Gigamon Deep Observability Pipeline

Supercharge your observability tools with actionable network-level intelligence to realize the transformational promise of the cloud.

LEARN MORE

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

TRAFFIC INTELLIGENCE

From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

OVERVIEW

GET SUPPORT

VÜE COMMUNITY

voice of the customer

Gigamon serves the world's more demanding enterprises and public sector agencies, enabling them to harness actionable network-level intelligence to amplify the power of their cloud, security and observability tools.

CUSTOMERS

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility

 

Five9

Five9

Delivers Cloud-Powered Contact Center Excellence

DoD

Department of Defense

Confidently feeds different tool sets in the physical and virtual world.

 

Resource Library

Your one-stop hub to explore content resources and stay current on the latest in how to amplify the power of your cloud, security and observability tools.

RESOURCES

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

deep observability

Observability is Key to Transformation

Unleash cloud potential with deep observability.

ebook

Deep Observability eBook

Take your security and observability tools to a whole new level.

WHY GIGAMON

Gigamon offers an advanced deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of your cloud, security and observability tools.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Unseen Threats Can Lurk in Your Midst

Deep observability exposes previously unseen threats.

GPTW

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Security / July 30, 2021

Gigamon ThreatINSIGHT: Highlighting the Value of Reporting for Security Operations

Bassam Khan  

Updated September 30, 2021.

The value of reporting can never be overlooked. One of the most difficult challenges for security operations is to consistently communicate and illustrate their security posture to executives and other teams that rely on accurate, current, and actionable data. Assessing an environment on its whole is difficult because very few solutions have comprehensive and consistent visibility, but Gigamon ThreatINSIGHT™ is uniquely positioned to empirically measure an organizations health and preparedness for incidents. With visibility to an organization’s hybrid cloud, core network, and remote users, ThreatINSIGHT can analyze the network traffic of every device and assess the organizations security posture over time. 

ThreatINSIGHT Security Posture Report

The ThreatINSIGHT Network Security Posture Report exposes hidden risks where improved hygiene can close gaps that can be abused by adversaries. Due to ThreatINSIGHT’s ability to assess Layer2 through –Layer 7 traffic, it can identify suspicious connections (TCP, SSH, RDP, etc.), unsupported software or activity (EOL OS, Deprecated SSL, revoked accounts with authentications, etc.), and hosts involved in high-risk communications (using external DNS servers, external SMTP servers, remote access services, etc.). Examining periodically and addressing the hidden risks allow security teams to illustrate improvement to their security posture over time.

ThreatINSIGHT Detections Report

Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) combine to represent the time in which an adversary can negatively impact an organization and are important metrics in security operations as they illustrate a team’s efficiency and effectiveness in dealing with threats. Over the years reports such as the Verizon Data Breach report and Ponemon Institute studies show scary enterprise MTTD and MTTR numbers, the reality is that it is not easy for SOCs to measure as it requires extensive visibility. However, Gigamon ThreatINSIGHT’s ability to observe all devices over time and retain historical network activity allows organizations to measure their improvement in dwell time. Further, ThreatINSIGHT provides the critical capabilities allowing SOC and IR teams to rapidly triage and respond to threats:

  • Capture and retention of rich contextual L2-L7 network metadata for all device activity
  • Automatic enrichment of the retained network metadata with entity (user, hostname, geolocation, etc.) and event intelligence (external threat information, passive DNS, whois, etc.)
  • Guided Next Steps to aid SOC analysts to triage detections rapidly.
  • Robust omnisearch query capabilities and graphical visualizations of the adversary’s activity to perform thorough investigations.
  • For active high-risk incidents, access to Gigamon security analysts and incident responders to receive information about the threat actor and incident investigation best practices.

The ThreatINSIGHT Detection Report provides a comprehensive review on detections, attack stages, severity levels, confidence levels, and resolution metrics. Because of the comprehensive visibility provided by ThreatINSIGHT, organizations can obtain a true representation of the time adversaries are active in their environment (MTTD and MTTR) and overtime illustrate the improved efficiency and effectiveness of their security and incident response operations.

Learn how Gigamon ThreatINSIGHT can help you.

  • © Gigamon 2024
Back to top