ExtraHop announces ExtraHop® Reveal(x) Cloud™, a Software-as-a-Service (SaaS)-based network detection and response (NDR) solution for the cloud-first hybrid enterprise. Reveal(x) Cloud provides deep and continuous visibility, enabling Security Operations (SecOps) teams to analyse every transaction, detect threats, and respond to attacks to gain control over their hybrid attack surface and protect their investment in the cloud.

While the cloud has proven to be a force multiplier for DevOps and IT Ops, for SecOps teams already struggling under the burden of a sprawling attack surface and a shortage of skilled analysts, adopting cloud platforms can be a vulnerability. With SecOps taking the blame for stalled migration efforts, enterprises are recognising the need to take a cloud-first approach to securing elastic workloads rather than trying to retrofit old practices to new technology design patterns.

Investigate complex threats

Without native network visibility in the cloud, enterprises have been limited to log- or agent-centric tools

Without native network visibility in the cloud, enterprises have been limited to log- or agent-centric tools, making it difficult to detect and investigate complex threats in a timely manner due to lack of continuous visibility across all environments. Reveal(x) Cloud is a SaaS-based solution that provides security teams with a zero-infrastructure service for AWS that deploys quickly, delivers immediate asset discovery, and offers threat detection, investigation, and response.

The solution takes advantage of new enterprise features introduced by AWS during AWS re:Inforce 2019, including Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring that supports passive observation of network traffic from cloud workloads, and private network peering that allows for the secure transmission of data between AWS accounts. It also connects natively with AWS data sources, such as Amazon CloudWatch, AWS CloudTrail, and Amazon VPC flow logs.

Purpose-built solution

Today, security operations teams often rely on tools and data sources like logs that don’t provide a complete picture,” said Dave Brown, Vice President, EC2 Compute and Networking Services, Amazon Web Services, Inc. “With the introduction of Amazon VPC traffic mirroring, we’re allowing customers to extract traffic of interest from any workload in an Amazon VPC and send it to the right tools to detect and respond faster to attacks often missed by traditional log- and agent-centric tools. With Reveal(x) Cloud, ExtraHop is delivering a purpose-built solution designed to enable AWS customers to take full advantage of network traffic for better cloud visibility, detection, and response.”

Reveal(x) Cloud offers a host of features designed to help SecOps teams support the shared responsibility model, protect cloud workloads by ensuring compliance, and deliver security across the hybrid attack surface.

Track rogue instances

  • Automatic Discovery and Classification: Up-to-the-minute visibility and classification across all cloud workloads allows SecOps teams to track rogue instances, prioritise investigations by risk score, and correlate malicious activity and asset criticality to focus on the highest-risk threats.
  • Application Layer Decoding: Full support for AWS services, such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Elastic Load Balancing means visibility into behaviour, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity.
  • Encrypted Payload Visibility: Reveal(x) Cloud decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.
  • Rich Integrations: AWS CloudTrail events enrich network-based threat detection with on-box activity (disabled logging, suspicious processes, suspect file execution), while connection with Amazon CloudWatch allows granular tracking of privilege manipulation. Customers can also leverage integrations with orchestration platforms, such as Phantom, ServiceNow, and Palo Alto Networks, to automate response workflows.

Complex attack surface

It's time to stop retrofitting old models onto the new reality and start building cloud-first security operations"

The modern hybrid enterprise has created an expansive and complex attack surface that cannot be managed by traditional security tools or architectures," said Jesse Rothstein, CTO and co-founder, ExtraHop. "It's time to stop retrofitting old models onto the new reality and start building cloud-first security operations. With Reveal(x) Cloud and Amazon VPC traffic mirroring, SecOps teams finally have inside-the-perimeter visibility and control over their hybrid attack surface.”

With Amazon VPC traffic mirroring in Reveal(x) Cloud, ExtraHop is further reducing the barriers to cloud adoption, by giving enterprises the same level of insight they’ve always had into their on-premises traffic,” said Mike Sheward, Senior Director, Information Security, Accolade.

Native security features

Visibility has always been key in security, combine Reveal(x) with the native security features you find in AWS, and you’re going to have more actionable visibility than ever. Cloud providers continue to work with security vendors and with enterprise customers to provide functionality and integrations that make it easier, more efficient, and more secure to build presence in the cloud,” said Fernando Montenegro, Principal Analyst, 451 Research.

Amazon VPC traffic mirroring is just the latest example. ExtraHop’s Reveal(x) Cloud fits within this trend, as it allows customers to use traffic monitoring to achieve better network visibility, detection and response, and to do that as a service. This is likely to assist SecOps teams making the transition to support cloud deployments. At ePlus, we believe the right technology transforms IT from a cost center to a business enabler,” said Justin Mescher, Vice President of Cloud and Data Center Solutions, ePlus.

Evolving business models

Pervasive enterprise digital transformation efforts are dramatically expanding the attack surface"

We’re building Reveal(x) Cloud into our CyberSecurity and Cloud practices to allow us to act quickly and accurately to improve our customers’ cloud readiness and security posture. Pervasive enterprise digital transformation efforts are dramatically expanding the attack surface, but many organisations are failing to transform their cybersecurity approaches to keep pace, continuing to use the same cybersecurity methods they have always used while attempting to support continuously evolving business models,” said Joe Vadakkan, Global Cloud Security Leader, Optiv.

Combining industry-leading technologies such as ExtraHop’s Reveal(x) with Optiv’s end-to-end services, enables us to provide clients with an approach to cybersecurity that is aligned to new business models and centred on client-focused outcomes. We believe that ExtraHop Reveal(x) Cloud will deliver great value to cloud workloads by providing the necessary visibility to more efficiently detect and respond to incidents.”

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What are the new trends and opportunities in video storage?
What are the new trends and opportunities in video storage?

Video storage has been a challenge since the days of VCRs and videotape. Storing images is a central need for any video systems, especially one that is focused on the forensic and investigative aspects of video. Today, digital video is stored on hard drives and even in the cloud. Increasingly, video is considered “data” that drives a variety of video analytics and even artificial intelligence (AI) applications. We asked this week’s Expert Panel Roundtable: What are the new trends and opportunities in video storage?

How to deter thieves on construction sites
How to deter thieves on construction sites

Construction site theft can cause project delays, property damage and loss of profit for companies in the construction sector. It is imperative to deter thieves from targeting construction sites with the help of construction site security. Here, we look into the various security options and how they can help protect your firm from the threat of a break-in. Construction theft has soared during the COVID-19 Pandemic Construction site theft is an ever-increasing problem in the UK, costing the industry an estimated £800 million per year. Unfortunately, this type of crime has accelerated further throughout lockdown by an estimated 50% due to the abandonment of construction sites across the UK. With many uncertainties around a potential second wave in the UK, it is time for construction firms to enhance their security strategies to help prevent thieves from becoming opportunists on construction sites. Why are construction sites ‘easy’ targets? Construction sites can easily be targeted, as they typically lack adequate security loss prevention practices. The most popular security-related issues that are leading causes of construction site theft are: Poor overall site security Multiple pieces of equipment sharing the same keys Easy access to open cabs Unsecured sites, particularly at night and over weekends Lack of product identification systems If you do not want your site becoming a costly statistic, you might want to try implementing some or all of these preventive measures. Strengthen your perimeter Putting a clear boundary around a construction site will help to prevent youths and members of the public from inadvertently wandering onto the site. To stop opportunist thieves in their tracks, you will need to go one step further by erecting robust fencing and concrete blocks along with signage warning intruders about the consequences of trespassing. Putting a clear boundary around a construction site will help to prevent youths and members of the public from inadvertently wandering onto the siteIf potential trespassers can see that it would be too challenging to attempt a break-in, then they will look elsewhere to find another construction site which is not as well secured. Lock away valuable tools When considering the vulnerabilities in your construction site, it pays to think about this from the perspective of a criminal. What is it exactly that they are looking for? What can a thief steal easily to make money if they were to remove something from your site? Unfortunately, many construction firms do not lock away their tools, materials or vehicles properly, which makes them an easy target. Ensure valuable tools and materials are locked away and are not left unsecured or lying around. Criminals are mostly interested in scaffolding, bowsers and other valuables that are quick to sell on, so it is important to have a strategy in place to keep these locked away, safe and securely. Put tracking devices in your equipment If you are unable to securely lock away valuable tools, then modern technology makes securing equipment easier than ever before. Tracking devices can be installed onto vehicles and equipment; if any thief is unwise enough to steal from the site, site owners will be able to provide the location to the police who will be able to follow this up. Site owners should also engrave company identification numbers on valuable tools, equipment and vehicles so that it can easily be identified and will serve as proof who it rightly belongs to. Invest in CCTV Closed Circuit Television, otherwise known as CCTV, is renowned for being one of the most effective deterrents for thieves, especially when it comes to construction and building sites.The items that criminals steal from sites are notoriously hard to trace The items that criminals steal from sites are notoriously hard to trace, but if you have CCTV, there is a chance that you can capture clear footage to help bring criminals to justice, such as footage of the vehicle used and the car licence plate. CCTV cameras can help to oversee every inch of a construction site, and can even be hidden out of sight where required. Step up with regular site patrols With a wide range of security monitoring methods available, stepping up on regular site patrols can help to keep track and respond to any criminal activity taking place on your site. Traditional site patrols can be carried out on a schedule by professional SIA-approved security agents. With the presence of guards patrolling a construction site, any criminals in the area will be deterred to force entry onto the site. Schedule supply deliveries on an as-needed basis To prevent an excess of supplies ‘sitting around’ on the site, construction site managers should instead order what is needed at the time, so that valuable materials are not left around waiting to be stolen for weeks at a time. Good planning and excellent communication between the team will be required so that projects are not delayed, but planning accordingly will help to reduce the chances of theft on a construction site. Drone surveillance As technology becomes more and more advanced, drone surveillance may soon be a security option that many construction sites could benefit from.Many construction firms in the UK are using drone services to provide aerial images, and are seeing huge cost savings by either purchasing and operating their own drones or by hiring out the work to a company equipped to provide imaging.As technology becomes more and more advanced, drone surveillance may soon be a security option With surveillance drones already handling tasks like mapping and surveying of construction sites, one day they may be able to patrol construction sites at night, equipped with motion sensors and infrared or night vision cameras; They could be automatically deployed from a charging station and fly along a pre-programmed route at regular intervals. One to keep an eye on for the near future! Construction site security to help protect your site If you are ready to tighten security on your own construction site, then your starting point will be to identify your main vulnerabilities and get in touch with a reputable security specialist.

