ExtraHop, the globally renowned provider of cloud-native network detection and response solutions, has announced the general availability of Reveal(x) 360, the first SaaS-based network detection and response (NDR) solution. Reveal(x) 360 NDR solution provides on-demand, unified visibility across multi-cloud and hybrid workloads, as well as distributed workforces and operations. Reveal(x) 360 SaaS-based NDR With ExtraHop Reveal(x) 360, security operations teams can harness the power of the cloud to improve security posture without compromising availability or core business objectives. Organisations around the world have experienced massive disruption as workforces rapidly transitioned to remote work and operations shifted off-premises. While the first phase of this shift focused primarily on making critical assets available to employees, the next phase will focus on how to enable that model long term and at scale. Cloud and IoT digital transformation Cloud, with its unlimited scale, OpEx pricing model, and global availability is suited for a distributed workforce At the centre of that transformation are the Cloud and IoT. Cloud, with its unlimited scale, OpEx pricing model, and global availability zones, is ideally suited to enabling a distributed workforce. At the same time, the need to support IoT has already increased exponentially as security and IT Ops teams contend with a plethora of employee devices accessing network resources. Frictionless security With Reveal(x) 360, ExtraHop combines the power of network data with the scale and speed of the Cloud to provide frictionless security from the data center to the Cloud to the user and device edge. It is cloud-delivered, cloud-agnostic, and provides cloud intelligence for continuous protection across the entire attack surface. Fully-integrated workflow A fully-integrated workflow enables SecOps teams to manage detection, investigation, and response at scale and align to the demands of the business, even as IT and business realities continue to evolve. Cloud-Native Consumption Model - Reveal(x) 360 provides on-demand consumption, enabling customers to manage peak periods like Cyber Monday, fall course registration, and insurance enrollment periods without getting locked into annual contracts. On-demand consumption for index record search is available immediately, with additional on-demand purchasing options available in July. Centralised Management and Threat Visibility - A unified management pane provides complete visibility and control across multi-cloud workloads, data centers, remote sites, and users and devices all in one place. With centralised visibility, security teams can confidently detect, investigate, and respond to threats across the entire attack surface without switching between multiple point solutions trying to piece together the path of an attack. AI-Powered Threat Detection - Real-time intelligence and behavioral analysis derived from petabytes of anonymised threat telemetry collected daily makes Reveal(x) 360 cloud-based machine learning uniquely reliable, all without impacting sensor performance. Cloud-scale ML provides more than 1 million predictive models for a typical enterprise deployment to identify suspicious behaviors and potential threats. Real-Time Investigation - A cloud-based record store provides fully hosted and managed search capability for streamlined incident investigation with index record search and query of data from every segment of the hybrid environment. Continuous Intelligence - Reveal(x) 360 automatically updates detectors, threat intelligence feeds, and IoT profiles via the cloud, eliminating the need for manual intervention to ensure that policies or software on sensors are up to date. Securing data centres, remote sites & cloud workloads Over the past months, remote work, digital interactions, and online services have accelerated at an unprecedented rate" “Over the past several months, remote work, digital interactions, and online services have accelerated at an unprecedented rate,” said Jesse Rothstein, ExtraHop Co-Founder and CTO. Jesse adds, “And there is an increasing need to address significant gaps that have been exposed around both security and availability. Reveal(x) 360 is the culmination of a multi-year R&D investment to secure data centers, remote sites, and cloud workloads with frictionless deployment and actionable insights that can be securely accessed from anywhere.” Reveal(x) 360 for multi-cloud and hybrid cloud environments is now available on AWS Marketplace. Flexible pricing plans include reserved instance and on-demand pricing options to align with individual customer budget requirements. Customer reviews “When you’re looking at investing in the rhythm of your business, there’s no other company that aligns to supporting the DevOps model—the speed, the lack of friction, than ExtraHop,” said Dan McDaniel, Chief Architect and Information Security Officer at Wizards of the Coast. “Before ExtraHop, we had limited visibility into what was going on in the cloud, but with Reveal(x), we can quickly identify vulnerabilities and exploits and understand how our applications are performing in the cloud,” said John Kreis, Senior IT Engineer at Ulta Beauty. Enhanced application, infrastructure security ExtraHop makes it easy to monitor our environment and secure it, from remote desktops to cloud workloads" “With ExtraHop, we’re able to monitor not only bandwidth and resources, but the security of our applications and infrastructure. With more and more of our workloads in the cloud, and now, with so many of our people working remotely, the level of visibility we get from ExtraHop in a single tool is just unmatched,” said a Senior Network Security Engineer for a large retail chain. “ExtraHop makes it straightforward to monitor our environment and secure it, from remote desktops to cloud workloads,” said a Senior Manager for Security and Infrastructure at a West Coast healthcare provider firm. Partner review “Now that the dust has settled a bit since the initial transition to remote work, many of our customers are now looking to the future, thinking about how to support this forced transformation long term,” said Jonathan Wharton-Street, Head of Government and Education Sales, SBL. He concludes, “Making sure you have a handle on every user and device accessing network resources is going to be critical to that. Reveal(x) 360 provides continuous visibility across every device and workload so that you never have to worry about what you don’t see.”
