Precryption

License: Precryption requires a SecureVUE Plus license.

Gigamon Precryption™ technology1 provides you clear-text visibility into encrypted network traffic without the need for traditional decryption. It works across virtual, cloud, and container environments, helping you get the full security stack without added complexity

In this section:

■   How Gigamon Precryption Technology Works
■   Why Gigamon Precryption
■   Key Features
■   Key Benefits
■   Precryption Technology on Single Node
■   Precryption Technology on Multi-Node
■   Supported Platforms
■   Prerequisites

How Gigamon Precryption Technology Works

Precryption technology leverages built-in Linux functionality to copy communications between the application and the encryption library, such as OpenSSL.

Key Highlights

  • Captures network traffic in plain text, either before the system encrypts it or after it decrypts it.

  • Does not change how encryption or transmission works.

  • Avoids proxies, retransmissions, and “break-and-inspect” steps. Instead, it sends the plaintext copy to the Gigamon Deep Observability Pipeline, where tools can optimize, transform, and forward the traffic as needed.

  • Runs on GigaVUE® Universal Cloud Tap (UCT) and supports hybrid and multi-cloud environments, including on-prem and virtual platforms.

  • Runs independently of your applications, so you don’t need to change your development lifecycle.

Why Gigamon Precryption

GigaVUE Universal Cloud Tap with Precryption technology is a lightweight, friction-free solution that eliminates blind spots present in modern hybrid cloud infrastructure.

Precryption helps you:

  • Improve visibility for East-West traffic into virtual, cloud, and container platforms

  • Delivers unobscured visibility into all encryption types, including TLS 1.3, without managing and maintaining decryption keys.

  • Manages compliance with IT organizations, keeps communications private, architects a Zero Trust foundation, and boosts security-tool effectiveness by a factor of 5x or more.

Key Features

The following are the key features of this technology:

■   Plain text visibility into communications with modern encryption (TLS 1.3, mTLS, and TLS 1.2 with Perfect Forward Secrecy).
■   Plain text visibility into communications with legacy encryption (TLS 1.2 and earlier).
■   Non-intrusive traffic access without agents running inside container workloads.
■   Elimination of expensive resource consumption associated with traditional traffic decryption.
■   Elimination of key management required by traditional traffic decryption.
■   Zero performance impact based on cipher type, strength, or version.
■   Support across hybrid and multi-cloud environments, including on-prem, virtual, and container platforms.
■   Keep private communications private across the network with plaintext threat activity delivered to security tools.
■   Integration with Gigamon Deep Observability Pipeline for the full suite of optimization, transformation, and brokering capabilities.

Key Benefits

The following are the key benefits of this technology:

■   Eliminates blind spots for encrypted East-West (lateral) and North-South communications, including traffic that may not cross firewalls.
■   Monitors application communications with an independent approach that enhances development team velocity.
■   Extends security tools’ visibility to all communications, regardless of encryption type.
■   Achieves maximum traffic tapping efficiency across virtual environments.
■   Leverages a 5–7x performance boost for security tools by consuming unencrypted data.
■   Supports a Zero Trust architecture founded on deep observability.
■   Maintains privacy and compliance adherence associated with decrypted traffic management.

How Gigamon Precryption Technology Works

This section explains how Precryption technology works on single nodes and multiple nodes in the following sections:

■   Precryption
■   Precryption

Precryption Technology on Single Node

1. An application uses an encryption library, such as OpenSSL, to encrypt a message.
2. GigaVUE Universal Cloud Tap (UCT), enabled with Precryption technology, gets a copy of this message before it is encrypted on the network.
3. The encrypted message is sent to the receiving application with unmodified encryption—no proxy, no re-encryption, no retransmissions.
4. GigaVUE UCT creates packet headers as needed, encapsulates them in a tunnel, and forwards them to GigaVUE V Series in the deep observability pipeline.
5. Gigamon optimizes, transforms, and delivers data to tools without further decryption.

Precryption Technology on Multi-Node

1.   An application uses an encryption library, such as OpenSSL, to encrypt a message.
2. GigaVUE Universal Cloud Tap (UCT), enabled with Precryption technology, gets a copy of this message before it is encrypted on the network
3. Optionally, GigaVUE UCT enabled with Precryption can also acquire a copy of the message from the server end after the decryption.
4. GigaVUE UCT creates packet headers as needed, encapsulates them in a tunnel, and forwards them to GigaVUE V Series in the deep observability pipeline.
5. Gigamon optimizes, transforms, and delivers data to tools without further decryption.

Supported Platforms

VM environments: Precryption™ is supported on the following VM platforms that support UCT-V:

Platform Type

Platform

Public Cloud
AWS
Azure
GCP (via Third Party Orchestration)
Private Cloud
OpenStack
VMware ESXi (via Third Party Orchestration only)
VMware NSX-T (via Third Party Orchestration only)
Nutanix (via Third Party Orchestration only)

Container environments: Precryption™ is supported on the following container platforms that support UCT-C:

Platform Type

Platform

Public Cloud
EKS
AKS
GKE
Private Cloud
OpenShift
Native Kubernetes (VMware)

Prerequisites

Points to Note

■  OpenSSL version 1.0.2, version 1.1.0, version 1.1.1, and version 3.x.
■  For UCT-C, worker pods should always have libssl installed to ensure that UCT-C Tap can tap the Precryption packets from the worker pods whenever libssl calls are made from the worker pods.
■  For GigaVUE‑FM, add port 5671 in the security group to capture the statistics.
■  In security group settings on the UCT-V Controller, enable Port 9900 to receive the statistics information from UCT-V.
■  For UCT-C, add port 42042 and port 5671 to the security group.
■  Precryption works only on Linux systems running Kernel version 4.18 or later.

License Prerequisite

■  Precryption™ requires a SecureVUE Plus license.

Supported Kernel Version

Precryption is supported on kernel versions 4.18 and above, including 5.4+ kernels, across all Linux and Ubuntu operating systems. For the Kernel versions below 5.4, refer to the following table:

Kernel-Version

Operating System

4.18.0-193.el8.x86_64

RHEL release 8.2 (Ootpa)

4.18.0-240.el8.x86_64

RHEL release 8.3 (Ootpa)

4.18.0-305.76.1.el8_4.x86_64

RHEL release 8.4 (Ootpa)

4.18.0-348.12.2.el8_5.x86_64

RHEL release 8.5 (Ootpa)

4.18.0-372.9.1.el8.x86_64

RHEL release 8.6 (Ootpa)

4.18.0-423.el8.x86_64

RHEL release 8.7 Beta (Ootpa)

4.18.0-477.15.1.el8_8.x86_64

RHEL release 8.8 (Ootpa)

5.3.0-1024-kvm

Ubuntu 19.10

4.18.0-305.3.1

Rocky Linux 8.4

4.18.0-348

Rocky Linux 8.5

4.18.0-372.9.1

Rocky Linux 8.6

4.18.0-425.10.1

Rocky Linux 8.7

4.18.0-477.10.1

Rocky Linux 8.8

4.18.0-80.el8.x86_64

CentOS 8.2

4.18.0-240.1.1.el8_3.x86_64

CentOS 8.3

4.18.0-305.3.1.el8_4.x86_64

CentOS 8.4

4.18.0-408.el8.x86_64

CentOS 8.5

For more details, refer to Gigamon TV.