Holiday season is here again, yet as we relax, IT security professionals are completing their end-of-year tasks. Their eyes twitch and anxiety prevails as another December arrives.

Erin Stephan, Principal Product Marketer at Aqua Security suggests that their mild concern is understandable. Two years ago, the zero-day vulnerability, known as Log4Shell in the extremely popular Log4j logging framework, spoiling holiday celebrations for many across the globe and leaving organisations scrambling to fix it before it could be exploited.

Let’s discuss the lingering effects of the Log4j vulnerability in the software development lifecycle, why CISOs are still concerned about it, and how to protect environments against it and other zero-day vulnerabilities yet to come.

Why is Log4j still a concern, and why and why are we talking about Log4j when it happened two years ago? Well, according to a July 2022 report from the U.S. Department of Homeland Security’s Cyber Safety Review Board on the Log4j vulnerability, the bug will remain an issue for a decade or more.

Additionally, when CISOs are asked about what concerns them, Log4j is mentioned consistently and rightfully.  Our own research still points to the Log4j vulnerability as it continues to resonate across environments.

Efforts to mitigate the Log4j vulnerability involve updating to patched versions of Log4j, but the process continues to be complex, especially in large and interconnected systems.

While many initiatives, tools and solutions have been created to help improve the security posture for enterprises and governments, several factors remain a concern around the Log4j vulnerability. These include:

Widespread adoption: Log4j is used extensively in various software applications and systems across different industries. Many times, Log4j is intentionally left in the code as it has been deemed to pose little to no risk of exploitation particularly if the application is not connected to the internet.

Scenarios such as this show the ubiquity around Log4j and what makes it challenging to identify and update all instances promptly.

Complex ecosystems: Many software systems have complex dependencies and may rely on older versions of Log4j. Additionally, many organisations often don’t know about its presence in their environments (or that they are using this library at all), because it’s used in other software tools/frameworks, which complicates the process of finding it.

Log4j is included frequently as a default log handler in enterprise Java applications and commonly included as a component in various Apache frameworks. Millions of organisations use Log4j across their environments, often via indirect dependencies. This makes updating a component within a larger system a complex and time-consuming process.

Legacy systems: Some organisations may be using older software versions or have legacy systems that are no longer actively maintained. These systems may be more vulnerable and may not receive timely updates.

Third-party dependencies: Many software projects rely on third-party libraries, and updating these libraries can introduce compatibility issues or require significant development effort.

Lack of awareness: Not all organisations are aware of the Log4j vulnerability or its potential impact on their systems. Awareness and proactive measures are crucial for addressing vulnerabilities promptly.

Resource constraints: Some organisations may face resource constraints, making it difficult for them to allocate time and manpower to address the vulnerability promptly.

Strategic decision-making: In some cases, organisations may make strategic decisions to prioritise other tasks over immediate vulnerability patching. This could be due to business considerations, risk assessments, or resource allocation strategies.

In other words, the Log4j vulnerability is still out there, waiting for the team to miss it in the ecosystem because they are constrained on resources, or for the right connection made to a legacy system with interesting data to be mined, or worse the lack of awareness of a developer of its potential impact.

A zero-day is an unknown software vulnerability that poses a risk to a business’s environment. These provide an attacker with leverage through the vulnerability to gain unauthorised access to a network, move laterally within it, steal data or compromise part of the system.

No patch or workaround is available to fix the vulnerability, making it very dangerous.

Zero-day vulnerabilities can affect any piece of software on a device, including operating systems, applications and web browsers. Zero-day exploits are a significant challenge because they take advantage of unknown vulnerabilities in software, hence traditional security measures may not be effective at detecting or preventing them.

The Log4j vulnerability, Log4Shell is one of the most famous zero-day vulnerabilities and given its success, it is obvious why more continue to exploit them.

So, while a security team must strive for perfection, attackers need only persistence and luck to find that a still-exposed weakness. Log4j was such a significant vulnerability with such consequential impact that it is only a matter of time before the next Log4j occurs.