ExtraHop, the provider of cloud-native network detection and response, accelerates its market leadership with new capabilities that provide 360-degree threat visibility, detection, and response across multi-cloud, data centre, and IoT deployments in a single hosted solution. With ExtraHop® Reveal(x) Cloud™, security operations teams can harness the power of the cloud to eliminate friction in finding and addressing threats across workloads, reduce tool sprawl associated with multi-cloud and hybrid cloud deployments, and accelerate adoption of network detection and response (NDR) within their organisations. Proliferation of IoT devices More than 85 percent of organisations have workloads running in multiple cloud environments Today, more than 85 percent of organisations have workloads running in multiple cloud environments. By next year, it will be 98 percent. At the same time, the proliferation of IoT devices and the deployment of IT infrastructure across remote sites has vastly expanded the enterprise attack surface beyond cloud and data center deployments. Those challenges are compounded by the exponential increase in tooling and agents required to monitor and manage these deployments, particularly cloud workloads and IoT. Security operations teams have long viewed the cloud as part of the problem; with its latest features, ExtraHop is turning cloud into the solution. Reveal(x) Cloud is the first and only cloud-delivered, cloud-agnostic, and cloud-intelligent NDR platform providing immediate value and continuous protection across the entire attack surface. Integrated workflow with a SaaS-based solution For the first time, SecOps teams can manage detection, investigation, and response via an integrated workflow with a SaaS-based solution that scales to the demands of the business. This cloud-native model removes points of friction for security operations itself, helps to break down silos between security, IT, and cloud infrastructure teams, and gives them the tools they need to move with the speed and agility the business demands. Reveal(x) Cloud reduces friction and accelerates time to value with a fully hosted NDR solution Reveal(x) Cloud reduces friction and accelerates time to value with a fully hosted NDR solution. The SaaS offering aggregates and analyses data from sensors deployed across networks in data centers, remote offices, and multi-cloud environments, and it surfaces information in a single UI for seamless management across workloads. ExtraHop automatically updates detectors, threat intelligence feeds, and IoT profiles via the cloud, eliminating the need for manual intervention to ensure that policies or software on sensors are up to date. Cloud-based machine learning Reveal(x) Cloud integrates with AWS Traffic Mirroring, Google Cloud Packet Mirroring, and Microsoft Azure to deliver visibility, threat detection, and response capabilities across major cloud providers – as well as data centres and remote sites – in a single, SaaS-based management pane. This cloud-agnostic approach supports collaboration between security, IT, and cloud teams for better threat response across multi-cloud and hybrid deployments. A cloud record store provides streamlined investigation with index record search and query of data Reveal(x) Cloud leverages the scale and scope of the cloud to provide 360-degree visibility and situational awareness across data centre, remote site, multi-cloud, and IoT environments to monitor and respond to threats. Real-time intelligence derived from petabytes of anonymised threat telemetry collected daily makes our cloud-based machine learning uniquely reliable – all without impacting sensor performance. Cloud-scale ML provides more than 1 million predictive models for a typical enterprise deployment to identify suspicious behaviours and potential threats. A cloud record store provides streamlined investigation with index record search and query of data from every segment of the hybrid environment. Delivering global intelligence “Organisations should be able to easily secure their workloads across public, private, and hybrid clouds without requiring multiple tools or creating a management headache,” said Jesse Rothstein, ExtraHop co-founder and CTO. “ExtraHop takes advantage of the virtually unlimited compute resources of the cloud to perform machine learning at scale across more than 15 million devices – and over four petabytes of threat telemetry per day – across our customer base to deliver global intelligence to prepare every security team, from the large enterprise to the midmarket, to handle both present and future threats.” Reveal(x) Cloud for multi-cloud and hybrid cloud environments will be available in May 2020.
ExtraHop, the provider of cloud-native network detection and response, announces a suite of new features designed to streamline the secure adoption and implementation of IoT in the enterprise. ExtraHop® Reveal(x)™ now provides advanced discovery, classification, and behaviour profiling for enterprise IoT devices, providing visibility from the device to the service layer. These latest enhancements extend Reveal(x) capabilities to the enterprise IoT device edge, providing complete visibility, detection, and response across the attack surface without the need to implement narrow point solutions. Consistent growth in enterprise IoT usage IoT reduces operational friction, making businesses more efficient and employees more productive IoT reduces operational friction, making businesses more efficient and employees more productive. But this comes at a cost. IoT moves computing power to the edge, vastly expanding the enterprise attack surface, and without visibility into what devices are connecting to the network and what resources they are accessing, it leaves organisations vulnerable to threats. “Our research points to consistent growth in enterprise IoT usage which, along with other enterprise initiatives, has led to a growing attack surface,” said Fernando Montenegro, Principal Analyst, Information Security, 451 Research. “This leads to increased demands from enterprise security teams for visibility into network traffic, analysis for detection of threats, followed by remediation as needed.” Continuous behavioural monitoring With the latest release, ExtraHop Reveal(x) now provides the visibility, detection, and investigation capabilities security and IT organisations need to continuously secure and manage expanding IoT deployments. Continuous Device Discovery and Classification discovers, identifies, and profiles all IoT devices and services to deliver complete visibility without friction to IT and Security Operations teams. Device Behaviour Profiling extracts rich L2-L7 data from network and cloud traffic, enabling deeper analysis across devices at the service level. When paired with cloud-scale machine learning from ExtraHop, this data is correlated with other network events to rapidly and accurately detect threat patterns for immediate response. This provides organisations with continuous behavioural monitoring and detection for IoT devices such as VoIP phones, printers, IP cameras, wearables, and smartboards. Guided Investigation automatically gathers contextual information, related detections, and packet level details into a single workflow to streamline and accelerate response actions, enabling security analysts and threat hunters to quickly determine the impact and scope of an IoT event and easily drill into forensic level details. IoT Security Hygiene helps security and IT operations teams address issues such as IoT devices and services using unencrypted communications, and when discovered, can automate response actions with other systems like creating a ticket or isolating devices on the network. Network detection and response solution “We believe that enterprise IoT is a strong fit for ExtraHop's network detection and response solution. Not only do we discover the presence of IoT devices, identifying make and model, but we also automatically segment into peer groups to detect suspicious behaviours and potential threats.” said Jesse Rothstein, CTO and co-founder at ExtraHop. “Reveal(x) enables organisations to truly understand the level of risk a device poses and provides situational awareness of the environment.” Enterprise IoT Security features are now globally available with ExtraHop Reveal(x) platform.
