ExtraHop announces Reveal(x) Summer 2018, setting the bar for Network Traffic Analytics at enterprise scale. This release includes capabilities designed to modernise enterprise security operations with critical asset behaviour analysis that instantly surfaces the highest-risk threats, even those hiding within encrypted traffic. With this high-fidelity insight, security operations teams can zero in on critical threat patterns and investigate down to the root cause in seconds, not days. Between 2017 and 2018, threat dwell time in the enterprise increased to 101 days, according to FireEye's M-Trends 2018 Report. The Verizon Data Breach Investigations Report noted, "In many cases, it's not even the organisation itself that spots the breach—it's often a third party, like law enforcement or a partner. Worst of all, many breaches are spotted by customers." The Reveal(x) Summer 2018 release significantly reduces dwell time by highlighting late stage attack activities Real-time visibility, high-fidelity insight The Reveal(x) Summer 2018 release significantly reduces dwell time by highlighting late stage attack activities, shining light on the "darkspace" in the enterprise – the hard-to-reach areas of the network along the East-West corridor. Through comprehensive network traffic analytics, Reveal(x) delivers real-time visibility and high-fidelity insight into threats to your critical assets throughout the hybrid enterprise. The "headlines" dashboard prioritises speed and accuracy, eliminating the fake news fire drills from other tools by highlighting the highest-risk detections correlated with external and industry threat intelligence. Other key features in the Summer 2018 release include: Need-to-Know Decryption: Respect for privacy is simple now that authorised threat hunters and forensic investigators can be given rights to look inside suspicious packets for authoritative evidence (including content and user information), while other analysts only see the detections and metadata insights gleaned from the decrypted traffic. TLS 1.3 Support: As of 2017, forty-one percent of cyber attacks’ used encryption to evade detection, so the ability to detect threats within encrypted traffic is even more critical. With the release, Reveal(x) is the only solution that offers out-of-band decryption at up to 100 Gbps and supports the requirements of the TLS 1.3 protocol as well as decryption of perfect forward secrecy. Network Privilege Escalation Detection: Reveal(x) identifies changes to behaviour that indicate an attacker has compromised a device, escalated access rights, and is using these higher privileges to explore and attack within the enterprise. Reveal(x) now infers escalation attempts on critical assets automatically based on changes in device behaviour, commands, and protocol use, enabling detection of attacks underway and allowing SecOps teams to contain them before damage is done. Reveal(x) now automatically correlates device behaviour against peer devices for more precise assessment of anomalous behaviour Peer Group Anomaly Detection: Reveal(x) now automatically correlates device behaviour against peer devices for more precise assessment of anomalous behaviour, leveraging auto-discovery and classification of critical assets. This strong outlier validation improves insider threat and compromised host detection and enriches Reveal(x) investigative workflows with critical asset context that helps SecOps collaborate with IT teams controlling endpoints and data centers. Threat Feed Integration: The release ingests Structured Threat Information Expression (STIX) formatted threat intelligence that contains suspect URIs, hosts, or IP addresses, and highlights correlations with detections from network traffic. SecOps teams can use STIX feeds in Reveal(x) or a secondary feed can be added for depth of intelligence. Analysts can confirm details within the workflow via easy access to enriched data and more easily retrace attack interactions that involve external actors, including Command and Control and exfiltration activities. Third Party Integrations: Enterprise Security Operations teams need to partner with other IT teams and their tools to accomplish evaluation, scoping, containment, and mitigation within approved processes. ExtraHop's REST APIs provide formal integrations for automated interaction with premier threat intelligence, investigation, and response platforms including Anomali, Palo Alto Networks, Phantom, ServiceNow, and Splunk. These two-way integrations inject definitive Reveal(x) insights and wire data into other tools and let Reveal(x) interact as part of investigation and response workflows, including forensic packet analysis. At ExtraHop we've spent years developing technology that can analyse the entire network in real time" Reliable security infrastructure "Today's threat actors are taking advantage of vast attack surfaces that extend across every endpoint from the branch office to the datacenter or the cloud and too often they operate unnoticed," said Jesse Rothstein, CTO and co-founder, ExtraHop. "At ExtraHop we've spent years developing technology that can analyse the entire network in real time – every critical asset and every transaction so that there are no blind spots. With Reveal(x) Summer 2018, we've applied that deep domain expertise to security operations, closing the visibility gap and surfacing the accurate, targeted information that allows SecOps teams to act quickly and with confidence." "Security operations centers (SOCs) manage the business of security – maintaining a reliable security infrastructure, sorting through critical informational events and alerts, and working across the IT organisation to fix security problems," said Eric Ogren, Senior Analyst at 451 Research. "Network traffic analytics are poised to play a pivotal role in modernising security operations. ExtraHop Reveal(x) is a pioneer of this emerging market segment with the ability to deliver broad network visibility, prioritization of critical assets, and advanced behavioural analytics to reduce and possibly eliminate the dark space within the enterprise."