Detect, mitigate and remediate zero day vulnerabilities with Aqua.

No-one knows, or can predict, when or where the next threat will hit and emerge in open source libraries. It can happen at any time. Some would say we are always under threat of zero-day attacks.

How can we protect against zero-days? Traditional vulnerability scanners are not effective. Over a span of four days (from December 6th, 2021 – December 10th), the Log4j vulnerability was exposed on open-source platforms.

An official patch was available from Apache during this time. However, attackers could still exploit this vulnerability against users who hadn’t applied the patch. Only after December 10th could scanning tools effectively identify this CVE in user environments.

So we need to have runtime security controls as part of our security strategy. One of the effective runtime controls is drift prevention.

This solution is built to help security teams to:

#  Detect and block known and unknown malware, zero-day exploits, and internal threats that can’t be caught early on in the application lifecycle.

# Enforce immutability by preventing code injection and unauthorised changes to running workloads to stop runtime attacks at any point.

#  Automatically block any lateral movement or escalation within or between cloud workloads.

#  Identify and & block anomalous behaviour in running containers.

#  Maintain business continuity by running code that should run and block everything else without interrupting business continuity.

My comoany can help customers to secure their applications against advanced threats such as zero-day attacks with robust runtime protection. To learn more about Log4j and a zero-day defence strategy, join us for our webinar Log4j lessons learned: a blueprint for Zero-Day defence.

Learn how our platform can help to scan for Log4j lurking in an environment or other potential zero-day vulnerabilities. Discover how we can help to prevent access to an environment proactively and block threats before the business is compromised.

2023 further solidified Keeper’s position as a leading force in cybersecurity. 

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged access, secrets and remote connections, has unveiled the 2023 Keeper Retrospective, providing a review of the company’s biggest achievements, business growth, product innovation and industry-leading research over the past 12 months.

“Keeper exhibited record growth in 2023 which was largely fuelled by our business and enterprise cybersecurity solutions. Our team’s professional passion and dedication in identifying critical unmet needs of our global market catalysed our innovation and rapid time-to-market,” said Darren Guccione, CEO and Co-founder, Keeper Security. “The launch of our Asia-Pacific headquarters in Tokyo, Japan was a transformative operational achievement on several levels. Our exceptional team, coupled with local support, helped us successfully launch our operation and was a precursor to signing over 40 new channel partners in the region.” 

“Since inception, we’ve been focused on providing cutting-edge cybersecurity solutions that balance world-class security with ease of use,” said Craig Lurey, CTO and Co-founder. “The announcement of our KeeperPAM platform this year exemplified that commitment, with a next-generation solution that provides enterprise-wide, privileged access management for perimeterless and cloud-based environments.”

Key Achievements:

Market Expansion 

In May, Keeper Security expanded deeper into global markets. Keeper opened an Asia-Pacific headquarters in Tokyo that serves Japan, East Asia, Australia and New Zealand, marked with a grand opening event attended by US Ambassador to Japan Rahm Emanuel. With an established APAC presence, Keeper is addressing the Asia-Pacific region’s substantial growth in the consumer technology sector and enterprise demand for fortified cybersecurity strategies, including password and privileged access management solutions, to keep customers, data and systems secure.

Strategic Investment

Global growth equity firm Summit Partners completed a significant minority investment in Keeper in 2023. The synergy between Keeper, Summit and existing investor Insight Partners is further accelerating product innovation and catalysing strategic expansion of Keeper’s prominence as a cybersecurity leader in the public and private sectors. This investment continues to drive Keeper’s growth and cements its position as an innovator in enterprise password and passkey, secrets, privileged connection and privileged access management.

Product Innovation

This year marked the official launch of KeeperPAM®, the next-generation Privileged Access Management (PAM) solution that is disrupting the traditional PAM market. KeeperPAM delivers enterprise-grade password, secrets and privileged connection management within a unified SaaS platform that enables least-privilege access with zero-trust and zero-knowledge security. KeeperPAM enables organisations to achieve complete visibility, security, control and reporting across every privileged user on every device in an organisation.