ExtraHop, the leader in cloud-native network detection and response, announced its top predictions for the cybersecurity and technology industries in 2020. Informed by insight from customers, partners and industry analysts and insiders, ExtraHop leaders predict a year of tool consolidation, headline-grabbing breaches and a shifting industry focus on what makes a successful tech start-up. The Year of Deeper Scrutiny for Fast-Growth Companies: “2019 was a tough year for heavily hyped, fast-growth companies going public in Silicon Valley. Several companies that raised huge rounds ultimately failed to deliver expected results or even approach profitability after they went public, and Wall Street was not amused. In 2020, we expect the investment community to more deeply scrutinise companies' financials and business fundamentals, ultimately leading to the support of companies who deliver on their promises, are capital-efficient with sound vision and innovation, and have truly sustainable business results and models to back them up.” - Arif Kareem, CEO File hashing has been the default mechanism for detecting malicious threat activity" Antiquated Threat Detection Methods like File Hashing and Signature-Based IDS Waste Time: “Since the 1990s, file hashing has been the default mechanism for detecting malicious threat activity, despite the fact that it's ineffective against modern attacks that use polymorphic or fileless methods to go undetected. The same goes for signature-based IDS, which are extremely noisy while providing very little actual alert context. Security teams will continue to rely on these antiquated methods of detection because they are expected to, regardless of how well they work in today's threat landscape.” - Jesse Rothstein, CTO and co-founder Accountability for the Ethical Use of Users’ Data: “Recent headlines tell of giant data corporations like Google and Facebook monetising users' data and lacking sufficient transparency in these activities. There’s already been significant social backlash, but in 2020 we predict that users will demand companies not just follow the often-dated laws, but that they also do what’s right. Regulations like GDPR and CCPA are helping to bring more clarity around what’s appropriate, but 2020 will be the year that the industry is held accountable for the ethical, in addition to regulatory-compliant, use of personal data.” - Raja Mukerji, CCO and co-founder A Slowing Economy Will Force Tool Consolidation: “In security programs, it's been very difficult to turn tools off. What gaps will I create? What unintended consequences will I see? As the economy has rolled along over the last decade, most security programs have had the necessary funding to add new tools and retain legacy tools under the guise of risk management. Economic slowdown is likely to change all of that, as investments in new technology will require cost savings elsewhere. A tighter economy will finally cause us to pull the plug on legacy security tools.” - Bill Ruckelshaus, CFO A tighter economy will finally cause us to pull the plug on legacy security tools""Observability" Will Gain Ground as Both a Concept and a Vocabulary Term in Security and DevOps: “Observability is a term that several companies are using to describe the practice of capturing metrics, logs and wire telemetry, or sometimes other data sources, mostly in the DevOps space. The value of correlating insights from these data sources has gained enough ground that vendors need a word for it. Observability, The SOC Visibility Triad, and other terms have been spotted in marketing materials and on big screens and main stages at security and analytics conferences. In 2020, we'll see heated competition to control the vocabulary and mental models that enterprises and vendors use to discuss and market security best practices regarding gathering multiple data sources and correlating insights between them.”- John Matthews, CIO A Major Information Leak from a Cloud Provider is Coming: “In 2020, we are likely to see a major information leak from a cloud provider. While at the same time the cloud providers are providing many useful built-in tools, it's not clear that they are using their own tools to secure themselves. As a further prediction, the leak will not effectively diminish migration to the cloud. As we have noticed with other breaches, they do not significantly erode confidence in the services.” - Jeff Costlow, CISO 2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers" The Wave Begins Towards Security Tool Consolidation: “Organisations will take a strong look at the number of security vendors within their ecosystem in 2020 to determine overlap and begin a move towards consolidation of tools. The winners will include those that have proven their API superiority and ability to work together within an organisation’s ecosystem. The losers will be those who have not proven their ability to strengthen core security.” - Chris Lehman, SVP of Worldwide Sales A Vendor Will Be Responsible for a Major Breach of Data Due to Phoning Home: “In 2019, ExtraHop issued a security advisory about the vendor practice of phoning data home and how this is happening without the knowledge of customers. The problem with this practice is that it expands the attack surface via which that data can be breached, exposing it to threats within the vendor’s environment. 2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers. Regulations like GDPR have imagined exactly this type of scenario and laid out specific requirements for data controllers and data processors. But when such a breach occurs, it will have broad impact and implications.” - Matt Cauthorn, VP Security The Big IoT Breach is Coming: “In 2017, major ransomware attacks crippled the networks, and operations, of major global organisations. While those attacks did billions in damage, for the most part, IoT devices were left unscathed. But sooner or later, and probably sooner, the big IoT breach is coming, and it could have global implications. Whether it happens in the US or abroad, in healthcare, shipping and logistics, or manufacturing, IoT devices around the globe are fertile hunting grounds for attackers. Taking down every connected device, from telemetry sensors to infusion pumps to mobile points-of-sale, could easily grind operations to a halt.” - Mike Campfield, VP of Global Security Programs