Digital Guardian announces the general availability of the Digital Guardian Analytics & Reporting Cloud (DG ARC), the only data protection solution leveraging the same endpoint agent and management console to deliver Data Loss Prevention (DLP) and Threat Detection & Response (TDR). With DG ARC, customers of Digital Guardian can instantly access a subscription-based, big-data security analytics cloud service that puts their most sensitive information assets at the centre of all data protection, user monitoring, and threat detection and response activities. Combining traditional DLP with contemporary features “We are declaring this a new dawn for data loss prevention because we’re the first security platform to combine the traditional capabilities of DLP with the contemporary features required for endpoint threat detection and response, all delivered in the cloud,” said Ken Levine, President, and Chief Executive Officer of Digital Guardian. “A lot has changed in the security world, but one thing remains the same: data is the target. We need security solutions that always put sensitive data at the forefront of organisations’ security efforts and DG ARC achieves that.” "The market demand for consolidation of security products is very pronounced at the endpoint" Today’s leading security industry analysts understand data is constantly at risk due to insecure insider behaviour and a variety of external attacks; however, the market offers solutions for only one security challenge or the other. This arbitrary separation of insider versus outsider data protection requirements confuses the buyer and unnecessarily compels them to invest in more solutions than they really need. “The market demand for consolidation of security products is very pronounced at the endpoint,” explains Eric Ogren, senior security analyst at 451 Research. “Our research and market studies show that 61% of enterprises deploy 2-5 security products on their endpoints with close to 10% of respondents reporting between 6 and 20. This large number of tools becomes a significant barrier to managing risk effectively. Security services such as DG ARC that combine data protection with threat detection and response will appeal to security teams looking to reduce operational costs.” DG ARC features DG ARC represents a new class of security solution – threat aware data protection delivered as a subscription-based cloud service. It provides the feature consolidation security buyers now demand. Leveraging a single endpoint agent to collect system, user, data and forensic events, DG ARC provides the core features, functions, and capabilities of: Data Loss Prevention – DG ARC will identify and classify information contained within an object while at rest, in use or in transit and dynamically apply a wide range of policies and controls (i.e. log, report, classify, relocate, tag, block, encrypt, etc.). Threat Detection and Response – DG ARC will provide capabilities to detect, investigate, and mitigate malware, ransomware, and other attacks on hosts/endpoints from external actors. Big Data Security Analytics and Reporting – DG ARC’s cloud-based, big data architecture removes storage limitations on the endpoint and can aggregate, analyse, and query system, user and data related events across the network and endpoints. The eventual goal of almost every security product on the market is to protect data Data protection The eventual goal of almost every security product on the market is to protect data. Database security prevents unapproved users from accessing data stores. Network and application scanning aims to correct network and app vulnerabilities to prevent hacker exploitation and unauthorised access to data. Next generation firewalls attempt to block the use of malicious applications that steal data. The emerging next gen anti-virus solutions claim to protect data by blocking malware that could result in data loss. But none of these solutions truly understand what they are intended to protect - the data. They have no ability to see inside a file, e-mail or packet and know exactly what’s in it – only the Digital Guardian Data Protection Platform does. “Protecting organisations requires a deep understanding of their data. DG ARC delivers the deepest data visibility available on the market today,” said David Karp, chief product officer at Digital Guardian. “It’s the only solution that empowers the InfoSec Analyst, Incident Responder and Threat Hunter to rapidly visualise how data is being used. Seeing this will highlight the risk posed to sensitive information by valid users and compromised systems. That intelligence is a requirement to understand real risk and drive the most effective approach to protecting sensitive data from all threats.”