How NetWitness and Gigamon Power High-Stakes Threat Detection

With roots in the U.S. intelligence community, threat detection leader NetWitness has earned its security credentials. Now the company helps customers bolster their security posture, keep up with rapidly evolving threats, and connect the dots in real time when bad actors come calling. When the stakes are high, they enable SecOps teams to keep their cool and respond with precision, not panic.   Maddalena Pellegrini, Europe South Sales Director, and Security Advisor Lead Alessio Alfonsi spoke with us about the partnership between NetWitness and Gigamon and how our joint solution brings customers unparalleled visibility and threat detection across complex hybrid networks, enabling faster threat response and remediation.  

About NetWitness

Gigamon: Who is NetWitness and what is the company’s history? NetWitness: NetWitness began in 1997 as a U.S. intelligence lab project to capture and analyze every bit of network traffic for real-time investigation. Over the years it has expanded into a unified platform combining NDR, EDR, and SIEM to keep pace with evolving threats. Today, NetWitness, acquired by PartnerOne in March 2025, delivers comprehensive visibility, deep context, and automated insights across networks, endpoints, and logs — trusted by thousands of organizations, including 35 of the Fortune 100, to investigate and respond to high-stakes cyberattacks. Gigamon: Describe your company culture. What makes you tick? NetWitness: At NetWitness, we’re driven by a mission of security that truly matters. Our platform helps enterprises, governments, and critical infrastructure detect and stop threats before they spread: The work we do has real-world impact and meaning. We thrive on collaboration with people who get it: skilled threat hunters, engineers, analysts, and researchers who bring deep expertise and a shared passion for cybersecurity excellence.  

The NetWitness-Gigamon Partnership

Gigamon: If you had to describe Gigamon with just one word, what would it be? NetWitness: I would choose the word “amplifier” for NetWitness visibility. Gigamon delivers complete network visibility, which is central to the joint solution for network traffic analysis and threat detection. Acting as an amplifier, Gigamon enables visibility across heterogeneous environments and encrypted traffic, working together with NetWitness to provide an unmatched detection and investigation capability. This approach delivers exceptional granular insight into network traffic, extracting hundreds of metadata elements related to protocol and content analysis. Gigamon: How do you see NetWitness fit together with Gigamon to solve your customers’ problems? NetWitness: NetWitness and Gigamon are a natural fit when it comes to delivering end-to-end visibility and security. Gigamon provides network-derived intelligence, giving organizations unmatched visibility into traffic across physical, virtual, and cloud environments. NetWitness then takes that high-fidelity data and turns it into actionable insight, enabling faster threat detection, investigation, and response. Together, we bridge the gap between network visibility and threat detection, empowering security teams to see more, understand more, and act faster. This integration helps customers reduce blind spots, improve detection accuracy, and strengthen their overall security posture.  

Network Security, Visibility, and Market Challenges

Gigamon: What are some of your market’s specifics, advantages, and challenges when it comes to network security and visibility? NetWitness: NetWitness offers deep integration with Gigamon to strengthen network traffic monitoring and security. Gigamon captures plaintext traffic before encryption, while NetWitness records and analyzes this data for advanced threat detection and forensic investigation. This integration provides three key advantages:

1. Enhanced visibility – Increased insight into network traffic to identify anomalies and reduce blind spots
2. Encrypted traffic management – Effective filtering, classification, and categorization of encrypted traffic
3. Cloud security – Comprehensive monitoring of lateral movement within cloud environments to prevent internal compromise

Together, NetWitness and Gigamon enable accurate reconstruction of content and security events, giving organizations a complete, contextualized view of incidents. Gigamon: Which Gigamon features stand out the most and make the product outstrip its competitors? NetWitness: The real challenge today is delivering consistent visibility and monitoring effectiveness across on-premises, cloud, and hybrid environments. Gigamon addresses this with multiple capabilities that enable traffic capture regardless of location. It can decrypt captured traffic on-premises, and with its new Universal Cloud Agent, it extends this functionality to cloud environments — capturing and decrypting cloud traffic for unprecedented visibility. This transforms network traffic from an opaque encrypted block into actionable intelligence, revealing even the smallest indicators of compromise and amplifying NetWitness’s detection and investigation capabilities.  