ExtraHop, globally renowned provider of cloud-native network detection and response solutions, has announced a new integration with Amazon Web Services (AWS) that automates the isolation of compromised Amazon Elastic Compute Cloud (EC2) instances and empowers security operations teams to create a wide range of customisable response automations, from quarantining and blocking to ticketing and tagging. ExtraHop Reveal(x) Cloud Alongside the new automation capability, ExtraHop Reveal(x) Cloud offers continuous packet capture in AWS Alongside the new automation capability, ExtraHop Reveal(x) Cloud now offers continuous packet capture in AWS. That reduces the amount of time, effort, and money required to perform packet-level analysis while providing security teams with the forensic detail they need to get to root cause or to fulfill chain-of-custody requirements. Response automation is considered the Holy Grail for many security operations, allowing teams to snuff out threats before they further infiltrate or damage the organisation. But when done at a tool level instead of a system level, response automation too often results in devices being quarantined or systems being shut down based on unreliable data or incomplete information. ExtraHop integration with AWS Lengthy investigation time compounds the challenge, leaving critical systems idle until the threat can be remediated, and potentially resulting in business downtime and lost revenue. The latest ExtraHop integration with AWS brings precision to both response automation and investigation workflows in the cloud. The AWS quarantine integration combines high-fidelity detections from Reveal(x) Cloud with AWS security group policies to automatically quarantine compromised EC2 instances, enabling timely and targeted response. Streamline investigations in cloud and hybrid environments Security teams can also modify the trigger, or write a new trigger, to take different actions when detection violates policies. With right-sized continuous packet capture, Reveal(x) Cloud takes an analytics-first approach to investigation, allowing security operations teams to go from detection to associated packets in a matter of clicks, keeping investigations fast and focused. Reveal(x) Cloud also includes new features that streamline investigation in cloud and hybrid environments, enabling analysts to rapidly identify and respond to the highest priority threats. 1G, 5G, and 10G SaaS offerings with Continuous Packet Capture within AWS environments support streamlined and guided investigation for any incident. Customers can begin purchasing the Reveal(x) Cloud PCAP for AWS offering in early 2020. Related Detections reduce response time by automatically surfacing similar threats across architectures in a Reveal(x) Cloud investigation workflow. This provides SecOps teams with a unified view of attack patterns happening in the environment. Enhanced reporting capability provides executive-level overviews of security posture at the touch of a button. Reports zero in on critical threats while also delivering high-level insight into compliance across hybrid and cloud environments. Advanced visibility and detection “Though AWS supports strong controls, companies are responsible for securing their own workloads, which is a daunting task with the current cyber security skills shortage and nascent cloud security market,” said Jesse Rothstein, CTO and co-founder, ExtraHop. Jesse adds, “Our Reveal(x) solution provides SecOps teams with advanced visibility, detection, and response for hybrid environments. We are constantly working to expand our capabilities, and this integration with AWS is another step towards winning the arms race in enterprise security.”
ExtraHop, a pioneer in cloud-native network detection and response, announced a new integration between ExtraHop® Reveal(x) and Google Cloud Platform (GCP) via the new packet mirroring feature announced by GCP at Google NEXT ‘19 UK. Google Cloud’s new Packet Mirroring feature enables Reveal(x) to passively and agentlessly analyse network traffic within GCP to provide robust, real-time threat detection, investigation, and response. Cloud computing Traffic visibility is critical to prevent security breaches and attacks as networks grow in complexity" Armed with this visibility, security teams can protect data and workloads in Google Cloud and expand control across the entire hybrid attack surface. Reveal(x) for GCP automatically discovers, classifies, and maps dependencies between workloads, and applies advanced machine learning to surface the most critical threats. Equipped with this information, GCP customers can rapidly identify, investigate, and respond to threats, fulfilling their obligations under the shared responsibility model. "Ulta Beauty is a company built on seeing possibilities. It's informed everything from our in-store shopping experience to how we build our business – including the technology that supports it," said Diane Brown, senior director of IT risk management and CISO at Ulta Beauty. "In cloud computing, we see the ability to grow faster and deliver more 'wow' experiences to our customers. The new integration between ExtraHop Reveal(x) and Google Cloud's new packet mirroring accelerates our cloud adoption by giving us the visibility we need to secure our applications and protect our most precious asset, our customers." Full threat visibility Through the integration with GCP packet mirroring, ExtraHop Reveal(x) provides full threat visibility, detection, and response across cloud and hybrid workloads. Full Packet Analysis: Reveal(x) leverages GCP Packet Mirroring to capture payloads and headers, enabling in-depth analysis and threat hunting. Machine learning at the application layer provides immediate detection of difficult-to-spot activity, including exfiltration. Encrypted Payload Visibility: Reveal(x) decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic. Augmented Investigation: Reveal(x) for GCP automates several early investigation steps to provide analysts with workflows that can be completed in clicks, enabling quick and confident response. Detect network intrusions "Traffic visibility is critical to prevent security breaches and attacks as networks grow in complexity," said Mahesh Narayanan, product manager at Google Cloud. “With Packet Mirroring, our customers now have a way to proactively detect network intrusions, analyse, and diagnose application performance issues for both Compute Engine and Google Kubernetes Engine, across all regions and machine types." "Traditional security tools are falling short and new thinking is needed for hybrid enterprises today," said Jesse Rothstein, CTO and co-founder at ExtraHop. “Reveal(x) for GCP Packet Mirroring provides security teams with unparalleled network visibility and cloud-scale machine learning for detection and automated response across your business's complex attack surface.” ExtraHop Reveal(x) for GCP is now available in alpha.