In 2023, Keeper announced support for passkeys in its browser extensions for Chrome, Firefox, Edge, Brave and Safari, as well as on iOS, with Android support coming soon. With Keeper, passkeys are created, stored and managed in the Keeper Vault, and can be used to log in to websites and applications across all browsers and operating systems with ease, eliminating the lack of cross-functionality when a passkey is saved to a specific device. Passkeys hold great promise as a significant step closer to a passwordless future, as major browsers and platforms have started to incorporate passkey support into their operating systems.

Keeper also embarked on a journey to make significant User Interface (UI) updates to its password management platform for a friendlier and more intuitive experience. Taking an incremental approach to improving the user experience, Keeper enhanced the look, feel and usability of its platform while being mindful of the importance of familiarity, consistency and the world-class functionality users are accustomed to. Keeper’s upgraded user interface offers clearer distinctions between elements, as well as enhanced clarity and searchability, to improve the user experience and make it even easier to take advantage of Keeper’s powerful features.

Research Leader

Throughout the year, Keeper partnered with industry analysts and third-party research firms to gauge insights from both IT/security executives and consumers about their attitudes, practices and concerns regarding password and privileged access management. The findings revealed the efficacy of KeeperPAM, reinforced the effectiveness of Keeper’s approach to password management and underscored the criticality of upholding password best practices.

Password Management 

Keeper released its Keeper Password Management Report: Unifying Perception with Reality in June. The report revealed that a majority (64%) of global respondents either use weak passwords or repeat variations of passwords. More than a third of respondents admitted to feeling overwhelmed when it came to taking action to improve their cybersecurity. Keeper addresses these widespread issues by making password management secure, simple, efficient and cost-effective for both consumer and enterprise users.

In August, Keeper announced findings from the Keeper Security Parental Practices Report: Conversations on Cybersecurity. This study highlighted the need for increased awareness and education on digital safety among parents, as well as the importance that schools play in filling this gap. Almost 30% of parents have never spoken to their children about cybersecurity. Meanwhile, 41% who admitted they don’t know how to create strong passwords still give their child access to their mobile phone and almost a third (32%) give them access to their computer.

Privileged Access Management

Keeper published the Privileged Access Management Survey: User Insights on Cost & Complexity in February, which revealed an overwhelming industry desire for PAM  solutions that are easier to deploy and maintain, with 84% of IT leaders saying they wanted to simplify their PAM solution. The industry needs modern, unified PAM solutions that address perimeterless, multi-cloud IT environments and distributed remote workforces.

This summer, Keeper released its Privileged Access Management Survey: Deployment Amid Economic Uncertainty, which revealed that while IT leaders consider PAM solutions critical to their security stack, cost constraints and complex solutions are impacting deployment. Fifty-six percent of respondents tried to deploy a PAM solution but did not fully implement it and 92% cited overly-complex solutions as the main reason. Fifty-eight percent of IT teams have not deployed a PAM solution because traditional platforms are too expensive.

Finally, in December, Keeper announced the Keeper Security Insight Report: Cloud-Based Privileged Access Management. This report explored what IT and security leaders are seeking in a PAM solution and the benefits of moving away from traditional, on-premises platforms. An overwhelming 82% of respondents said they would be better off moving their on-premises PAM solution to the cloud, with only 36% of IT leaders saying it makes sense to have an on-premises PAM solution in the current economic climate. 

As 2024 inches closer, Keeper celebrates 2023 as a year full of research, innovation and industry recognition, marked by growth and a relentless pursuit of excellence. We extend our deepest appreciation to our talented team, loyal customers and collaborative partners for their unwavering support. Looking ahead to 2024, we are energised by the possibilities that lie ahead and remain committed to delivering unparalleled cybersecurity solutions around the globe. 

