Rapidly Triage Network Detection & Response with the Polarity-Gigamon Integration

Product Jul 15, 2020

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day, no glasses or goggles required. With over 100 powerful integrations, Polarity’s open-source Integrations Library arms you with the right data at the right time to make informed decisions and take action with speed. This example showcases our integration with Gigamon.

What is Gigamon ThreatInsight?

Gigamon ThreatINSIGHT accelerates network detection and response (NDR) via a cloud-native platform that leverages machine learning (ML) and Applied Threat Research (ATR) to provide threat activity detection, providing the data and context needed for response and investigation in a rapidly transforming cyber-security landscape. Gigamon ThreatINSIGHT:

  • Delivers faster answers, with rapid deployment and omnisearch capabilities to let you answer critical incident-related questions in seconds, not minutes — along any vector, through extended time frames.
  • Leverages comprehensive data via the Gigamon INSIGHT Cloud Data Warehouse, providing access to current and historical data across vectors from hybrid networks, to give you the visibility and context needed for comprehensive investigative efforts.
  • Builds on intelligent design, applying machine learning together with human-powered detections from Applied Threat Research to provide high-fidelity detections and recommended remediation, so you can reduce false positives and prioritize your response.
  • Improves security and lowers risk, through quicker deployment, better detection capabilities, and quality, correlation of siloed data, and blind-spot reduction.

Polarity - Gigamon ThreatInsight Integration

The Polarity-Gigamon integration allows analysts to have instant data awareness and recall of Gigamon’s platform, regardless of the analysts’ workflow or what screen they are looking at. This functionality enables analysts to see if an indicator is associated with any Gigamon threat insight detection and will supply contextual information for that indicator, like PDNS, DHCP, and summary information.

Polarity gives analysts the right data at the right time to make decisions and take action with precision and speed. With the Polarity-Gigamon integration, analysts can triage their network detection and response much faster by having immediate data awareness on detections around the IP or domain they are referencing.

In this image, notice an IP is highlighted in the screen on the left. On the right, you can see that Polarity's computer vision recognized the text on screen, and in real-time while the analyst is working, it has provided contextual information for the highlighted domain in the Overlay Window. This contextual information has been pulled from Gigamon through the Polarity-Gigamon Integration.

What Next?

See for yourself with a Polarity demo or trial, or a Gigamon trial. To learn more, take the Tour or tune into our next Community Tech Tuesday.

Integrate with Polarity

Data tells a story, Polarity helps you see it with Augmented Reality. With more than 100 integrations, Polarity works well with the products our customers use every day. Connect your product to Polarity through our open-source integration program.