Behind the Build is an ongoing series spotlighting standout Microsoft partner collaborations. Each edition dives into the technical and strategic decisions that shape real-world integrations—highlighting engineering excellence, innovation, and the shared customer value created through partnership.
Security teams today operate across an expanding set of signals, spanning identity, endpoint, cloud and application environments. Yet many organizations still lack sufficient visibility into how systems communicate across their infrastructure, creating gaps in detection, investigation, and response.
In this edition of Behind the Build, I spoke with Srinivas Chakravarty, vice president, cloud ecosystems at Gigamon, about how Microsoft and Gigamon collaborated to bring network-derived telemetry into Microsoft Sentinel, helping customers enrich security investigations with deeper runtime context and AI-driven insights.
The Evolution of Network Intelligence and Why It Matters
For more than twenty years, Gigamon has helped organizations access and operationalize network traffic across complex environments. Today, the Gigamon Deep Observability Pipeline, enables organizations to extract actionable network-derived telemetry across hybrid infrastructure, encrypted traffic, containers, and modern application environments.
That foundation makes the Gigamon Deep Observability Pipeline a strong complement to Microsoft Sentinel. Microsoft Sentinel brings together security telemetry from across the enterprise—including identity, endpoint, cloud, application, and network data sources—while Gigamon contributes enriched network-derived telemetry that provides additional runtime context into how systems, applications, and services communicate. Together, these signals can help organizations gain deeper insight for threat detection, investigation, and response.
As Srinivas put it: “You have logs, you have metrics, you have traces, but network telemetry completes the picture.” Together, these data sources provide deeper context for threat detection, investigation, and AI-driven analysis.
Gigamon and Microsoft partner to design end-to-end solutions for our shared customers, starting with how network traffic is captured, to how it is processed, and ultimately to how it is analyzed within Microsoft Sentinel. The first step in that pipeline is ensuring consistent, scalable visibility into traffic across environments.
Extending Visibility
Gigamon has been working alongside Microsoft’s Azure network virtual access point team to expand how customers access network traffic across Azure and hybrid environments. Customers can leverage the virtual network TAP in Azure environments alongside Gigamon telemetry capabilities across on-premises, cloud, and hybrid deployments.
This visibility layer is foundational to the broader architecture. The Gigamon Deep Observability Pipeline helps ensure organizations can access, optimize, and enrich network traffic before transforming it into actionable telemetry for downstream analysis in Microsoft Sentinel.
Turning Network Telemetry into Actionable Security Insights
The integration between Gigamon and Microsoft Sentinel is designed to maximize both fidelity and operational efficiency. Gigamon deep packet inspection capabilities extract and enrich nearly 6,000 metadata attributes from network traffic, transforming raw packets into curated telemetry designed for downstream analysis.
That telemetry is delivered into Microsoft Sentinel through a Codeless Connector Framework (CCF) push connector, where it can be correlated with identity, endpoint, and cloud telemetry. By bringing these signals together, organizations can more easily trace suspicious activity across their environments and investigate threats that span traditionally siloed domains.
Rather than overwhelming analysts with raw network data, the integration prioritizes actionable metadata that can be correlated across traditionally siloed domains. “When you bring this data into Sentinel, you’re no longer analyzing it in isolation, you’re correlating it across the entire estate,” said Srinivas.
Delivering Customer Value: A Unified Investigative Experience
While the technical architecture is important, the ultimate measure of success is the impact on customers. By combining Gigamon’s network intelligence with Microsoft Sentinel’s analytics and AI capabilities, organizations can gain a more complete view of their environments, one that reduces fragmentation and accelerates investigation.
“Customers are looking for a single investigative plane,” Srinivas explained.
“When you bring all of this together, you can significantly reduce the time to detect and respond.”
This manifests in four key outcomes:
- Accelerated investigations through correlation across network, identity, endpoint, and cloud telemetry
- Improved signal quality through curated, high-value network-derived metadata
- Greater operational efficiency through a unified investigation experience in Microsoft Sentinel
- Enhanced visibility into encrypted, East-West, and hybrid cloud traffic activity that is often difficult to analyze through logs alone
By addressing gaps that exist when using network or log data in isolation, the combined Gigamon and Microsoft solution can help SOC teams move more quickly from signal to action.
From Ingestion to Insight: Building with Agentic AI
Bringing telemetry into Microsoft Sentinel was only the first step. A major area of collaboration between Microsoft and Gigamon focused on leveraging Sentinel's AI and data platform capabilities to enable agentic workflows that can reason over enriched network-derived telemetry alongside broader security data.
“It’s truly working backwards from customers,” said Srinivas. “We are driven by what customers want and we help each other out, we unblock each other at every step of the way to make these joint solutions possible.”
The result is Gigamon's Security Posture Insight Agent, which leverages Microsoft Sentinel platform capabilities to enrich investigations with deep packet-derived evidence including JA4 fingerprints, decrypted TLS metadata, and lateral-movement flows. This gives analysts faster access to runtime evidence that might otherwise require manual packet analysis and correlation across tools.
Expanding the Possibilities of the Platform
As the collaboration evolves, both teams see opportunities to expand the role of network-derived telemetry across emerging AI and hybrid cloud security use cases. Areas of potential exploration include AI application visibility, expanded runtime intelligence, and deeper integration between observability, security analytics, and AI-driven workflows.
“The platform approach will win, especially in an AI-driven world,” said Srinivas. “It’s about ecosystems coming together.”
That ecosystem mindset of bringing together best-in-class data, analytics, and AI is what enables organizations to stay ahead of increasingly complex threats.
Final Thoughts
This collaboration highlights what’s possible when strong engineering partnerships are grounded in customer outcomes. By combining network-derived telemetry from the Gigamon Deep Observability Pipeline with analytics and AI capabilities of Microsoft Sentinel, organizations can gain deeper runtime visibility, accelerate investigations, and improve AI-driven security operations.
As the partnership continues to evolve, Microsoft and Gigamon are working together to help customers build more unified, intelligent SOC experiences across increasingly complex hybrid cloud environments.
For software companies building on Microsoft Sentinel, the Gigamon collaboration also demonstrates how partners can leverage Microsoft App Assure’s Sentinel Advisory Service, a no-cost program that helps partners design secure, high-performance solutions on Microsoft Sentinel while accelerating time to market. From development to deployment, App Assure ensures your solution meets Microsoft’s standards while accelerating time to market. Ready to get started building a Sentinel solution? Submit a request to App Assure.
To read previous entries in our Behind the Build series, see below:
Microsoft Sentinel is an industry-leading SIEM & AI-first platform powering agentic defense across the entire security ecosystem.