Commvault has hired Jo Dean to the newly-created role of Area Vice President for Channels and Alliances, APAC, in a move that signifies a renewed focus on the organisation’s channel business. The data protection giant recently announced the release of its AI-based cloud platform, at the same time announcing significant vendor partnerships with a wide range of cyber security players.

Michel Borst, a veteran in digital transformation and innovation, has joined as Area Vice President for Asia.

In both cases, these leaders bring strong technology expertise to the table, a passion for helping customers achieve business outcomes, and a keen understanding of the role Commvault Cloud plays in driving cyber resilience.

In their new roles, Michel and Jo will focus on delivering advanced capabilities through the Commvault Cloud platform.

“Recognising the tremendous potential and momentum within the APAC region, it was crucial to onboard leaders like Michel and Jo with proven industry experience and strong sales and partner expertise. I wish them great success on this journey,” said Martin Creighan, Vice President, Asia Pacific, Commvault.

Joanne Dean, a strong channel advocate with two decades of experience working within partner ecosystems, is based in Perth, Australia. She will be responsible for spearheading the region’s channel strategy, working alongside Commvault’s partner ecosystem to jointly deliver cyber resilience for the hybrid world.

“Enterprises across APAC are at an important juncture in their digital journey as the opportunities to do more with data have never been greater, but the need to protect, secure, and recover data has never been more important,” said Dean. “I’m excited to lead Commvault’s channels and alliances efforts and work hand-in-hand with our partners to help joint customers achieve their business goals and advance resilience. The partner ecosystem that we’ve built with security, AI, and cloud leaders is a testament to the power of collaboration in combatting a landscape marked by chaos and complexity.”

About Commvault

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience, helping more than 100,000 organizations to uncover, take action, and rapidly recover from cyber attacks—keeping data safe and businesses resilient and moving forward. Today, Commvault offers the only cyber resilience platform that combines the best data security and rapid recovery at enterprise scale across any workload, anywhere with advanced AI-driven automation—at the lowest TCO.

A huge cybersecurity threat exists because threat actors are hiding in encryption, one of the very mechanisms created to protect us, warns Jonathan Hatchuel, Country Manager A/NZ, at Gigamon.

He says that’s why his company has launched a breakthrough cybersecurity technology for the world, specifically designed to eliminate this blind spot.

Today, over 90 percent of all communications are encrypted, including organisations’ internal communications, and threat actors are increasingly hiding their activity under the cover of encryption.

As attackers have grown more sophisticated, they are even employing encryption for their own lateral movement, data siphoning and data exfiltration. Moreover, they are doing this on virtual and cloud workloads, where the security measures are still maturing.

More advanced security organisations have been attempting to address this using decryption. The U.S. National Security Agency (NSA), among others, promotes TLS decryption as necessary for a strong security posture.

Unfortunately, decryption can prove costly, modern TLS 1.3 has made it wicked hard, and it’s an outright nightmare in cloud and containers, where systems and microservices are designed to take advantage of efficient lateral communication.

According to a report by EMA, a staggering 90 percent of organisations expressed concern over the lack of visibility that comes with TLS 1.3.

This problem set is now directly addressed with our new technology  Gigamon Precryption™ , which allows security teams to shine a bright spotlight on encrypted lateral (also known as East-West) traffic across virtual, cloud, and container workloads.

Leveraging Linux eBPF and standard encryption libraries, Precryption technology offers plaintext visibility into all encrypted communications before the payload is encrypted, hence the name Precryption.

With Precryption, no decryption is required — the first of several reasons why this is a breakthrough technology.

Rather than try to break something that wasn’t meant to be broken, we access traffic at the most basic level, then deliver it efficiently and securely to the full security stack for further inspection. We’re leveraging a process that’s already happening, making this an elegant solution and not some unnatural act.

Not only is it elegant, it’s independent. Precryption technology is part of the GigaVUE® Universal Cloud Tap, which runs independently of other applications or containers.

