Enterprise cybersecurity technology research that connects the dots.

Omdia has learned that Gigamon sold its ThreatInsight NDR business to Fortinet for approximately $31 million. The deal highlights what may be a pivot point for the NDR market.

Andrew Braunberg, Principal Analyst, SecOps, Omdia

February 8, 2023

4 Min Read

Gigamon has exited the network detection and response (NDR) business, selling its NDR solution to a former competitor, Omdia has learned.

The Santa Clara, California-based network visibility and IT observability vendor quietly sold its ThreatInsight NDR business to Fortinet at the end of last year. Omdia research indicates the acquisition price was approximately $31 million.

The sale also encompassed the staff dedicated to ThreatInsight, including Gigamon’s former threat intelligence group. Omdia research indicates that approximately 30 to 50 Gigamon employees moved to Fortinet in the transaction.

Gigamon Shifts to NDR Enabler

Gigamon entered the NDR market in 2018 when it acquired NDR startup Icebrg. Seen at the time as a strong complement to its portfolio of network visibility solutions, which includes network traffic decryption, ThreatInsight never lived up to Gigamon's commercial expectations, in part because enterprise buying centers for visibility and observability tend to differ from those related to threat detection, investigation, and response (TDIR).

One of the difficulties of selling point products is that they tend to have very specific buying centers. This is highlighted by the position that Gigamon found itself in with NDR. While it continues to have success selling its broader portfolio by targeting CISOs and security architecture teams, NDR sales are typically evaluated and funded within incident response groups, which require a different sales motion.

While security remains an important use case for Gigamon’s visibility portfolio generally, Gigamon increasingly saw itself as better positioned as an ecosystem enabler of NDR solutions through partnership with leading NDR vendors.

By eliminating any competitive conflicts, the deal should immediately make Gigamon a more attractive partner with a variety of NDR vendors with which it formerly competed. Additionally, the company can re-emphasize its renewed focus on network and hybrid cloud observability, this following its recent pivot to relabel its core platform as a Deep Observability Pipeline solution.

Fortinet Doubles Down on NDR

Fortinet will rebrand the ThreatInsight technology as FortiNDR Cloud and sell it as a cloud-based addition to its existing on-premises FortiNDR product (formerly known as FortiAI).

Fortinet introduced FortiAI in 2020 as an AI/ML appliance for network detection and response. The company has seen strong demand for NDR as customers shift focus to what Fortinet calls advanced and early detection. The growing adoption of a zero-trust philosophy is also driving additional interest as organizations treat internal east-west traffic with increased scrutiny.

NDR Market Evolution

The move also highlights the NDR market’s continuing evolution. As enterprises increasingly seek to unify their TDIR product architectures, interest is growing in NDR solutions that can not only detect and respond to network-specific threats but can also provide insight to and integration with broader solution sets, such as XDR and other security operations platforms.

This evolution is playing out in several ways. For example, NDR vendors are continuing to expand their functional footprint to include additional network security capabilities, such as a broader set of detection capabilities. Of course, the flip side to that trend is network security appliance vendors potentially adding NDR as an additional feature.

Fortinet is a case in point. While FortiNDR Cloud will be available as a stand-alone product, and one that requires no Fortinet hardware, NDR functionality is sure to find its way into broader network security solutions such as next-generation firewalls (NGFWs). This trend will shift the competitive landscape in NDR, which is currently dominated by pure plays such as Darktrace, ExtraHop, and Vectra.

NDR solutions are also increasingly expected to integrate across emerging open XDR ecosystems. This, of course, requires significant investment as the number of integration requests can be large, even if initially just focusing on EDR vendors. Omdia believes success in NDR would have required a significant new investment from Gigamon.

Ironically, given the increased partnership opportunities, Omdia believes this divestiture might well grow Gigamon’s overall share of security dollars, as security teams are either stakeholders or outright buyers of the network observability capabilities that Gigamon offers. More broadly, the company is betting that customers will be shopping for a comprehensive observability platform across hybrid environments.

Omdia's most recent global NDR market outlook indicates the NDR market is worth $0.95 billion as of the end of 2021 and is expected to grow to $1.98 billion by the end of 2027. However, Omdia forecasts that growth in the stand-alone NDR market will slow in 2023 due to macroeconomic headwinds but will rebound and continue to show reasonable growth for the foreseeable future. That said, consolidation of detection and response functionality across digital domains is an important trend.

More broadly, and as importantly, security buyers are looking to consolidate security functionality from a smaller group of larger providers. While best-of-breed security point products will never disappear, suite vendors such as Palo Alto Networks, Fortinet, and Cisco, among others, are well positioned for current vendor consolidation.

About the Author(s)

Andrew Braunberg

Principal Analyst, SecOps, Omdia

Andrew supports Omdia's Cybersecurity Operations (SecOps) Intelligence Service research practice, guiding vendor, service provider, and enterprise clients. He provides thought-leading analysis on technologies, trends, and innovations in enterprise security operations centers (SOCs), and specifically on the proactive technologies used to avoid breach, such as vulnerability management and attack surface management.

Andrew has been covering, researching, or speaking on topics related to enterprise information technology for approximately 20 years. Prior to joining Omdia (formerly Ovum) in 2022, Andrew spent five years at NSS Labs where he led the analyst group and worked closely with the company’s security product testing team.

Prior to NSS, Andrew spent more than a decade at GlobalData (formerly Current Analysis), where he managed the Enterprise team and was the firm’s principal security analyst. Over his career, Andrew’s coverage has ranged from endpoint protection suites, to network security appliances, and solutions for protecting cloud-based assets.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights