Gigamon Deploys Applied Threat Research Team to Provide World-Class Detection, Investigation and Response

Research team’s latest research report unveils new trends in crimeware affecting global enterprises

Santa Clara, Calif. – October 25, 2018 – Gigamon Inc. (“Gigamon”), an essential element of enterprise infrastructure, providing visibility to network traffic across physical, virtual and cloud environments, today announced the integration of the ICEBRG Applied Threat Research (ATR) team into Gigamon. The ATR team (formerly ICEBRG’s well known Security Research Team) is comprised of expert researchers with extensive experience creating leading-edge detection, investigation and response capabilities through world-class threat research.

The latest report, Gigamon ATR 2018 Crimeware Report “A Sampling of Malicious E-Mail Attachments, is based on a sample of email attachments used in attacks against a number of Gigamon customers during the first half of 2018, and the detection rates of these samples on VirusTotal. Through this process of collection and analysis, the team was able to observe threat-actor behavior patterns, as well as campaign beginnings, periods of possible experimentation, and occasionally, the end of the pattern.

Key findings in the report include:

  • ‘Malspam’ attachments were only detected by 32.6 percent of anti-virus solutions in VirusTotal on the first day of submission, leaving close to 70% undetected
  • The most prevalent families of malicious software are detected more often as the anti-virus industry deploys more resources to these campaigns than to the average malspam attack
  • However, detection rates only outperform the mean by around 10 percentage points, with the remote access trojan, Pony, having samples evading most anti-virus solutions the first-day samples hit VirusTotal
  • Of the most prevalent crimeware families studied, Trickbot is the most successful in evading anti-virus solutions long-term on VirusTotal

“With the integration of the Applied Threat Research team into Gigamon, we have reached a significant milestone in the convergence of NetOps and SecOps,” said Paul Hooper, chief executive officer of Gigamon. “Our optimized threat detection, incident response and network visibility capabilities enable our customers to effectively and efficiently manage, control and secure their infrastructure across the entire enterprise.”

“The ICEBRG team is excited to continue advanced threat research at scale with Gigamon,” said Josh Carlson, vice president of threat research for Gigamon. “Our combined expertise in networking and security will help enterprises reduce risk and allow SOC teams to defend against the most severe threats in their environments.”   

For more information on Gigamon ATR and for a full copy of the Gigamon ATR 2018 Crimeware Report “A Sampling of Malicious E-Mail Attachments”, please visit the Gigamon website, and check out the Gigamon Insight page to learn how to effectively and efficiently start securing your organization.


About Gigamon

Gigamon® is the company leading the convergence of network and security operations to help organizations reduce complexity and increase efficiency of their security stack. The Company’s GigaSECURE® Security Delivery Platform is a next generation network packet broker that helps customers make threats more visible across cloud, hybrid and on-prem environments, deploy resources faster and maximize the performance of their security tools. Global 2000 companies and government agencies rely on Gigamon solutions to help stop tool sprawl and save costs. Learn how you can make your infrastructure more resilient, more agile and more secure at, on our blog and Twitter, LinkedIn and Facebook.