SHARE
Security / June 23, 2021

Technical Success Management and Guided-SaaS NDR

Since October of 2020, I have had the pleasure of leading the Technical Success Management (TSM) team for Gigamon ThreatINSIGHT™. It is a unique team that redefines customer success for security products by staffing field-tested security analysts and incident responders to serve our customers. Having sat in the same hot seat as the practitioners that use ThreatINSIGHT, we understand the challenges and pressures they face in addressing cyber adversaries.

While I may be somewhat new to the organization, my experience with Gigamon as a customer and partner goes back quite a ways. In my mind, Gigamon always stood apart in that they never walked away because a challenge was difficult to solve, and that the strength of the culture matched the strength of the technology. That culture not only drives innovation and builds great solutions but makes it possible for us to foster partnerships that many SaaS solutions neglect. In my time here, I have been thrilled to see how powerful that partnership can be, especially as we have dealt with some exceptionally complex attacks like Sunburst/UNC2452 and the many curves that COVID threw us all. And as we continue to deal with challenges brought on by a rapidly evolving threat landscape, and struggle to address a skill and staffing gap across many SOCs, the strength of our approach to solving those problems has been further tested and proven out. The TSM team, along with Gigamon Applied Threat Research (ATR) and the SaaS operations team, together with the ThreatINSIGHT technology, offer our customers what we call a Guided-SaaS NDR solution.

Before we talk about how we deliver ThreatINSIGHT, I should give you some background on the TSM team itself. Our TSMs come from a variety of backgrounds in the security industry, and all share a customer-centric mindset and approach. Most held practitioner roles as responders, analysts, or investigators or led efforts to improve security operations and maturity efforts. TSMs use their firsthand experience, passion for security, and deep knowledge of ThreatINSIGHT to:

  • Provide deployment and visibility assistance to minimize efforts for our clients and ensure the product is performing optimally
  • Enable our customers on ThreatINSIGHT to ensure proficiency and utilization both initially upon deployment and ongoing as our customers’ security staff evolves
  • Share our threat knowledge and advisory guidance when our customers are facing a high-risk incident, so our customers are not trying to respond to threats in a vacuum
  • Engage with our customers to understand their goals and then work with them to achieve them

What I think is powerful about the Guided-SaaS delivery model is that it is a combination of technology and people coming together to provide better outcomes and stronger solutions for our customers. Security challenges cannot be addressed simply with technology alone, and as we all know, having the right people — experienced, capable, and engaged people — can make all the difference. Our approach is different because we recognize not only the complexity of the challenge, but also understand the role that human beings continue to play in solving those challenges. That approach starts with our TSM Charter:

Mission: Be a trusted adviser to and fierce advocate for customers, enabling effective and efficient utilization of ThreatINSIGHT and providing guidance when it matters most.

Methodology: Staffed by analysts and responders, the TSM team understands the challenges facing SOC/IR teams and works tirelessly to ensure every interaction provides value to their customers.

  • Ensure Fast Time to Value
    • Assist with Deployment and Visibility: Rapidly achieve essential visibility
      and drive effective detection and response
    • Optimize and Expand: APIs, workflows, visibility, and integration of
      intelligence feeds
    • Provide Product Expertise and Enablement: Ensure customer proficiency and utilization
  • Provide Advice When It Matters
    • Threat Support: Share knowledge of specific threat capabilities
      based on ATR’s firsthand incident investigations
    • Incident Support: Provide strategies for comprehensive investigations
      to enable rapid, informed response
  • Partner to Secure Our Customers’ Success
    • Accomplish Goals, Realize Outcomes, Attain Objectives: Engage to define and understand customer’s strategic security goals and work with customer to achieve
    • Improve Security Posture: Manage progress, accelerate capabilities, and optimize platform

Expertise: To provide a better product experience and partner with our customers, the TSM team is composed of experienced security analysts and incident responders. Their skills include:

Technical Skills/Expertise

  • SOC operations model
  • In-depth security event analysis skills
  • Experience in incident response, forensics, malware analysis, and remediation
  • Technical knowledge of cybersecurity over all 7 layers of OSI model
  • Rich networking knowledge (DHCP, DNS, HTTP, TCP/IP, etc.)
  • Enterprise network architectures (datacenter, server, storage, switching, cloud)
  • Security device configuration and administration (FW, IPS, etc.)

Experience

  • 3+ years information security, SOC, IR, or similar cyber experience
  • 5+ years technical delivery and client management experience
  • Cybersecurity relevant certifications and hands-on experience
  • Experience in collecting, analyzing, and escalating security events
  • Experience in investigating, developing mitigation plans, and responding to computer security incidents
  • Enablement training delivery

Engagement

  • Onboarding and deployment
    • Evaluate customer needs and develop plan to achieve success
    • Deliver enablement training
    • Facilitate deployments and system optimization and configurations
  • Ongoing partnership
    • Drive customer success plan
    • Deliver periodic detection reviews
    • Perform visibility/product health checks
    • Internal customer advocate
    • Continued enablement
  • Advisory guidance: Upon request, provide threat-specific knowledge and incident response best practice guidance

Measured: Our success is measured not in MTTD and MTTR, but in how well we accomplished our goal of working with you to reach your goals. Have we been effective in helping drive SOC maturity? Have we made onboarding your new team members efficient and gotten them up to speed quickly? Are you able to focus on the hard work of protecting your environment without distractions and use ThreatINSIGHT to improve your security posture? Simply put, we are not successful unless you are successful, and that commitment not only drives what we do, but moreover, it is what we come to work for every day.

Ultimately, we know the challenges that you are facing because we face them along with you. No one has time to burn on solutions that do not address the multiple needs of today’s security teams. The stakes are for too high, and we recognize that it is not just hard to do it all on your own — it is almost impossible. Our team strives to ensure that our customers are better prepared and more capable by working with us, and that we bring something of value with every interaction. That commitment, and the sentiment that drives it are at the heart of what the overall offering provides as a Guided-SaaS NDR, ensuring we provide value for our customers beyond just technology.

Featured Webinars

Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Network Detection and Response (NDR) group.

Share your thoughts today


Back to top