A Gigamon Whitepaper:
SOC AUTOMATION OF THREAT INVESTIGATION
SOC AUTOMATION OF THREAT INVESTIGATION
When a Security Operations Center (SOC) is shown on TV, it has a specific portrayal. There is a large wall full of screens. World maps showing the threat origins and targets are updating in real time. Desks are full of people behind monitors. However, when visiting a SOC in most companies, it looks completely different. There are often only a few people there. The impressive dashboards of activity are instead a few screens. The people aren’t focused on individual systems; instead they all are doing many jobs to keep the SOC running.
The goal of these ‘real’ SOCs is to optimize the tools they have, reduce the noise from their tools to manageable levels, and automate as much of the process as possible. Gigamon recently made a major step towards this goal by integrating the capabilities of its own Gigamon GigaSECURE® Security Delivery Platform with the advanced security detection and analysis provided by BluVector, as well as by automating the collection of all security events through Splunk Enterprise.
KEY FINDINGS
- See how the Gigamon SOC utilizes the GigaSECURE Security Delivery Platform from Gigamon, BluVector® CortexTM and Splunk Enterprise together to detect advanced threats, automate full packet capture and empower investigation, response and remediation.
- Included are the details of each component, how they are configured and integrated, and some example events that were addressed by this automated system.
GET THE REPORT
Fill out the form to get access to this threat report.