Gigamon announced the latest release of Gigamon ThreatINSIGHT Guided-SaaS NDR. ThreatINSIGHT provides SOC (security operation center) teams with visibility into historical network data and the tools to use that data to identify adversary activity across the MITRE ATT&CK
Average adversary dwell times are over 285 days, giving adversaries the opportunity to find and breach an organization’s most sensitive data and intellectual property aiming to hold it for ransom. NDR solutions typically provide 30-day data retention, missing these “low and slow” threats. Gigamon ThreatINSIGHT becomes the only NDR to address extended dwell times with 365-day retention of rich network metadata. Long data retention enables more proactive threat hunting, lessening the pressure of ransomware, advanced persistent threats, and cybercrime that results in 70 percent of SOC teams reporting burnout.
“Adversaries continue to capitalize on lengthy dwell times, and security teams need a solution that gives them an advantage,” said Chris Kissel, IDC Research Director, Security and Trust. “With the ability to analyze 365 days of network metadata and out-of-the-box tools that facilitate collaboration and coordinate investigative and threat hunting efforts, Gigamon helps organizations speed up and improve their forensics and incident response capabilities.”
In today’s threat landscape, it is critical that organizations arm their security teams with a solution that matches – and beats – adversaries’ sophisticated techniques. ThreatINSIGHT equips organizations with the resources to not only detect a potential threat but also to respond to that threat in real-time. More data, faster, with deep insights levels the playing field for SOC teams.
Gigamon ThreatINSIGHT Guided-SaaS NDR equips security teams with:
- Up to 365-day retention – With more than 10x longer data retention than other NDR offerings on the market, ThreatINSIGHT enables better threat hunting including XDR (extended detection and response) programs. SOC analysts can also respond with immediate validation on whether newly reported vulnerabilities have been exploited in the past.
- Guided playbooks – 52 percent of SOC analysts report the need to access more out-of-the-box content. ThreatINSIGHT’s guided playbooks empower investigators to identify attackers based on real-world behaviors – all within a few mouse clicks, guided by the battle-tested playbooks perfected by Gigamon ATR (Applied Threat Research).
- Parallel hunting – SOC teams can coordinate faster with more effective threat hunting efforts across the globe via parallel queries and investigations. When combined with guided playbooks, SOC teams can rapidly leverage their institutional knowledge to stay ahead of attackers.
- Extended reporting (90-day at-a-glance dashboards) – With the increase of global privacy regulations, organizations must comply with reporting mandates following data breaches. A lack of historic network visibility can impede compliance, digital forensics, and audit efforts across the organization. ThreatINSIGHT provides a 90-day dashboard to support compliance needs by offering organizations unparalleled visibility into their networks.
“With the advancements in this release, Gigamon continues to stay out ahead of the pack in NDR solutions,” said Bob Reilly, vice president of sales for Access IT Group, an industry leading cybersecurity solution provider and Gigamon Platinum partner. “Offering 365 days of visibility into suspicious network activity and an experienced team of threat analysts as part of the standard package, makes ThreatINSIGHT very competitive in the NDR marketplace.”
“Every new data breach, insider threat, and ransomware attack underscores the need for high-fidelity detections that are as effective as adversaries are persistent,” said Michael Dickman, chief product officer at Gigamon. “We’re extremely proud of this new release of Gigamon ThreatINSIGHT Guided-SaaS NDR, giving incident responders a full year of metadata, prescriptive playbooks to automate the basics, and the ability for teams to work on the same case in parallel.”