Gigamon Inc. is offering its customers free integration with Splunk Inc.’s log analysis and Phantom Cyber Corp.’s security platform to reduce the time needed to detect and respond to cyber threats.

The Gigamon IPFix Metadata Application for Splunk enables Splunk user to ingest network metadata generated by Gigamon’s GigaSecure network monitoring platform. The Gigamon Adaptive Response Application for Splunk enables security administrators to automate responses to threats detected in Splunk using GigaSecure.

The Gigamon App for Phantom works with Phantom’s security automation and orchestration platform. It enables Phantom users to trigger workflows or remediation actions based upon information delivered by GigaSecure using application program interfaces. Benefits include automating common security operations tasks through predefined playbooks and orchestrating network threat detection and mitigation to reduce mean time to resolution, the company said.

The applications are based on Gigamon’s Defender Lifecycle Model approach to security, which focuses on prevention, detection, prediction and containment of threats using machine learning, artificial intelligence and workflow automation. “It enable defenders to address the speed and polymorphic nature of security threats,” said Ananda Rajagopal, Gigamon’s vice president of product management.

IPFix can be used to identify information such as domains and machine-generated codes commonly used by attackers within Splunk’s database. The tool can also look for infected hosts, malware signatures and indications of ransomware attacks, Rajagopal said. Applications include isolating an infected host trying to resolve high-entropy domain names or block rogue domain-name service servers and redirecting traffic to a recorder or a specific security tool chain for advanced analysis when unusual network traffic activity is observed.

“Because Splunk is out of band, you have to conduct root cause analysis, remediation and scoping on detected actions,” Rajagopal said. With the Gigamon extensions, “you can program actions based on detected data such as blocking an IP address or sending an email alert. This is an opportunity for better automation and triage.”

Gigamon IPFix Metadata Application for Splunk and Gigamon Adaptive Response Application for Splunk are available for free download from Splunkbase. The Gigamon App for Phantom is available for free download from the Phantom Apps community.

Image: Pixabay