In this way, we’re simultaneously providing an independent, immutable source of truth, while avoiding any operational entanglements around testing and upgrades commonly associated with embedded agents.

Today, a proper solution for plaintext visibility is more important than ever. As organisations modernise their security posture to become perimeter-less or adopt Zero Trust architecture, inspection becomes mandatory for lateral traffic.

This point always gets head nods by those who understand how cybersecurity breaches are perpetrated, and even bigger head nods when considering they need to apply it to modern virtual or cloud workloads. Precryption technology meets them exactly where they are.

The goal is to broaden the scope of an organisation’s security posture, extending it all the way to lateral movement. And to do so efficiently and at scale.

Since no decryption is taking place, this means we don’t have to manage keys, we don’t sniff keys, we don’t expose keys, we don’t need key libraries, and we certainly don’t care about cipher strength.

Also we aren’t having to break and inspect the encrypted channel: nothing gets broken, no proxies, no re-encryption, no retransmissions. But the critical plaintext inspection still happens.

Lastly, Precryption technology is an extension of our Deep Observability Pipeline. The plaintext access is just the first step: along with that comes a whole host of filtering, optimisation, transformation and replication capabilities.

Packets get delivered to NDR tools, metadata gets enriched for SIEM tools, and the whole security stack works better because it now knows what’s inside the encrypted traffic versus guessing with other approaches.

Too often organisations get serious about modernising their security posture only after they’ve had a breach. With Gigamon, you can move from reactive breach management to proactive threat detection and can now see where threat actors hide — especially in the cloud.

Enterprises are building, deploying and managing modern applications in cloud computing environments. By adopting cloud technologies, they can build highly scalable, flexible and resilient applications that can be updated quickly.

Kristen Nolan, Global Customer Marketing Manager at Aqua Security, says cloud native technologies support fast and frequent changes to applications without impacting service delivery. They help industries to increase efficiency, reduce costs and ensure availability of applications to meet their customer demands.

With all the benefits the cloud has to offer, it also introduces a new set of challenges, particularly for industries where security and compliance are priorities.

When PPRO and Spotnana, influential companies within the fintech and travel sectors, needed to prioritise their security and regulatory compliance they turned to my company for a solution.

The growing complexity of their environments, the numerous alerts hindering their ability to effectively monitor and mitigate vulnerabilities and the mounting concerns around keeping speed and agility in the DevOps team while ensuring security were only a few of the challenges each were looking to resolve.

PPRO (pronounced ‘p-pro’) is at the forefront of the fintech industry providing banks and businesses with a globalised digital payment infrastructure. PPRO’s secure and unified payment platform grants customers access to card schemes, payment methods, fraud screening tools and other robust capabilities.

These tools empower users to conduct quick transactions, enhance checkout conversions, and streamline services via a single connection. PayPal, Stripe and GlobalPayments are just a few of the businesses that rely on PPRO.

As a global payment provider, PPRO adheres to stringent regulations spanning various industries and countries. Looking for a complete cloud native solution to help balance the multiple workloads and environments, PPRO chose us to protect and monitor their customers’ payment platforms, ensuring end-to-end visibility, speed, and compliance.

Our solution bridges the gap between PPRO’s developers and management to prioritise vulnerabilities and streamline remediation efforts.

PPRO’s security team can now collaborate to address and resolve discovered vulnerabilities, whether that means fixing them immediately, monitoring for malicious activity at runtime, or flagging the non-compliant resource. By scanning for secrets hidden below the surface of PPRO’s platform, our product has transformed PPRO’s operational hygiene.

Time savings proved evident during the Log4J and Spring4Shell vulnerabilities. The first instance occurred before PPRO’s deployment of our tech, while the second vulnerability was detected shortly after the implementation.

In response to the first CVE report, PPRO’s security team took immediate action, developing and testing writing scripts to run against all known repositories – a task that consumed hours of effort.

