top of page
Search
Writer's pictureFayyaz Rajpari

What a Seamless NDR + EDR Integration Looks Like: Gigamon ThreatINSIGHT and CrowdStrike Falcon

Updated: Jul 6

Over the last decade, the acceptance and adoption of “detection and response” has finally been reached. It required the market to ultimately have empathy for the struggles SOC and incident response teams face when trying to identify and stop the activities of adversaries after they got beyond frontline security tools. But now security vendors are applying their “what’s hot” marketing playbook to detection and response. We now have EDR, NDR, XDR, and MDR acronyms and promises flying around unabashedly. What’s worse are the check-box integrations vendors have put into the market to be able to back their “we integrate too” promises. 


Without flashy words and empty promises, we are proud to introduce a full-featured NDR/EDR integration that is designed specifically for SOC and incident response teams while delivering the benefits security leaders seek — an efficient, effective security team.

Gigamon ThreatINSIGHT™ NDR has partnered with CrowdStrike Falcon to deliver a detection and response solution unlike any currently available. ThreatINSIGHT Guided-SaaS NDR integrates with the Falcon platform to deliver the most comprehensive network-to-endpoint visibility with combined threat intelligence, advanced behavioral threat detection, host containment, and the strongest tools and telemetry to allow security teams to do their job: stopping attackers in their tracks.


Focused on enabling and empowering joint customers to detect and respond with certainty, ThreatINSIGHT, Falcon Insight EDR, and Falcon X threat intelligence products combine to provide a fully unified NDR and EDR integration. Together, they help you close the SOC visibility gap and dismantle adversaries. 

Scenarios

Technical Capabilities

Why SOC/IR Teams Should Care

Why Security Leaders Should Care

Avoid multi-vendor headaches

Out-of-the-box, cloud-to-cloud integration with both Falcon X threat intelligence and Falcon Insight EDR

Fewer distractions with zero integration work or ongoing maintenance

Fast time to value, security teams can focus on threats, not solutions management.

Close SOC visibility gaps

In-depth host telemetry for managed devices and L2-L7 network metadata for all devices within ThreatINSIGHT




Note: Most NDRs can only provide L2-L4 visibility for all devices



Observe all devices (x-axis breadth) with rich host and network context (y-axis depth) within a single console to perform triage, hunting, and investigations across current and historical activity (z-axis time)

In-depth context for SOC teams on a single platform for efficiency and effectiveness

Achieve IoT, BYOD, and unmanaged device visibility

Employ ThreatINSIGHT to observe the behavior of all managed and unmanaged devices and identify whether the Falcon agent is present

Secure all devices and make informed response decisions even when Falcon agent is not present

Visibility into EDR gaps for better response decisions on all hosts, not just managed ones

Faster threat intelligence detections

Utilize both ThreatINSIGHT proprietary threat intelligence and Falcon X threat intelligence on live network traffic

Faster Falcon X threat intelligence detections via real-time matches for all network devices, compared to trying to match against historical data in your SIEM

Get more out of your Falcon X investment by applying matches on live traffic, not just SIEM history

Behavioral detection corroboration

Observe, triage, and investigate both ThreatINSIGHT and Falcon Insight behavioral-based detections with correlated telemetry

High-fidelity adversary behavior identification using CrowdStrike and Gigamon machine learning and behavioral analysis techniques 

Improve mean time to detect by combining network and endpoint adversary behavior identification techniques


Hunting and incident investigations

Query Falcon host-based telemetry alongside enriched network metadata with ThreatINSIGHT advanced investigation capabilities

Rich L2-L7 network and robust endpoint telemetry at your fingertips

Data and tools for hunting teams on a single platform for efficiency and effectiveness

Host management

For any host being explored within ThreatINSIGHT, single-click to pivot directly into CrowdStrike to manage that device

Quickly investigate ThreatINSIGHT detections within Falcon Insight

Reduce complexity and drive faster mean time to respond

Host isolation

For any host being explored within ThreatINSIGHT, easily isolate the device with a single click

Mitigate risk quickly once a device has been triaged and confirmed infected from within ThreatINSIGHT

Take swift action, improving mean time to contain

Joint Gigamon ThreatINSIGHT and CrowdStrike Falcon customers can benefit from the integration immediately and should reach out to their Technical Success Management team with any questions.


If you are a CrowdStrike customer looking to close the SOC visibility gap by adding a network detection and response solution built by responders for responders, request a demo today.


The original article can be found here.

4 views0 comments

Recent Posts

See All

The Autonomous SOC, is It Here Yet?

One of my first jobs back when I was in high school was a PBX Operator at a Hospital.  It was a new experience for me as I did the...

Comments


bottom of page