ExtraHop announces ExtraHop® Reveal(x) Cloud™, a Software-as-a-Service (SaaS)-based network detection and response (NDR) solution for the cloud-first hybrid enterprise. Reveal(x) Cloud provides deep and continuous visibility, enabling Security Operations (SecOps) teams to analyse every transaction, detect threats, and respond to attacks to gain control over their hybrid attack surface and protect their investment in the cloud. While the cloud has proven to be a force multiplier for DevOps and IT Ops, for SecOps teams already struggling under the burden of a sprawling attack surface and a shortage of skilled analysts, adopting cloud platforms can be a vulnerability. With SecOps taking the blame for stalled migration efforts, enterprises are recognising the need to take a cloud-first approach to securing elastic workloads rather than trying to retrofit old practices to new technology design patterns. Investigate complex threats Without native network visibility in the cloud, enterprises have been limited to log- or agent-centric tools Without native network visibility in the cloud, enterprises have been limited to log- or agent-centric tools, making it difficult to detect and investigate complex threats in a timely manner due to lack of continuous visibility across all environments. Reveal(x) Cloud is a SaaS-based solution that provides security teams with a zero-infrastructure service for AWS that deploys quickly, delivers immediate asset discovery, and offers threat detection, investigation, and response. The solution takes advantage of new enterprise features introduced by AWS during AWS re:Inforce 2019, including Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring that supports passive observation of network traffic from cloud workloads, and private network peering that allows for the secure transmission of data between AWS accounts. It also connects natively with AWS data sources, such as Amazon CloudWatch, AWS CloudTrail, and Amazon VPC flow logs. Purpose-built solution “Today, security operations teams often rely on tools and data sources like logs that don’t provide a complete picture,” said Dave Brown, Vice President, EC2 Compute and Networking Services, Amazon Web Services, Inc. “With the introduction of Amazon VPC traffic mirroring, we’re allowing customers to extract traffic of interest from any workload in an Amazon VPC and send it to the right tools to detect and respond faster to attacks often missed by traditional log- and agent-centric tools. With Reveal(x) Cloud, ExtraHop is delivering a purpose-built solution designed to enable AWS customers to take full advantage of network traffic for better cloud visibility, detection, and response.” Reveal(x) Cloud offers a host of features designed to help SecOps teams support the shared responsibility model, protect cloud workloads by ensuring compliance, and deliver security across the hybrid attack surface. Track rogue instances Automatic Discovery and Classification: Up-to-the-minute visibility and classification across all cloud workloads allows SecOps teams to track rogue instances, prioritise investigations by risk score, and correlate malicious activity and asset criticality to focus on the highest-risk threats. Application Layer Decoding: Full support for AWS services, such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Elastic Load Balancing means visibility into behaviour, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity. Encrypted Payload Visibility: Reveal(x) Cloud decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic. Rich Integrations: AWS CloudTrail events enrich network-based threat detection with on-box activity (disabled logging, suspicious processes, suspect file execution), while connection with Amazon CloudWatch allows granular tracking of privilege manipulation. Customers can also leverage integrations with orchestration platforms, such as Phantom, ServiceNow, and Palo Alto Networks, to automate response workflows. Complex attack surface It's time to stop retrofitting old models onto the new reality and start building cloud-first security operations" “The modern hybrid enterprise has created an expansive and complex attack surface that cannot be managed by traditional security tools or architectures," said Jesse Rothstein, CTO and co-founder, ExtraHop. "It's time to stop retrofitting old models onto the new reality and start building cloud-first security operations. With Reveal(x) Cloud and Amazon VPC traffic mirroring, SecOps teams finally have inside-the-perimeter visibility and control over their hybrid attack surface.” “With Amazon VPC traffic mirroring in Reveal(x) Cloud, ExtraHop is further reducing the barriers to cloud adoption, by giving enterprises the same level of insight they’ve always had into their on-premises traffic,” said Mike Sheward, Senior Director, Information Security, Accolade. Native security features “Visibility has always been key in security, combine Reveal(x) with the native security features you find in AWS, and you’re going to have more actionable visibility than ever. Cloud providers continue to work with security vendors and with enterprise customers to provide functionality and integrations that make it easier, more efficient, and more secure to build presence in the cloud,” said Fernando Montenegro, Principal Analyst, 451 Research. “Amazon VPC traffic mirroring is just the latest example. ExtraHop’s Reveal(x) Cloud fits within this trend, as it allows customers to use traffic monitoring to achieve better network visibility, detection and response, and to do that as a service. This is likely to assist SecOps teams making the transition to support cloud deployments. At ePlus, we believe the right technology transforms IT from a cost center to a business enabler,” said Justin Mescher, Vice President of Cloud and Data Center Solutions, ePlus. Evolving business models Pervasive enterprise digital transformation efforts are dramatically expanding the attack surface" “We’re building Reveal(x) Cloud into our CyberSecurity and Cloud practices to allow us to act quickly and accurately to improve our customers’ cloud readiness and security posture. Pervasive enterprise digital transformation efforts are dramatically expanding the attack surface, but many organisations are failing to transform their cybersecurity approaches to keep pace, continuing to use the same cybersecurity methods they have always used while attempting to support continuously evolving business models,” said Joe Vadakkan, Global Cloud Security Leader, Optiv. “Combining industry-leading technologies such as ExtraHop’s Reveal(x) with Optiv’s end-to-end services, enables us to provide clients with an approach to cybersecurity that is aligned to new business models and centred on client-focused outcomes. We believe that ExtraHop Reveal(x) Cloud will deliver great value to cloud workloads by providing the necessary visibility to more efficiently detect and respond to incidents.”
