Gigamon unveils latest network detection and response solution
Gigamon has announced the latest release of its ThreatINSIGHT Guided-SaaS NDR.
ThreatINSIGHT provides SOC (security operation centre) teams with visibility into historical network data and the tools to use that data to identify adversary activity across the MITRE ATT-CK framework. The company says it's the first network detection and response (NDR) solution on the market to provide 365-day rich network metadata retention.
Adversary dwell times are on average more than 285 days, allowing them to find and breach an organisation's sensitive data and intellectual property to hold it ransom. NDR solutions typically provide 30-day data retention, missing these 'low and slow' threats.
"Today, Gigamon ThreatINSIGHT becomes the only NDR to address lengthy dwell times with 365-day retention of rich network metadata," says Chris Kissel, IDC research director, Security and Trust.
"Extended data retention enables more proactive threat hunting, lessening the pressure of ransomware, advanced persistent threats, and cybercrime that results in 70% of SOC teams reporting burnout. Adversaries continue to capitalise on lengthy dwell times, and security teams need a solution that gives them an advantage."
He says with the ability to analyse 365 days of network metadata and out-of-the-box tools that facilitate collaboration and coordinate investigative and threat hunting efforts, Gigamon helps organisations speed up and improve their forensics and incident response capabilities.
"With the advances in this release, Gigamon continues to stay out ahead of the pack in NDR solutions."
Bob Reilly, vice president of sales for AccessIT Group, a cybersecurity solution provider and Gigamon Platinum partner, says, "Offering 365 days of visibility into suspicious network activity and an experienced team of threat analysts as part of the standard package makes ThreatINSIGHT very competitive in the NDR marketplace."
In today's threat landscape, organisations must arm their security teams with a solution that matches and beats an adversary's sophisticated techniques. ThreatINSIGHT equips organisations with the resources to detect a potential threat and respond to that threat in real-time.
"Timing, teamwork and access to historical data are mission-critical to thwarting potentially crippling cyberattack attempts by threat actors that are already inside your network," says Clinton Mills, CEO of Spartan Cyber Services.
"The ability to launch real-time investigations with proven, guided playbooks based on the work of the world-renown Gigamon ATR enables us to quickly navigate the modern threat environment and help protect our customers."
The Gigamon ThreatINSIGHT Guided-SaaS NDR equips security teams with:
- Up to 365-day retention: With more than 10x longer data retention than other NDR offerings, ThreatINSIGHT enables better threat hunting, including XDR (extended detection and response) programs. SOC analysts can also respond with immediate validation on whether newly reported vulnerabilities have been exploited in the past.
- Guided Playbooks: 52% of SOC analysts report the need to access more out-of-the-box content. ThreatINSIGHT's guided playbooks empower investigators to identify attackers based on real-world behaviours - all within a few mouse clicks, guided by the battle-tested playbooks perfected by Gigamon ATR (Applied Threat Research).
- Parallel Hunting: SOC teams can coordinate faster with more effective threat hunting efforts across the globe via parallel queries and investigations. When combined with guided playbooks, SOC teams can rapidly leverage their institutional knowledge to stay ahead of attackers.
- Extended Reporting (90-day at-a-glance dashboards): With the increase of global privacy regulations, organisations must comply with reporting mandates following data breaches. A lack of historic network visibility can impede compliance, digital forensics, and audit efforts across the organisation. ThreatINSIGHT provides a 90-day dashboard to support compliance needs by offering organisations unparalleled visibility into their networks.
"Every new data breach, insider threat, and ransomware attack underscores the need for high-fidelity detections that are as effective as adversaries are persistent," says Michael Dickman, chief product officer at Gigamon.
"We're extremely proud of this new release of Gigamon ThreatINSIGHT Guided-SaaS NDR, giving incident responders a full year of metadata, prescriptive playbooks to automate the basics, and the ability for teams to work on the same case in parallel."