Since the implementation of the defence platform, PPRO’s security team receives instant notifications and gains clear visibility into all affected applications via the dashboard. What used to take hours or days of research and remediation now only takes a matter of minutes. Our cloud native protection platform provides PPRO with a competitive advantage in the financial services sector respectively.

A new call-to-action

Spotnana is a global travel-as-a-service platform redefining corporate travel with personalised and cost-effective offerings. Spotnana provides cloud-based travel solutions to bring simplicity and trust to adventurers worldwide.

Leveraging cloud computing, microservices and open APIs, Spotnana drives innovation in the travel industry. Corporations, agencies, suppliers and technology providers using Spotnana’s platform can deliver travel experiences smoothly to connect people from all around the world.

To establish trust with its customers, Spotnana must secure the cloud native technology that powers their transformative travel-as-a-service platform.

Built on AWS Fargate, Spotnana assumes responsibility for the security of their cloud native applications, including video and runtime. Gabriel Alexandru, Senior Security Engineer at Spotnana, emphasised key concerns in the company’s security posture.

“We were building the security function from the ground up and lacked telemetry and protection on our AWS containers,” he said. “Without forensic evidence of what was happening on those containers, we couldn’t harden runtime and certainly couldn’t prevent anything from happening at runtime.”

Spotnana needed cloud native protection that would fit into its existing tools and workflows, ensuring end-to-end protection from development to runtime.

My company’s tech emerged as the optimal solution to secure Spotnana’s travel-as-a-service platform with AWS Fargate. It platform provides essential telemetry, runtime hardening, and comprehensive cloud native security across the entire application lifecycle.

Seamlessly integrating into Spotnana’s DevSecOps workflows, our technology brings dynamic threat analysis, container protection and detection of malicious behaviour into their security landscape. With effortless scalability, accurate threat detection, and Kubernetes expertise, it delivers unmatched value for the Spotnana platform, its security team, and its customers.

Spotnana intends to further leverage the technology’s’ features and values our company’s valuable research and educational content, which keeps them informed of the latest threats. With such support, Spotnana maintains a secure infrastructure while cultivating innovation and delivering exceptional travel experiences.

In navigating the complexities of the cloud, the stories of PPRO and Spotnana highlight the pivotal role our technology plays in enabling organisations to harness the full potential of cloud native technologies while addressing the unique challenges they bring.

As cloud computing continues to reshape industries, security and compliance remain paramount concerns. PPRO’s journey illustrates how our security facilitates the seamless integration of security into DevOps workflows, transforming operational hygiene and reducing response times to vulnerabilities.

Spotnana’s experience highlights how we empower companies to build trust by securing cloud native environments and ensuring end-to-end protection.

Both stories exemplify the ability to not only safeguard critical assets but also drive innovation and enhance the delivery of exceptional customer experiences in the cloud era.

The technology is not merely a solution but a strategic partner in navigating the cloud’s complexities, safeguarding enterprises, and propelling them towards success in the ever-evolving digital landscape.

Forrester Consulting recently examined the Total Economic Impact™ (TEI) and the return-on-investment (ROI) that enterprises may realise by deploying my company’s solution. Dive into the new study to learn how to achieve 207% ROI along with other quantifiable benefits of using our platform.

Cyber security and application delivery solutions company Radware has announced it is providing application and network security for a Latin American judiciary. The new services span Radware’s cloud DDoS protection, web application firewall, API security, and bot manager.

Due to shifts in the geo-political landscape and rise in the volume, complexity and frequency of cyber attacks, the judiciary turned to Radware to strengthen its cybersecurity posture and mitigate risks on a national basis.

“Latin American countries continue to see a surge in data breaches, defacements and DDoS attacks, many of which are driven by political and ideological motivations. Government agencies continue to be a top target,” said Yoav Gazelle, Radware’s chief business officer.

“The frequency and severity of these attacks underscore the need for more comprehensive, multi- pronged security measures. Radware’s one-stop-shop offers 360-degree cyber protection for applications and networks across multiple environments and entry points.”