ExtraHop, provider of enterprise cyber analytics from the inside out, announces new capabilities designed to help Security Operations Center (SOC) and Network Operations Center (NOC) teams identify and safeguard critical assets, rapidly detect late-stage and insider threats, and transform security analysts into threat experts with streamlined investigation workflows. Demand for business agility and uptime have accelerated the rapid modernisation of IT, which is now highly dynamic and distributed - from the data center, to cloud infrastructure and SaaS, to remote sites and device edges. Advanced detections These changes introduce complexity and expand the attack surface, contributing to high rates of false positives and obscuring true threats. Analysts constantly waste time, through no fault of their own, working to validate the constant flow of alerts to determine if investigation is warranted. Senior analysts get timely detail on users and devices to support rogue device detection, insider threat investigations, threat hunting, and forensics The Winter 2019 release of ExtraHop Reveal(x) improves SOC and NOC analyst productivity through contextual discovery of the enterprise attack surface, full-spectrum detection, and one-click guided investigation for incident response. Advanced detections incorporate device and user context to identify known and unknown threats using an array of machine learning, rule-based, and custom techniques. Detections incorporate suggested next steps and are made actionable through clear evidence, enabling front-line analysts to validate, close, or escalate prioritised events with confidence. Senior analysts get timely detail on users and devices to support rogue device detection, insider threat investigations, threat hunting, and forensics. Better prioritise monitoring Significant features of the Winter 2019 release include: User-to-Device Mapping: Easy correlation between users and devices allows analysts to investigate quickly, expediting validation without the need to cross-reference with other tools. OS Auto-discovery: Operating system (OS) auto-discovery confirms and compares the OS each device is using with known behaviours of those systems to identify spoofing. Enhanced Role Classification: Expanded role auto-classification uses behaviour to automatically infer more device types (e.g., mobile device, DHCP server, domain controller or DNS server), and then maintains groupings to keep analysts focused on what matters most. Dynamic Device Grouping: Sophisticated device grouping permits users to define complex rules for extensive attributes and behaviour to better prioritise monitoring, detection, and triage. Advanced Rules Engine: The advanced rules engine immediately detects known threats, policy violations, and risk-based detections. Guided Investigation Workflows: One-click guided investigations link each detection to the right next steps, as well as the most relevant device's transaction and behaviour details, for instant validation of threats and faster MTTR. Expanded Integrations: ExtraHop now integrates with ServiceNow CMDB, QRadar SIEM, and Palo Alto Networks firewalls. Contextual workflow With ExtraHop, security and IT teams can detect threats up to 95 percent faster, reduce resolution time by nearly 60 percent “Forcing analysts to switch between tools or manually pull together disparate data for an investigation increases cognitive load, delay, and the chance of missing a critical piece of evidence,” said Jesse Rothstein, CTO and Co-Founder, ExtraHop. “Our focus in this release is to bring authoritative data about every device's communications, OS, users, and network behaviour into a contextual workflow that guides analysts to the right answer immediately.” With ExtraHop, security and IT teams can detect threats up to 95 percent faster, reduce resolution time by nearly 60 percent, and decrease unplanned downtime by as much as 86 percent. The innovative ExtraHop approach has been recognised by numerous organisations including Credit Suisse, JMP Securities, and independent analyst firms including Enterprise Management Associates.
ExtraHop, global provider of analytics for security and performance management, has announced the availability of Reveal(x) for Microsoft Azure. With Reveal(x) for Microsoft Azure, enterprise security and cloud operations teams now have enterprise-grade network traffic analysis (NTA) that uses advanced machine learning to instantly surface high-risk threats and automate response across the entire hybrid enterprise. With this latest release, Reveal(x) is also available for remote site deployments, extending visibility from the data center to the branch office to the cloud. Reveal(x) Network Traffic Analysis (NTA) solution Reveal(x) for Microsoft Azure is available immediately in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. While cloud platforms offer incredible scale and agility, they also expand the enterprise attack surface, creating new opportunities for malicious actors to exploit misconfigurations, access sensitive data, and compromise applications. Reveal(x) for Microsoft Azure provides an enterprise-grade NTA solution that delivers threat detection and investigation purpose-built for the cloud, extending the visibility and response capabilities of the enterprise security operations center (SOC) to encompass cloud infrastructure. Reveal(x) automatically discovers and classifies everything traversing the Azure environment, including rogue compute instances, to deliver complete real-time visibility at cloud scale. That data is correlated with event data from Azure Security Center to create a unified analytics and investigation source for SOC teams that provides always-on, always-everywhere visibility across the hybrid attack surface. Microsoft Azure Virtual Network Tap (Azure vTAP) The Reveal(x) network traffic analysis platform integrates with the Microsoft Azure Virtual Network Tap to analyse cloud-based application payloads at scale The Reveal(x) network traffic analysis platform integrates with the Microsoft Azure Virtual Network Tap to analyse cloud-based application payloads at scale. Announced at Microsoft Ignite, the Azure Virtual Network Tap (Azure vTAP) is the industry’s first virtual network tap offered by a public cloud provider that enables out-of-band monitoring of all network traffic. ExtraHop has partnered with Microsoft Azure to natively integrate Reveal(x) with the Azure Virtual Network Tap to deliver a completely passive, agentless approach to network traffic analysis in the cloud. With the introduction of Reveal(x) for Microsoft Azure, enterprises can effectively address shared responsibility models and prioritise use of security resources based on critical assets and risk, delivering complete visibility across each dimension of enterprise responsibility including: Applications & Content: Integration with Azure Security Center events enriches network-based threat detection with system-level activity (disabled logging, suspicious processes, suspect file execution), while real-time TLS 1.3 decode and transaction payload analysis spots threats and evaluates risk, even within PFS deployments. Inventory & Configuration: Automatic discovery and classification of all cloud assets gives cloud and security teams up-to-the-second understanding of the attack surface, including the ability to track rogue instances – even when logging is disabled - and instantly flag exposed resources. Data Access: Full support for Azure SQL Database and Azure Blob Storage protocols means visibility into behavior, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity. Identity & Access Management: Integration with Azure Activity Monitoring allows granular tracking of privilege manipulation, while analysis and machine learning performed on Microsoft Active Directory payloads surfaces and flags suspicious behavior like credential harvesting and brute force login attempts. Network traffic access from the cloud The Microsoft Azure Virtual Network Tap is the first of its kind, allowing us to access network traffic from the cloud" “The Microsoft Azure Virtual Network Tap is the first of its kind, allowing us to access network traffic from the cloud as easily and passively as we do from our data center,” said Daniel Howard, VP of Information Technology at International Cruise & Excursions. “This integration immediately transforms that data into a powerful source of threat detection and investigation. We now have the power to secure our cloud workloads exactly as we do our on-premises applications.” “The enterprise attack surface is no longer confined to the data center. Enterprise IT assets exist everywhere the enterprise operates, from the branch office to the data center or the cloud," said Jesse Rothstein, CTO and co-founder, ExtraHop. "With Reveal(x) for Microsoft Azure, we're enabling SecOps to detect and investigate threats across the entire hybrid enterprise while focusing on the most critical assets first so business functions can continue uninterrupted and customer data remains protected.” Threat analysis and incident management Adwait Joshi, Director, Product Marketing, Azure Security, Microsoft Corp. said, "ExtraHop Reveal(x) offers comprehensive threat visibility across the hybrid enterprise allowing SecOps teams to detect threats immediately and act decisively to eliminate them. The solution works with Microsoft Azure, enabling monitoring and incident response from cloud infrastructure to the data center.”
