Security / June 9, 2021

Introducing Guided-SaaS NDR

What the heck is Guided-SaaS NDR?

Simply put, Software-as-a-Service (SaaS) from security vendors needs to grow up and mature. It isn’t enough to:

  • Just lift and shift on-premises security solutions to the cloud
  • Build cloud-native technology and charge a subscription fee
  • Save enterprises some headaches with SaaS deployments if the technology creates tons of SOC and IR distractions in the form of tuning, care and feeding, and false-positive management

Since its inception in 2017, ThreatINSIGHT has offered its customers something unique. A cloud-native network detection and response (NDR) solution built by responders for responders, but also staffed by responders for responders to ensure expertise is available to our customers in every aspect of the offering: technology, management, and service. As security analysts and incident responders, we focused on offering a solution to address challenges facing our SOC and incident response (IR) brethren in our customers. It seemed natural to us, but our customers kept telling us that what we were doing was different, better than other vendors… that we understood their challenges and worked as trusted partners. As we examined how we are different, we realized what we offer is more than a SaaS offering — it is a Guided-SaaS solution that also puts our expertise on our customers’ side. 

To appreciate what Guided-SaaS provides, we must first start by looking at the top challenges to SOC and IR team efficacy and burnout.

of SOC analysts cite lack of visibility into network traffic as the top reason for SOC ineffectiveness1of SOC analysts report rank “Minimization of false positives” as the most important SOC activity (detection tuning) 2of SOC analysts indicate maintaining, tuning, and providing updates to their security tools is a core responsibility2of SOC analysts report burnout quickly because of the high-pressure environment2
Network visibility is a foundational need
Reducing FPs should be the vendor’s responsibility and not the security team’s
SecOps distractions must be eliminated to allow focus on threat management
SecOps teams benefit from trusted advisers

Guided-SaaS NDR Defined

So, what is Guided-SaaS and how does it address these challenges?

Guided-SaaS is just as much a mantra for Gigamon as it is an offering for our customers. In the simplest terms, it is an elevated SaaS offering that blends technology, solution management, and security expertise to provide as complete a solution as possible, partner with our customers, and dismantle our adversaries quickly and effectively.

Guided-SaaS NDR means technology built by responders for responders, providing:

  • Network visibility, closing the SOC visibility gap across the ATT&CK framework
    (for hybrid and changing networks: Core/Cloud/WFH)
  • Advanced adversary detection, using a blend of ML, behavioral, and threat intel techniques
    (hi-fi detections of hidden and emerging threats)
  • Threat context, accessible and searchable
    (enriched metadata and Omnisearch)
  • Guidance, threat-specific guided next steps
    (triage and investigations)

Guided-SaaS NDR means solution management is provided by Gigamon product and threat experts to remove distractions and ensure:

  • Your team’s ongoing product proficiency
  • Deployment, configuration, and visibility optimization, even as networks change
  • Always current with SaaS maintained updates and system availability
  • Zero tool maintenance and detection tuning for your team

Guided-SaaS NDR means your team has access to expert security analysts, incident responders, and threat researchers. Backed by Gigamon Applied Threat Research (ATR) — threat researchers — and armed with Gigamon Technical Success Manager (TSMs) — experienced analysts and responders — your team has access to advisory guidance during high-pressure active threats and incidents (when it matters).

  • Threat/adversary knowledge
  • Incident management guidance

Guided-SaaS vs. Other Options

Other vendors in the NDR market tend to offer one of two solution types: 1) You purchase an NDR and manage it yourself (both SaaS and on-premises) or 2) you select a managed network detection and response provider (MSSP). These existing options have some natural pros and cons.

+ Optimized for your environment+ Low deployment and post-deployment work
+ Leverages your team’s skills+ Known cost parameters
+ Full control of response+ Broad crowdsourced threat intel view
– Deployment and post-deployment work– Generic, one-size-fits-all platform
– Cost surprises and strain on security team– Generic detection/response/remediation
– SOC and incident response “in the dark”– Establishes over-reliance on outside teams

Best of Both Worlds

In a Guided-SaaS NDR, you get all the benefits with none of the negatives…

  • Fully managed rapid deployments
  • Constantly updated and managed detection engines
  • Fast and scalable INSIGHT cloud data warehouse
  • Always accessible web portal and APIs
  • Applied Threat Research (ATR) complements ThreatINSIGHT threat intel and detection engines:
    • ML, behavioral, and expert systems
    • Ongoing detection tuning (QA)
  • Technical success managers (TSMs), experienced incident responders, and security analysts that help:
    • Enable teams
    • Set up and optimize deployments
    • Drive industry best practices
    • Provide advice when it matters
  • Optimized for your environment
  • Easy deployment and zero maintenance
  • Leverages and enhances your team’s skills
  • Known cost parameters
  • Full control of your response
  • Broad crowdsourced threat intel view
  • Augment your InfoSec maturity level w/experts

But How Is Guided-SaaS Different from SaaS?

If we think of the whole product offering, the difference become quite apparent:

Click image for larger size.

So What’s New for Our Existing ThreatINSIGHT Customers?

Stepping back and realizing our Guided-SaaS differentiation, we’ve invested in our Technical Success Management team. While the mantra and intent has not changed, we’ve brought new leadership to the team that has both security chops and customer success expertise. We’ve also added structure to our TSM operations to ensure the highest quality of service to every customer.  What we haven’t changed is the expertise of each Technical Success Management team member.  Each TSM is an experience security analyst or incident responder who understands the challenges your SOC/IR team faces. Each TSM is a ThreatINSIGHT expert to ensure your team is properly enabled both with the initial solution rollout and with every release.

If I Am Looking for an NDR, What Differentiates ThreatINSIGHT?

Gigamon ThreatINSIGHT™ is a purpose-built NDR built by responders for responders, and staffed by responders for responders to ensure security teams:

  • Aren’t in the Dark: Guided-SaaS NDR means technology that has continuously optimized visibility to detect and respond to cyber adversaries across any network, device, or traffic
  • Aren’t Distracted: Guided-SaaS means minimal maintenance and zero detection tuning required, improving SOC/IR efficiency and effectiveness
  • Aren’t Alone: Guided-SaaS means access to advisory guidance from Gigamon security experts during high-risk incidents, reducing burnout

Featured Webinars

Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.


People are talking about this in the Gigamon Community’s Network Detection and Response (NDR) group.

Share your thoughts today

Back to top