SHARE
Security / January 21, 2021

ThreatINSIGHT 3.3 Enabling Discovery of Hidden Threats and Rapid Investigations

A pillar of the Gigamon ThreatINSIGHT™ and Applied Threat Research (ATR) team is to continue to innovate and expand the product’s capacity to dismantle an adversary’s ability to impact our customers. We focus on machine-learning (ML) detection techniques that identify threat actors’ behaviors that would otherwise go unidentified and apply our experience as former practitioners to augment the product with capabilities to speed investigations.

In 2021, we are focusing on ensuring ThreatINSIGHT also works with and enhances our customers’ other technologies, with integrations with third-party threat intelligence and endpoint detection and response (EDR) vendors.

What’s New

High-fidelity behavioral-based detection: ThreatINSIGHT 3.3 includes new ML-based identification of NTLM credential abuse as part of an actor’s lateral movement. ATR has also designed new data exfiltration analytics observations to bring focus to potential malicious behavior.

Rapid, informed response: ThreatINSIGHT is excited to announce Meta Stream, allowing enterprises to export and retain ThreatINSIGHT metadata indefinitely in their own data repository. This will enable indefinite extended investigations beyond 30 days and support customer audit requirements. ThreatINSIGHT 3.3 also is extending the Tagging functionality of the product so that events are now enriched with annotations as they are ingested and will provide greater context for responders. Annotations include automatic tagging of applications, environments, location, owner and roles to increase the information presented to security teams so they can make informed decisions quicker.

Integrations: Customers who have licensed CrowdStrike, Proofpoint, ThreatConnect or Recorded Future threat intelligence feeds now can automatically analyze their network traffic in real time for threat intel matches using ThreatINSIGHT, speeding detections and enhancing context during investigation efforts. This powerful application for threat intelligence feeds increases the value of both ThreatINSIGHT and the threat intelligence purchase for our joint customers.

Gigamon ThreatINSIGHT customers can read the 3.3 release notes in the help section of the web portal.

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today


}
Back to top