ExtraHop announces Reveal(x) Summer 2018, setting the bar for Network Traffic Analytics at enterprise scale. This release includes capabilities designed to modernise enterprise security operations with critical asset behaviour analysis that instantly surfaces the highest-risk threats, even those hiding within encrypted traffic. With this high-fidelity insight, security operations teams can zero in on critical threat patterns and investigate down to the root cause in seconds, not days. Between 2017 and 2018, threat dwell time in the enterprise increased to 101 days, according to FireEye's M-Trends 2018 Report. The Verizon Data Breach Investigations Report noted, "In many cases, it's not even the organisation itself that spots the breach—it's often a third party, like law enforcement or a partner. Worst of all, many breaches are spotted by customers." The Reveal(x) Summer 2018 release significantly reduces dwell time by highlighting late stage attack activities Real-time visibility, high-fidelity insight The Reveal(x) Summer 2018 release significantly reduces dwell time by highlighting late stage attack activities, shining light on the "darkspace" in the enterprise – the hard-to-reach areas of the network along the East-West corridor. Through comprehensive network traffic analytics, Reveal(x) delivers real-time visibility and high-fidelity insight into threats to your critical assets throughout the hybrid enterprise. The "headlines" dashboard prioritises speed and accuracy, eliminating the fake news fire drills from other tools by highlighting the highest-risk detections correlated with external and industry threat intelligence. Other key features in the Summer 2018 release include: Need-to-Know Decryption: Respect for privacy is simple now that authorised threat hunters and forensic investigators can be given rights to look inside suspicious packets for authoritative evidence (including content and user information), while other analysts only see the detections and metadata insights gleaned from the decrypted traffic. TLS 1.3 Support: As of 2017, forty-one percent of cyber attacks’ used encryption to evade detection, so the ability to detect threats within encrypted traffic is even more critical. With the release, Reveal(x) is the only solution that offers out-of-band decryption at up to 100 Gbps and supports the requirements of the TLS 1.3 protocol as well as decryption of perfect forward secrecy. Network Privilege Escalation Detection: Reveal(x) identifies changes to behaviour that indicate an attacker has compromised a device, escalated access rights, and is using these higher privileges to explore and attack within the enterprise. Reveal(x) now infers escalation attempts on critical assets automatically based on changes in device behaviour, commands, and protocol use, enabling detection of attacks underway and allowing SecOps teams to contain them before damage is done. Reveal(x) now automatically correlates device behaviour against peer devices for more precise assessment of anomalous behaviour Peer Group Anomaly Detection: Reveal(x) now automatically correlates device behaviour against peer devices for more precise assessment of anomalous behaviour, leveraging auto-discovery and classification of critical assets. This strong outlier validation improves insider threat and compromised host detection and enriches Reveal(x) investigative workflows with critical asset context that helps SecOps collaborate with IT teams controlling endpoints and data centers. Threat Feed Integration: The release ingests Structured Threat Information Expression (STIX) formatted threat intelligence that contains suspect URIs, hosts, or IP addresses, and highlights correlations with detections from network traffic. SecOps teams can use STIX feeds in Reveal(x) or a secondary feed can be added for depth of intelligence. Analysts can confirm details within the workflow via easy access to enriched data and more easily retrace attack interactions that involve external actors, including Command and Control and exfiltration activities. Third Party Integrations: Enterprise Security Operations teams need to partner with other IT teams and their tools to accomplish evaluation, scoping, containment, and mitigation within approved processes. ExtraHop's REST APIs provide formal integrations for automated interaction with premier threat intelligence, investigation, and response platforms including Anomali, Palo Alto Networks, Phantom, ServiceNow, and Splunk. These two-way integrations inject definitive Reveal(x) insights and wire data into other tools and let Reveal(x) interact as part of investigation and response workflows, including forensic packet analysis. At ExtraHop we've spent years developing technology that can analyse the entire network in real time" Reliable security infrastructure "Today's threat actors are taking advantage of vast attack surfaces that extend across every endpoint from the branch office to the datacenter or the cloud and too often they operate unnoticed," said Jesse Rothstein, CTO and co-founder, ExtraHop. "At ExtraHop we've spent years developing technology that can analyse the entire network in real time – every critical asset and every transaction so that there are no blind spots. With Reveal(x) Summer 2018, we've applied that deep domain expertise to security operations, closing the visibility gap and surfacing the accurate, targeted information that allows SecOps teams to act quickly and with confidence." "Security operations centers (SOCs) manage the business of security – maintaining a reliable security infrastructure, sorting through critical informational events and alerts, and working across the IT organisation to fix security problems," said Eric Ogren, Senior Analyst at 451 Research. "Network traffic analytics are poised to play a pivotal role in modernising security operations. ExtraHop Reveal(x) is a pioneer of this emerging market segment with the ability to deliver broad network visibility, prioritization of critical assets, and advanced behavioural analytics to reduce and possibly eliminate the dark space within the enterprise."