AI in security: The crystal ball you’ve been waiting for
AI in security: The crystal ball you’ve been waiting for

One of the biggest trends in security and technology today is centered around solutions that take advantage of the wealth of connected security systems and devices powering the organisations all over the world. As the number of cloud-powered systems and sensors have massively grown in recent years, security leaders in the private and public sectors have started to look at ways to leverage the data from these devices to better the lives of employees, customers, and residents. But while the dream of creating a smarter, safer environment remains the top priority for organisations throughout the world especially as they continue to face the ramifications of the COVID-19 pandemic, a myriad of factors hold security leaders back from implementing more advanced technologies across their infrastructures. AI as a disruptor of physical security One of the main reasons being that the advent of these cloud based technologies indubitably generate massive amounts of data that hamper any practical use by security professionals and often times create cognitive overload and paralysis by analysis. A myriad of factors hold security leaders back from implementing more advanced technologies across their infrastructures Organisations face the challenge of trying to answer numerous questions using the big data generated by the various systems and technologies. How are they going to handle the influx of information that all these disparate systems generate? How can it be analysed to extract any useful information or insight? What IT security controls are put in place to safeguard the data? How can the data be effectively curated and funneled to the right people at the right time? How can we make our security footprint be more proactive rather than constantly reactive? The answer is artificial intelligence. AI is undoubtedly one of the bigger disrupters in the physical security industry and adoption is growing at a rapid rate. And it’s not just about video analytics. Rather, it is data AI, which is completely untapped by the security industry. Improving your competitive advantage Today, all divisions of an enterprise are trying to leverage AI and big data to improve their competitive advantage and bottom line, including accounting, sales and marketing, material sourcing, and research and development. We need to ensure that the physical security industry realises they can significantly benefit from better, faster, and more accurate intelligence from the now unstructured, bottomless silos of security data; only then will this result in positioning physical security from a primarily reactive business to a revolutionary new proactive environment. AI is undoubtedly one of the bigger disrupters in the physical security industry and adoption is growing at a rapid rate As an industry, we need to focus on reinventing how security personnel and safety resources are allocated in the public safety and corporate security industry. And it all has to start with intelligence derived from big data using AI. Security leaders in the physical security and law enforcement industry can combine multiple data sources with predictive and prescriptive analytics and artificial intelligence to inform and dynamically deploy personnel, assets, and technologies. This approach drives automation of their current manual processes to maximise the effectiveness and efficiency of their entire security operations. Intelligently predicting the future? Bottom line: AI can change up your security game by automatically deciphering information to predict the future using a wide range of sources and data that have been collected, whether past, present, and future. That’s right; you can look into the future. By grabbing a hold of this AI-powered crystal ball, decision-makers can perform long-term strategic planning and informed day-to-day operational decision making. And what’s more, AI powered platforms are software-based, often delivered using as-a-service business models that empower security personnel to go beyond traditional static business intelligence visualisation and reporting systems to transformative dynamic, predictive and prescriptive decision-making environments. Today’s platforms are also not your traditional, old school, expensive PSIMs; they are cost-effective, configurable to your needs and dare we say, easy to operate. Every security leader I have spoken with lately want to extend AI to their security programs. They don't always know precisely where AI will fit, but they understand the need to operationalise more of their security practices. The overall why is that we should all work collaboratively to help organisations across the globe leverage the tools available to transition away from a reactive stance and gain informed insight into the future where we are truly prepared for and one step ahead of what is coming down the road.