ThreatINSIGHT and Zscaler Bring Visibility to the Remote Workforce

As we emerge from the challenges of the past year, some things will return to the way they were — and some changes are here for the long run. Enterprises have fast-tracked their cloud initiatives and the remote workforce has become an established norm. 

This means enterprise cloud platforms and remote users are the new frontline battlefields for adversaries and security operations teams, leaving many SecOps teams with new visibility gaps.

In September of 2020, Zscaler and Gigamon were the first to step up to the challenge by bringing remote workforce visibility together with network selection and response (NDR) technology, ensuring joint customers were not left in the dark. Thanks to this partnership and the integration of Zscaler Internet Access (ZIA) and Gigamon ThreatINSIGHT^® Guided-SaaS NDR, joint customers immediately found remote workforce network visibility they lost due to COVID-19.

Read the Zscaler and Gigamon ThreatINSIGHT joint solution brief >>

Gigamon is excited to be a sponsor at Zscaler’s Zenith Live 2021 and share how this integration works for a well-known joint customer in the hospitality industry.

The Integration

Now more than ever, SecOps teams need technologies that will work together to provide network visibility across this expanded attack surface, as well as fast, high-fidelity detection techniques that leverage cloud-based machine learning and behavioral analytics to identify hidden and emerging threats. Incident responders need the ability to easily hunt, search, and investigate network activity to understand the extent of any incident so they can make informed mitigation plans and response actions that eliminate the risk to the organization.

Zscaler and Gigamon ThreatINSIGHT, both cloud-based SaaS solutions, partnered to enable Zscaler Internet Access customers to easily deliver ZIA network activity metadata directly to ThreatINSIGHT sensors for ingestion and immediate analysis for the detection of and response to hidden and emerging threats.

Key Features

• One-click integration for ThreatINSIGHT and Zscaler Internet Access customers
• All TCP/IP (including HTTP, DNS, and SSL) activity observed by Zscaler automatically delivered as metadata to ThreatINSIGHT
• Integration enables automated ML-based threat detection and hunting and investigation response capabilities
• ThreatINSIGHT and Zscaler delivered as pure cloud-based, SaaS solutions

How It Works

• The integration delivers Zscaler’s NSS log stream for mobile, branch offices, and headquarters users directly from the Zscaler cloud to the Gigamon INSIGHT cloud data warehouse
• ThreatINSIGHT then applies its advanced network detection and response capabilities to accelerate discovery of hidden and emerging threats and enable rapid, informed mitigation efforts

Key Benefits

Eliminate blind spots – Whether mobile, branch office, or headquarter users, Zscaler and ThreatINSIGHT will have visibility into their network activity. Combined technologies offer:

• Always-on security regardless of where your users are or what they are accessing
• ThreatINSIGHT provides visibility to headquarter North-South and East-West traffic and cloud infrastructure workloads, including SSL decrypted traffic
• Zscaler provides visibility to mobile, branch, and headquarter users’ internet activity

Cloud-based high-fidelity detection and response – Cloud-ready platforms to enable security analysts and incident responders. Key benefits include:

• Leading threat intelligence, machine learning, and behavioral analysis delivering high-fidelity, accelerated threat detection across the entire MITRE ATT&CK framework
• Fast Omnisearch, threat hunting, and full investigation and incident management workflows to make informed, complete response decisions

Zero-maintenance security – With cloud-first designs from both Zscaler and ThreatINSIGHT, customers enjoy zero-maintenance security. Key benefits include:

• Plug-and-play deployments and integrations: Initiate and complete Zscaler integration within minutes in the ThreatINSIGHT portal
• Security staff can remain focused on threats, not tool management/maintenance
• Cloud-based analytics and storage mean solutions scale to any size customer