ExtraHop, a pioneer in cloud-native network detection and response, announced a new integration between ExtraHop® Reveal(x) and Google Cloud Platform (GCP) via the new packet mirroring feature announced by GCP at Google NEXT ‘19 UK. Google Cloud’s new Packet Mirroring feature enables Reveal(x) to passively and agentlessly analyse network traffic within GCP to provide robust, real-time threat detection, investigation, and response.
Traffic visibility is critical to prevent security breaches and attacks as networks grow in complexity"
Armed with this visibility, security teams can protect data and workloads in Google Cloud and expand control across the entire hybrid attack surface. Reveal(x) for GCP automatically discovers, classifies, and maps dependencies between workloads, and applies advanced machine learning to surface the most critical threats. Equipped with this information, GCP customers can rapidly identify, investigate, and respond to threats, fulfilling their obligations under the shared responsibility model.
"Ulta Beauty is a company built on seeing possibilities. It's informed everything from our in-store shopping experience to how we build our business – including the technology that supports it," said Diane Brown, senior director of IT risk management and CISO at Ulta Beauty. "In cloud computing, we see the ability to grow faster and deliver more 'wow' experiences to our customers. The new integration between ExtraHop Reveal(x) and Google Cloud's new packet mirroring accelerates our cloud adoption by giving us the visibility we need to secure our applications and protect our most precious asset, our customers."
Full threat visibility
Through the integration with GCP packet mirroring, ExtraHop Reveal(x) provides full threat visibility, detection, and response across cloud and hybrid workloads.
- Full Packet Analysis: Reveal(x) leverages GCP Packet Mirroring to capture payloads and headers, enabling in-depth analysis and threat hunting. Machine learning at the application layer provides immediate detection of difficult-to-spot activity, including exfiltration.
- Encrypted Payload Visibility: Reveal(x) decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.
- Augmented Investigation: Reveal(x) for GCP automates several early investigation steps to provide analysts with workflows that can be completed in clicks, enabling quick and confident response.
Detect network intrusions
"Traffic visibility is critical to prevent security breaches and attacks as networks grow in complexity," said Mahesh Narayanan, product manager at Google Cloud. “With Packet Mirroring, our customers now have a way to proactively detect network intrusions, analyse, and diagnose application performance issues for both Compute Engine and Google Kubernetes Engine, across all regions and machine types."
"Traditional security tools are falling short and new thinking is needed for hybrid enterprises today," said Jesse Rothstein, CTO and co-founder at ExtraHop. “Reveal(x) for GCP Packet Mirroring provides security teams with unparalleled network visibility and cloud-scale machine learning for detection and automated response across your business's complex attack surface.” ExtraHop Reveal(x) for GCP is now available in alpha.