Gigamon

Network SecurityCloud Security Visit website →
Best for: Enterprises needing full network traffic visibility across hybrid and multi-cloud environments
Pricing: Contact for pricing

What Gigamon actually does

Gigamon GigaVUE is a network packet broker. It sits between your network and your security tools, copying, filtering, deduplicating, and distributing traffic to the right tools. Think of it as a traffic distribution fabric. Your IDS, NDR, DLP, and SIEM all get exactly the traffic they need without oversubscription.

The platform covers physical networks through TAPs and virtual environments through GigaVUE-VM and cloud through GigaVUE Cloud Suite. Precryption technology decrypts TLS traffic inline so downstream tools can inspect it — increasingly critical as encrypted traffic approaches 95% of all flows.

GigaSMART adds application-level intelligence: metadata extraction, application filtering, and NetFlow/IPFIX generation. This lets you reduce the volume of data you send to expensive tools, feeding them metadata instead of full packets when that’s sufficient.

Who it’s best for

  • Large enterprises with multiple security tools that all need network traffic feeds
  • Organizations deploying NDR, IDS, or DLP that need reliable traffic delivery
  • Teams struggling with encrypted traffic visibility across their security stack
  • Hybrid and multi-cloud environments where native traffic mirroring has gaps
  • Network operations teams managing complex TAP and SPAN architectures

Pricing reality check

Gigamon is infrastructure-grade pricing. Physical appliances range from tens to hundreds of thousands depending on throughput. Cloud visibility subscriptions add per-workload or per-VPC costs. A full enterprise deployment with physical, virtual, and cloud components is a seven-figure investment.

This is a capital-plus-subscription model for most customers. The hardware is a one-time purchase; software features and cloud modules are subscription. Factor in TAPs for physical segments as well. The ROI argument is real — Gigamon can reduce the load on downstream tools and extend their capacity — but you need to model it against your specific tool costs.

Alternatives to consider

  • Keysight (Ixia) Network Packet Brokers — Direct competitor. Similar capability. Often competitive on pricing for physical deployments.
  • NETSCOUT nGenius — Network performance monitoring with packet broker functionality. Stronger on the APM side.
  • Cloud-native mirroring — AWS VPC Traffic Mirroring, Azure vTAP, GCP Packet Mirroring. Free or low-cost but limited in filtering and scale.
  • Corelight — If your need is specifically NDR, Corelight handles its own traffic capture without a separate packet broker.

The Charting Cyber take

Gigamon solves a plumbing problem that most organizations don’t think about until their security tools start dropping packets. If you run multiple network security tools, a packet broker eliminates blind spots and makes every tool more effective.

That said, Gigamon is expensive infrastructure. For smaller environments or single-tool deployments, cloud-native mirroring or simple SPAN ports may suffice. Buy Gigamon when you have three or more tools that need traffic, when encrypted traffic visibility is a requirement, or when your current SPAN architecture can’t keep up. Skip it if a single NDR sensor with its own capture handles your needs.

Get a quote for Gigamon

Related vendors

AgileBlue
Organizations up to 5,000 endpoints wanting SOC-as-a-service with predictable pricing and no log ingestion fees
MDR/MSSPCloud SecuritySIEM/SOAR
Avanan
Organizations running Microsoft 365 or Google Workspace that need inline email security without MX record changes.
Email SecurityCloud Security
Cato Networks
Mid-market and distributed enterprises that want to replace branch firewalls, MPLS, and VPNs with a single cloud-native SASE platform.
SASE/SSE/ZTNANetwork Security