Ricardo Font, Senior Product Marketing ManagerMay 28, 2020
We are pleased to announce the release of the latest version of the Gigamon ThreatINSIGHT™ solution. Gigamon has enhanced ThreatINSIGHT with new functions and features that help organizations keep secure by addressing an all-important need within today’s environments: adapting your security to your changing environment. The features are as follows.
New Features and Functionality
Dashboards are better than ever: Default Dashboards bring
key information regarding compromised devices to the forefront, and widgets can
now be resized, changed and saved as a Custom Dashboard specific to an account,
allowing users to tailor it according to their needs.
>> Learn more about Gigamon ThreatINSIGHT and request a demo
Device Triage View
ThreatINSIGHT now has a Device Triage view that provides a device-centric timeline of detected threats and allows analysts to focus attention on the most critically impacted assets in the environment.
Device Risk Calculation
In order to help analysts properly prioritize response, we
have added a Risk Score. This score is calculated based on the number, severity
and activity of currently active detections on a device. The score is updated
automatically if new device activity is detected, allowing teams to adjust
response actions according to the most severe threat activity.
Event Entity Extraction
Event context is critical (for example, when did something happen, the “who, what, how”). To help teams derive these answers as quickly as possible, ThreatINSIGHT extracts critical values (those that indicate possible compromise) from data fields and groups them in one location and view for quick analyst review.
Dynamic Device Tracking and Hostname/MAC Searches
Analysts must track a device’s IP continuously (who had that
IP at the time of detection, what IP(s) did a device have next, and so forth).
ThreatINSIGHT now uses visible DHCP data to dynamically track device IP
In addition, ThreatINSIGHT now provides analysts with the
ability to search via a device’s hostname or MAC address. These three
properties (IP address, hostname and MAC address) are now associated across
each tracked device, allowing quick data searches (for all data related to a
device, independent of IP changes) to be performed.
New Detection Capabilities
Gigamon’s Applied Threat Research (ATR) team is continuously
engineering and releasing detection capabilities to provide continuous threat
detection improvements. ThreatINSIGHT 3.0 incorporates a number of detection
improvements that include new behavioral analytics, expert systems and
statistical models, used to identify suspicious patterns of DNS
request/response activity and suspicious SSL session activity associated with
compromise and command-and-control (C2) activity.
ThreatINSIGHT now grants administrators the ability to
download virtual sensors from the UI as well as self-provision any sensor (physical
or virtual) in a straightforward manner. This allows teams to add or remove
sensors as necessary without requiring additional support from Gigamon.
This release offers numerous additional improvements that
help teams efficiently detect and investigate a network. For more information,
please consult our release notes, available from the ThreatINSIGHT portal.
How to Get Started
To learn how ThreatINSIGHT can help secure your organization, visit the ThreatINSIGHT webpage or request a demo.
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.
Continue the Discussion
People are talking about this in the Gigamon Community’s Network Detection & Response group. Share your thoughts today.