Customer Impact and Real-World Results

Gigamon: What’s an anecdote that customers share when they talk about our joint solution? NetWitness: Customers often highlight the significant advantages in incident management thanks to the reliability and data quality of our joint solution. They share how it enables them to reconstruct every step of an attack — identifying the attacker’s toolkit, understanding the real impact on systems, and pinpointing accessed data. This level of detail allows teams to act quickly and precisely during eviction and remediation. Moreover, customers appreciate being able to provide complete evidence to law enforcement agencies. With all traffic and content stored and accessible, it’s like having a time machine — analysts can replay the “bad actors’ movie” to uncover exactly what happened. Gigamon: What is the most memorable moment associated with Gigamon as a partner? NetWitness: One of the most memorable moments with Gigamon has been our strategic collaboration with key joint customers in Italy, where we clearly demonstrated the value of our combined solutions. Through these engagements, NetWitness and Gigamon worked closely to deliver enhanced network visibility, advanced threat detection, and faster incident response, making a measurable impact on customer outcomes. Additionally, NetWitness actively participates in Gigamon-hosted partner initiatives, showcasing the power of our integrated technologies and highlighting how together we enable organizations to detect, analyze, and respond to threats more effectively. These collaborations truly underscore the strength of our partnership and the tangible results it delivers to customers and partners.  

Addressing Emerging Security Challenges

Gigamon: What are some of the new challenges you see in the market that your partnership with Gigamon can solve? NetWitness: The rapidly evolving hybrid cloud landscape introduces significant challenges in maintaining consistent visibility and security across distributed infrastructures. As organizations adopt multi-cloud and on-premises models, monitoring all network traffic becomes increasingly complex — especially with encrypted TLS traffic, which now represents the majority of network data. Through our partnership, NetWitness and Gigamon address these challenges by delivering enhanced visibility across hybrid and multi-cloud ecosystems. Gigamon provides deep observability into all network layers, including encrypted traffic, while NetWitness leverages this high-quality data to detect, analyze, and respond to threats in real time. Together, we empower security teams to uncover hidden risks, maintain compliance, and ensure full situational awareness — even in the most complex and encrypted environments.  

Business Value of the Partnership

Gigamon: What are the positive business outcomes as a Gigamon partner? NetWitness: As a Gigamon alliance partner, NetWitness has experienced several positive business outcomes driven by strong collaboration across both organizations. The support from the Gigamon Go-To-Market organization has been instrumental in expanding joint opportunities, increasing market visibility, and aligning on strategic customer engagements. In addition, the close collaboration with the Gigamon engineering and support teams has allowed us to ensure seamless solution integration, faster issue resolution, and enhanced joint innovation. Together, these efforts have strengthened our joint value proposition, accelerated customer success, and reinforced the trust and impact of the NetWitness and Gigamon partnership in delivering advanced security and visibility solutions to the market. Gigamon: What unique capabilities does this partnership bring to your business? NetWitness: Our partnership enables us to deliver a more effective and comprehensive proposition to clients. Together, we offer innovative and unique solutions that guarantee high levels of visibility and reliability — standards that are essential for critical and enterprise infrastructures where regulations demand advanced monitoring and control capabilities. Traditional perimeter security and signature-based systems can only address known patterns and are insufficient against zero-day vulnerabilities. The NetWitness–Gigamon joint solution overcomes these limitations by enabling in-depth traffic analysis to detect new and unknown attack vectors. Furthermore, the data collected and stored can be used for retrospective analysis, helping organizations validate security measures and learn from past incidents.  

Target Audience and Industry Focus

Gigamon: Who is the target audience (i.e., SecOps, NetOps, DevOps, etc.) for our joint solution, and how do they benefit? NetWitness: The target audience for the joint NetWitness and Gigamon solution primarily includes SecOps and NetOps teams. For SecOps, the integration enables deeper threat detection, faster incident response, and improved investigation accuracy by providing access to enriched, decrypted network data. For NetOps, it offers greater network observability, performance optimization, and the ability to efficiently manage encrypted and high-volume traffic without compromising security. Together, the solution empowers both teams with a unified view of network activity — bridging the gap between performance and protection to strengthen the organization’s overall security posture. Gigamon: Which verticals/segments are the best target companies, or where have we seen success and why? NetWitness: The NetWitness and Gigamon joint solution is particularly effective across highly regulated industries with complex network infrastructures and a strong need for comprehensive visibility and security. This includes sectors such as finance, telecommunications, government defense agencies, public sector, and large enterprises. These organizations often face challenges related to encrypted traffic analysis, lateral movement detection, and performance monitoring across distributed systems. The combined capabilities of Gigamon and NetWitness provide these enterprises with network visibility, real-time threat detection, and streamlined incident response, helping them secure critical assets and maintain compliance. Gigamon: Thanks, Maddalena and Alessio, for making time for us and for being such wonderful partners!   Source Credit – https://blog.gigamon.com/2025/12/04/how-netwitness-and-gigamon-power-high-stakes-threat-detection/