Gigamon Introduces New Integrations with Splunk and Phantom, Bringing Its Defender Lifecycle Model to Life

Solutions Enable Security Operation Teams to Accelerate and Automate Threat Detection and Containment

Santa Clara, Calif., (October 10, 2017) Gigamon Inc. (NYSE: GIMO), the industry leader in visibility solutions, today announced new integrations with both the Splunk and the Phantom platforms aimed at accelerating incident response, reducing the time to threat detection and automating threat mitigation. The Gigamon® IPFIX Metadata Application for Splunk, the Gigamon® Adaptive Response Application for Splunk and the Gigamon® App for Phantom utilize industry standards and open APIs for seamless integration across product offerings. These solutions empower SecOps and DevOps teams to  take immediate action and effectively combat rapidly evolving and persistent cybersecurity threats.

These three Gigamon integrations bring to life the Defender Lifecycle Model, a new approach to security that addresses the increasing speed, volume and polymorphic nature of cyber threats. The model is based on a foundational layer of pervasive visibility across the four key pillars of prevention, detection, prediction and containment that are essential in a modern cybersecurity infrastructure. The model leverages the GigaSECURE® Security Delivery Platform and enables the integration of machine learning, artificial intelligence (AI) and security workflow automation to shift control away from the attacker and back to the defender.

The industry notes business demand for cybersecurity solutions. According to Gartner, “By 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 20 percent in 2015.” 1

“These new Gigamon solutions for the Splunk and Phantom platforms help customers better manage the threat environment by streamlining the collection, analysis and reaction to suspicious data using the GigaSECURE®  Security Delivery Platform across their cybersecurity infrastructure. This will help customers expand their use case options, and accelerate both their deployment timelines and the time-to-value,” said Ananda Rajagopal, vice president of products at Gigamon. “The integrated solutions speed threat identification and mitigation by automating what is often a time-consuming and complex manual process.”


Splunk Integration Capabilities Overview

For SecOps teams who are challenged with managing an overwhelming amount of data, incidents and potential threats, the new Gigamon integrations for Splunk deliver the visibility and control required to quickly and effectively identify critical incidents and threats and automatically take steps to mitigate them.

The Gigamon IPFIX Metadata Application for Splunk allows Splunk customers to ingest network metadata generated by the GigaSECURE Security Delivery Platform. The Gigamon Adaptive Response Application for Splunk enables security operations center (SOC) teams to automate actions on the GigaSECURE platform in response to threats detected in Splunk ES.

The solutions can be used for a variety of use cases including:

  • The isolation of an infected host trying to resolve high-entropy domain names or block rogue DNS servers.
  • The detection and mitigation of malware attacks such as the recent WannaCry ransomware cyberattack.
  • The redirection of traffic to a recorder or a specific security tool chain for advanced analysis can be performed when usual network traffic activity is seen.

“Increasingly sophisticated threats cannot be eliminated with any single technology. There is no silver bullet for security,” said Haiyan Song, senior vice president and general manager of Security Markets at Splunk. “We created the Adaptive Response Initiative to help organizations more efficiently and flexibly combat advanced attacks with their existing security architectures. Members like Gigamon are key to the success of Adaptive Response. We look forward to working with them as the world embraces an analytics-driven approach to security.”


Phantom Integration Capabilities Overview

The Gigamon App for Phantom users provides SecOps teams with automated and orchestrated security operations and case management. The application utilizes REST APIs provided by the GigaSECURE Security Delivery Platform and enables Phantom users to trigger workflows or remediation actions on the GigaSECURE Security Delivery Platform in response to specific events.

Key benefits of the Gigamon App for Phantom include automating common security operations tasks through predefined playbooks, and orchestrating network threat detection and mitigation to reduce mean time to resolution.

“Gigamon provides an innovative, extensible, and pervasive platform for visibility that integrates with Phantom to orchestrate and automate critical security operations tasks,” says Oliver Friedrichs, CEO and founder, Phantom. “Our integrated solutions allow SecOps teams to work smarter, respond faster and strengthen their network defense postures.”



The Gigamon IPFIX Metadata Application for Splunk and The Gigamon Adaptive Response Application for Splunk are available for free download from Splunkbase. The Gigamon App for Phantom is available for free download from the Phantom Apps online community.


1Gartner, Inc., Shift Cybersecurity Investment to Detection and Response, Ayal Tirosh, Paul E. Proctor, May 3, 2017.


Additional Resources


About Gigamon

Gigamon (NYSE: GIMO) provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. The Gigamon Visibility Platform and the GigaSECURE® Security Delivery Platform, deliver advanced intelligence so that security, network, and application performance management solutions in enterprise, government, and service provider networks operate more efficiently and effectively. Learn more at, the Gigamon blog or follow Gigamon on Twitter, LinkedIn or Facebook. See What Matters.™


# # #

Legal Notice Regarding Forward Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, you can identify forward-looking statements because they contain words such as "may," "will," "should," "expects," "plans," "anticipates," "could," "intends," "target," "projects," "contemplates," "believes," "estimates," "predicts," "potential" or "continue" or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans or intentions.

Forward-looking statements in this press release include, but are not limited to, the potential benefits of Gigamon product integrations with Splunk and Phantom, goals and expectations regarding availability and future performance of joint solutions with Splunk and Phantom, and opportunities for the GigaSECURE® Security Delivery Platform, the Gigamon® IPFIX Metadata Application for Splunk, Gigamon® Adaptive Response Application for Splunk, and Gigamon® App for Phantom. Our expectations and beliefs regarding these matters may not materialize, and actual results in future periods are subject to risks and uncertainties that could cause actual results to differ materially from those projected. These risks include our ability to continue to deliver and improve our products and general market, political, economic and business conditions. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 10-K for the period ended December 31, 2016 and most recent Quarterly Report on Form 10-Q. The forward-looking statements in this press release are based on information available to Gigamon as of the date hereof, and Gigamon disclaims any obligation to update any forward-looking statements, except as required by law.