Icebrg uses on-premises sensors to collect packet metadata from switches and routers, and then sends that data to its cloud platform. Customers then access the data from a portal for analysis and investigation.
Icebrg sensors, which can be physical or virtual depending on the volume of data being collected, can sit off a span port or network tap. In addition, the sensors can also work with packet brokers, including those from Gigamon, to receive network data.
Ananda Rajagopal, Gigamon’s VP of Products, said in an interview that the company had worked with Icebrg on several deployments prior to the acquisition.
Rajagopal says Icebrg sensors can detect attacks locally using signature matching, as well as send data to the cloud for threat-hunting and security investigations and analysis. He noted that to date, Icebrg customers store approximately 90 days’ worth of data, but that time period could be extended if there’s significant customer demand.
The SaaS backend normalizes and indexes the metadata collected by sensors. The SaaS service includes a base set of detection capabilities to help flag suspicious activity. The company has also developed a SQL-like language that lets customers run queries against the data set.
Icebrg also has its own security research team. “Gigamon hasn’t had that before, so it brings more value to the table,” said Rajagopal.
On The Backend
Icebrg’s infrastructure for analysis and storage combines colocation space, where the data is initially indexed and processed, with longer-term storage on AWS.
Rajagopal says all the data is anonymized before it’s sent from the sensors, and data transport is encrypted. Icebrg has built out a multitenant environment to logically separate customer data in its colocation facilities and on AWS.
The Value Add
By acquiring a company that can analyze network traffic, Gigamon extends the value of its core packet broker business by helping customers derive useful intelligence from network data.
At present, Icebrg sensors work with packet brokers from Gigamon’s competitors. The company says it’s too early to say if Gigamon will continue to support third-party devices.
I think it would be a mistake to discontinue third-party support. I understand Gigamon wants to encourage sales of its own hardware, but getting customer data into a cloud service, regardless of the source, makes for a nice, sticky relationship.
Icebrg pricing starts at $11,000 per month per sensor. Pricing is based on 95 percent sustained throughput from the sensor over 30 days, so the more data you pump through, the higher the cost.
Gigamon says there are no additional fees for data processing, storage, or analysis.
Icebrg was founded in 2014 and raised a combined $12.5 million in seed funding and a Series A round. Gigamon did not disclose how much it paid for the startup.