Gigamon, which provides visibility into network traffic across physical, virtual and cloud environments, has integrated the ICEBRG Applied Threat Research (ATR) team into Gigamon. The ATR team (formerly ICEBRG’s well known Security Research Team) is comprised of expert researchers with extensive experience creating leading-edge detection, investigation and response capabilities through world-class threat research.
“The ICEBRG team is excited to continue advanced threat research at scale with Gigamon. Our combined expertise in networking and security will help enterprises reduce risk and allow SOC teams to defend against the most severe threats in their environments.”
– Josh Carlson, vice president of threat research for Gigamon
Their latest report, Gigamon ATR 2018 Crimeware Report “A Sampling of Malicious E-Mail Attachments”, is based on a sample of email attachments used in attacks against a number of Gigamon customers during the first half of 2018, and the detection rates of these samples on VirusTotal. Through this process of collection and analysis, the team was able to observe threat-actor behavior patterns, as well as campaign beginnings, periods of possible experimentation, and occasionally, the end of the pattern.
Key findings in the report include:
- ‘Malspam’ attachments were only detected by 32.6 percent of anti-virus solutions in VirusTotal on the first day of submission, leaving close to 70% undetected
- The most prevalent families of malicious software are detected more often as the anti-virus industry deploys more resources to these campaigns than to the average malspam attack
- However, detection rates only outperform the mean by around 10 percentage points, with the remote access trojan, Pony, having samples evading most anti-virus solutions the first-day samples hit VirusTotal
- Of the most prevalent crimeware families studied, Trickbot is the most successful in evading anti-virus solutions long-term on VirusTotal
“With the integration of the Applied Threat Research team into Gigamon, we have reached a significant milestone in the convergence of NetOps and SecOps,” said Paul Hooper, chief executive officer of Gigamon. “Our optimized threat detection, incident response and network visibility capabilities enable our customers to effectively and efficiently manage, control and secure their infrastructure across the entire enterprise.”
“The ICEBRG team is excited to continue advanced threat research at scale with Gigamon,” said Josh Carlson, vice president of threat research for Gigamon. “Our combined expertise in networking and security will help enterprises reduce risk and allow SOC teams to defend against the most severe threats in their environments.”
For more information on Gigamon ATR and for a full copy of the Gigamon ATR 2018 Crimeware Report “A Sampling of Malicious E-Mail Attachments”, please visit the Gigamon website, and check out the Gigamon Insight page to learn how to effectively and efficiently start securing your organization.