as they march out of the gate together, and will keep you posted if I see anything worthy of note.