SHARE
Security / July 12, 2022

Rapid Threat Identification with Gigamon ThreatINSIGHT Guided-SaaS NDR and Sumo Logic CSE

Integrations are supposed to make life easier by ensuring enterprise teams get the information they need to detect, investigate, and respond to network threats quickly. But they lose effectiveness when they exchange too little or too much data. Security teams that see too many irrelevant events can find themselves lost in the weeds, and teams that get security alerts without context aren’t able to take fast and focused action, which slows triage and investigations.

When planning the integration between Gigamon ThreatINSIGHT™ network detection and response (NDR) and Sumo Logic Cloud SIEM Enterprise (CSE), our focus was to deliver the data security pros need to fight threats without distractions.

ThreatINSIGHT is a comprehensive toolkit that includes a playbook of pre-built queries based on latest industry data, AI software to automatically detect potential threats faster, 365 days of historical network traffic to better enable investigation, and access to a team of threat expert consultants for further guidance when needed.

Introducing MetaStream with Signals

Leveraging our newest feature, MetaStream with Signals, ThreatINSIGHT provides Sumo Logic access to network visibility context and rich threat detections. Thanks to this integration, security and network operations teams can triage, validate, and investigate anomalies quickly and efficiently directly in the Sumo Logic platform.

The integration delivers:

  • Detections and machine learning (ML)-based observations of adversary network activity identified by ThreatINSIGHT. That allows SOCs to rapidly discover threats within the Sumo Logic interface.
  • Network metadata aggregations designed for security teams to provide robust network context — at just 2 to 5 percent the size of full metadata events, lowering storage costs.
  • North-South and East-West network visibility for core cloud networks (AWS, Azure, and Google Cloud Platform).
  • Secure, easy data exchange via a simple, cloud-based, self-provisioned Gigamon-hosted AWS S3 bucket.

The big picture? The integration between ThreatINSIGHT NDR Sumo Logic CSE allows for fast triage and investigation efforts with ThreatINSIGHT network metadata, reducing dwell time.

Figure 1. Sumo Logic Metastream with Signals dashboard with Gigamon Hawk integration.

Thanks to the visibility that ThreatINSIGHT provides, Sumo Logic customers will be able to more easily collect, monitor, and visualize data across the network and gain insights from detections and ML-based observations. Customers can also customize which signals to integrate to achieve the in-depth context they need.

Finding the Needles

Security event metadata often arrives at customer security tools as a huge haystack where it’s impossible to find the needles. ThreatINSIGHT streamlines aggregated network metadata before delivering it to Sumo Logic, so customers can efficiently retrieve all MetaStream with Signals and validate, hunt, or investigate an incident without the high security-event data storage costs so common with other solutions.

“MetaStream with Signals was designed by our security experts to meet the needs of SOC analysts and incident responders,” says Michael Dickman, Gigamon Chief Product Officer. “Working together with Sumo Logic CSE, ThreatINSIGHT network visibility and advanced adversary identification techniques will help security teams perform threat detection, investigation, and response activities faster and more thoroughly.”

As organizations continue to implement and manage complex multi-cloud environments, network and security teams need deep observability to make real-time, strategic decisions when monitoring their networks. By combining ThreatINSIGHT, a leader in NDR, with Sumo Logic, both network and security operations teams can take advantage of rich network detection data to rapidly identify and recover from security threats.

To learn more about how Gigamon ThreatINSIGHT and Sumo Logic can mitigate your organization’s risk, request a demo today.

Featured Webinars

Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s ThreatINSIGHT group.

Share your thoughts today


}
Back to top