Gigamon announced it is expanding the scope of its cybersecurity monitoring efforts significantly by acquiring ICEBRG, a provider of a cloud-based threat detection service.
The combination of the sensors ICEBRG deploys coupled with the real-time network monitoring platform developed by Gigamon promises to limit the “blast radius” of cybersecurity breaches by making it faster to detect and ultimately contain security breaches, said Gigamon CEO Paul Hooper.
That capability is enabled by Gigamon appliances and terminal access points (TAPs) that are employed to analyze network traffic at line speeds, Hooper said, adding Gigamon also provides access to tools to query that data to discover anomalies.
By providing the ICEBRG cloud service with access to the analytics generated on the Gigamon network appliances, cybersecurity professionals gain access to network packets that are the only single source of truth for what’s really occurring across an extended IT environment. Armed with that data, cybersecurity professionals should be able to sharply reduce the number of false positives any security operations center (SOC) might need to track down on any given day, Hooper said. Those false positives contribute to a level of cybersecurity fatigue that results in threats being ignored because the IT team has become inured to all the alerts being generated. By relying more on monitoring tools that track network packets, the alerts being generated will be more reliable indicators of a cybersecurity breach, he said.
Hooper noted one of the reasons that Gigamon decided to acquire ICEBRG is because as a cloud application, it starts to generate cybersecurity value in terms of identifying threats in as little as 34 minutes. That is significant because it also enables the cybersecurity team to be more productive at a time when the number of attack surfaces that need to be defended continues to increase, he said.
Most savvy IT organizations now assume their IT environments have been compromised to one degree or another by malware. The challenge now is to locate that malware as quickly as possible to remove malware before it becomes activated or contain any potential damage once it is activated. Because most malware is trying to exfiltrate data, the ability to identify anomalies at the network packet layer makes it possible to quarantine any suspect traffic once it’s detected.
The convergence of network and security monitoring has been a long time in coming. Until recently there were not appliances available capable of analyzing every packet in real time without adversely impact application performance. But as the amount of compute horsepower that could packed into an appliance became more dense, it became more feasible to analyze network packets at line rates. Now, Gigamon is moving to make real-time monitoring capability available to a cybersecurity application.
Eventually there may come a day when all that data is analyzed by artificial intelligence (AI) applications to automate responses to cybersecurity incidents. In the meantime, cybersecurity professionals should expect to receive much more in the way of actionable intelligence as the monitoring of networks and security continue to meld.