To protect its hybrid infrastructure, the judiciary purchased Radware’s Cloud Web Application Firewall (WAF), API security, and Bot Manager, which are part of Radware’s Cloud Application Protection Services. In addition, the judiciary purchased Radware’s DefensePro® DDoS Protection and Cloud DDoS Protection Service.

To deliver state-of-the-art network security, Radware’s combined DDoS solutions use patented behavioural-based detection as well as advanced, automated signature creation to protect organisations against today’s most damaging DDoS threats. This includes Burst and DNS attacks along with ransom DDoS campaigns, IoT botnets, phantom floods, and other types of cyber threats.

Radware’s cloud application protection services provide comprehensive, agnostic application protection through the company’s industry-leading WAF, bot detection and management, API protection, client-side protection, and application-layer DDoS protection. Combining end-to- end automation, behavioral-based detection, and 24/7 managed services, the solution is designed to offer organisations high levels of application protection with low levels of false positives.

Deep observability specialist Gigamon has been recognised again as the leading vendor in the deep observability market, according to a newly published report by market research firm 650 Group.

The deep observability market grew 60 percent in 2022 and continues to expand as organisations increasingly embrace hybrid cloud infrastructure, with a forecast CAGR of 50 percent and projected revenue of nearly $2B in 2027, according to the report.

Today, 90 percent of organisations operate in a hybrid and multi-cloud environment, and this shift has created new challenges around security, delivering consistent digital experiences, and operational overhead.

Alan Weckel, co-founder and analyst, 650 Group, said: “Deep observability remains a high-growth segment.  Gigamon continues to both lead and innovate in this critical segment with unique, value-added capabilities like Precryption™ technology and Application Metadata Intelligence, helping organisations secure their hybrid cloud infrastructure.”

The Gigamon Deep Observability Pipeline delivers network-derived intelligence efficiently to cloud, security and observability tools, helping customers to eliminate security blind spots and better secure their hybrid cloud infrastructure.

More than 4,000 customers worldwide have shifted to a proactive security posture with Gigamon, extending beyond current observability approaches that rely exclusively on metrics, events, logs, and traces (MELT).

“Despite macroeconomic headwinds, deep observability remains a high-growth segment as organisations focus on managing the complexity of their multi-cloud infrastructure amid today’s constantly changing threat landscape,” said Alan Weckel, founder and technology analyst at 650 Group.

“We believe deep observability is not a ‘nice to have’ but is now a critical requirement for all enterprise operations teams, in order to deliver the performance and security today’s digital infrastructure requires.

“Gigamon continues to both lead and innovate in this critical segment with unique, value-added capabilities like Precryption™ technology and Application Metadata Intelligence, helping organisations secure their hybrid cloud infrastructure.”

The deep observability market is an emerging segment within the observability market and includes probes and agents sold as standalone systems and charged separately from other observability systems, according to 650 Group.  Additional qualifiers for inclusion in the report include:

• The ability to inspect and gather network, security, and computing traffic by extracting event metadata from packets or computing infrastructure is a separate set of tools beyond event-based logging.
• May be hardware probes or virtual agents.
• Must maintain multi-vendor support.
• Must support multiple networks, such as public cloud, private data centers, and colocation deployments.
• Should be interoperable with numerous observability platform data lakes.

Key findings from the 650 Group’s ‘deep observability quarterly market and long-term forecast report’ include:

• Deep observability market revenue is projected to be $505M in 2023, with a revenue growth of 52 percent to reach $769M in 2024.
• Cloud-delivered deep observability offerings are projected to drive the highest revenue in future years accounting for 51 percent of the nearly $2B in revenue by 2027.
• North America drove 60 percent in the first half and is expected to continue to deliver a majority of the revenue through 2027, followed by Europe and then Asia Pacific (excluding China).
• The report indicates that cloud and subscription-based offerings should comprise the majority of revenue during the forecast period.
• Vendors included in the report include Arista, Gigamon, Kentik, Keysight, and Netscout.