ThreatINSIGHT is a comprehensive toolkit that includes a playbook of pre-built queries based on latest industry data, AI software to automatically detect potential threats faster, 365 days of historical network traffic to better enable investigation, and access to a team of threat expert consultants for further guidance when needed.<\/p>\n
Introducing MetaStream with Signals<\/h2>\n
Leveraging our newest feature, MetaStream with Signals, ThreatINSIGHT provides Sumo Logic access to network visibility context and rich threat detections. Thanks to this integration, security and network operations teams can triage, validate, and investigate anomalies quickly and efficiently directly in the Sumo Logic platform.<\/p>\n
The integration delivers:<\/p>\n
- \n
- Detections and machine learning (ML)-based observations<\/strong>\u00a0of adversary network activity identified by ThreatINSIGHT. That allows SOCs to\u00a0rapidly discover threats<\/strong>\u00a0within the Sumo Logic interface.<\/li>\n
- Network metadata aggregations designed for security teams to provide robust network context \u2014 at just\u00a02 to 5 percent<\/strong>\u00a0the size of full metadata events,\u00a0lowering storage costs.<\/strong><\/li>\n
- North-South and East-West network visibility<\/strong>\u00a0for core cloud networks (AWS, Azure, and Google Cloud Platform).<\/li>\n
- Secure, easy data exchange<\/strong>\u00a0via a simple, cloud-based, self-provisioned Gigamon-hosted AWS S3 bucket.<\/li>\n<\/ul>\n
The big picture? The integration between ThreatINSIGHT NDR Sumo Logic CSE allows for fast triage and investigation efforts with ThreatINSIGHT network metadata, reducing dwell time.<\/p>\n
\n![\"\"](\"https:\/\/blog.gigamon.com\/wp-content\/uploads\/2022\/06\/Gigamon-GTI-Screenshot-1024x489.jpg\")
<\/a>Figure 1. Sumo Logic Metastream with Signals dashboard with Gigamon Hawk integration.<\/em><\/figcaption><\/figure>\n<\/div>\n Thanks to the visibility that ThreatINSIGHT provides, Sumo Logic customers will be able to more easily collect, monitor, and visualize data across the network and gain insights from detections and ML-based observations. Customers can also customize which signals to integrate to achieve the in-depth context they need.<\/p>\n
Finding the Needles<\/h2>\n
Security event metadata often arrives at customer security tools as a huge haystack where it\u2019s impossible to find the needles. ThreatINSIGHT streamlines aggregated network metadata before delivering it to Sumo Logic, so customers can efficiently retrieve all MetaStream with Signals and validate, hunt, or investigate an incident without the high security-event data storage costs so common with other solutions.<\/p>\n
\u201cMetaStream with Signals was designed by our security experts to meet the needs of SOC analysts and incident responders,\u201d says Michael Dickman, Gigamon Chief Product Officer. \u201cWorking together with Sumo Logic CSE, ThreatINSIGHT network visibility and advanced adversary identification techniques will help security teams perform threat detection, investigation, and response activities faster and more thoroughly.\u201d<\/p>\n
As organizations continue to implement and manage complex multi-cloud environments, network and security teams need deep observability to make real-time, strategic decisions when monitoring their networks. By combining ThreatINSIGHT, a leader in NDR, with Sumo Logic, both network and security operations teams can take advantage of rich network detection data to rapidly identify and recover from security threats.<\/p>\n
To learn more about how Gigamon ThreatINSIGHT and Sumo Logic can mitigate your organization\u2019s risk,\u00a0request a demo today<\/a>.<\/p>\n
- Network metadata aggregations designed for security teams to provide robust network context \u2014 at just\u00a02 to 5 percent<\/strong>\u00a0the size of full metadata events,\u00a0lowering storage costs.<\/strong><\/li>\n