ExtraHop, which specialises in analytics for security and performance management, has announced the global availability of ExtraHop Reveal(x). This new network security analytics product harnesses real-time wire data analytics and machine learning to analyse all network interactions for abnormal behaviour and identify critical assets in the environment. With a 3-in-1 workflow optimised for discovery, correlation, and investigation, Reveal(x) focuses the security analysts’ attention on the most important risks and streamlines response to limit exposure. Security teams today face a convergence of factors that complicate operations and decrease visibility. Hybrid and multi-cloud architectures increase agility but reduce operational control. Encryption is vital but disguises both benign and malicious activities. A new source of insight is required for modern architectures, one that provides empirical evidence to help analysts triage and investigate threats with confidence and timeliness. ExtraHop integrates with your existing security infrastructure and automates response using Splunk, Phantom, Palo Alto, ServiceNow, Cisco, Ansible, and others Situational intelligence and automated investigation Reveal(x) delivers situational intelligence and automated investigation that turns the network into the most complete objective source of insight into the threats and vulnerabilities in your environment. Unprecedented enterprise visibility: Reveal(x) analyses all network traffic across the entire application payload, identifying in real time all encrypted traffic, rogue nodes, IoT devices, and BYOD systems. It analyses 40+ protocols, decrypting SSL and perfect forward secrecy (PFS) traffic, and auto-discovers and auto-classifies all connected devices, keeping security teams focused on the most critical assets. Advanced behavioural analytics: Utilising real-time analytics and advanced machine learning, Reveal(x) identifies abnormal behavioural patterns as they occur and correlates them against continuously monitored critical assets so that security teams can target the most immediate threats. Automated investigation: The Reveal(x) analytics-first workflow takes you from issue to associated packets in a matter of clicks. This simplicity replaces hours spent manually collecting and parsing through data, enabling real-time insights and rapid root cause determination. Global search and indexing provide immediate access to security insights. And ExtraHop integrates with your existing security infrastructure and automates response using Splunk, Phantom, Palo Alto, ServiceNow, Cisco, Ansible, and others. Smart data security “Attack surfaces are expanding and the sophistication of attackers is increasing. There simply aren’t enough talented security professionals to keep up,” said Jesse Rothstein, CTO and co-founder, ExtraHop. “Reveal(x) provides security teams with increased scrutiny of critical assets, detection of suspicious and anomalous behaviours, and workflows for both automated and streamlined investigation.” “With the global availability of Reveal(x), we now enable practitioners across the world’s largest enterprises to do more with less by getting smarter about the data they already have.” Anomalies are directly correlated with the attack chain and highlight hard-to-detect activities High-fidelity insights Reveal(x) addresses the gaps in security programmes by harnessing wire data, which encompasses all information contained in application transactions. It auto-discovers, classifies, and prioritises all devices, clients, and applications on the network and employs machine learning to deliver high-fidelity insights immediately. Anomalies are directly correlated with the attack chain and highlight hard-to-detect activities, including internal reconnaissance, lateral movement, command and control traffic, and exfiltration. Extra layer of security “When you work in a business dealing with the nation’s leading insurance companies, there is a lot of pressure to get it right. We rely on ExtraHop to provide us with the visibility needed to investigate performance and security issues,” said Chris Wenger, Senior Manager of Network & Telecommunication Systems at Mitchell International. “With ExtraHop in our IT environment, we can more easily monitor all of the communications coming into our network, including use of insecure protocols. These insights enable my team to better secure our environment. ExtraHop has been that extra layer of security for us.” Leading security programmes require the broadest visibility, with real-time accuracy, to be able to identify and address threats" Preventing critical damage “A complete data source is the starting point for successful security analytics programmes,” said Rob Bamforth, Independent Analyst. “Prioritising critical assets with insights from smart, machine learning-based network traffic analytics is a way to deliver comprehensive visibility that ultimately enables security teams to sort through the noise of threat alerts in order to detect and investigate what matters most, before critical damage is done.” “As the demand for superior IT analytics grows, our customers are searching for solutions that automatically uncover opportunities and threats across the entire IT landscape.” “Leading security programs require the broadest visibility, with real-time accuracy, to be able to identify and address threats before any damage is done,” said Graeme Allcock, CEO of CorrServe.
ExtraHop, the global leader in real-time wire data analytics for IT intelligence and business operations, recently announced the ExtraHop Enterprise VOIP and Video Analysis module. With this new module, IT operations teams now have the correlated, cross-tier visibility they need to identify VOIP and video service issues in real time and at scale, enabling them to quickly identify problems before they impact end users. Keeping end-users happy: “Due to the nature of VOIP services, any delay or degradation is instantly noticeable to end users. This means that when there’s a problem, it’s pretty much a guarantee that IT is going to get flooded with complaints,” said Jesse Rothstein, CEO, ExtraHop. “The ability to identify, troubleshoot, and remediate VOIP problems quickly can be the difference between a minor blip and a major service disruption. With ExtraHop’s new integrated VOIP and Video Analysis module, not only can IT identify when there’s an issue with a VOIP protocol, they can pinpoint situations where other applications, infrastructure, or services are impacting VOIP, helping them stay ahead of potential problems and keeping end users happy and connected.” Monitoring core VOIP protocols: The ExtraHop Enterprise VOIP and Video Analysis module monitors core VOIP protocols—including SIP, RTP, RTCP, and RTCP XR—that correspond to call quality metrics like Mean Opinion Score (MOS), jitter, latency, and packet loss. The module can also be combined with native DSCP analytics to provide quality of service (QoS) visibility. With this capability, IT can quickly identify and remediate the source of a service interruption. Key benefits and capabilities of the ExtraHop VOIP and Video Analysis module include the following: Ability to monitor VOIP traffic in real time with 40 Gbps throughput. Out-of-the-box dashboards for instant perspective and insight into VOIP and video protocols. Intelligent alerting that baselines normal behavior and only alerts IT when VOIP behavior deviates from the baseline. Capacity planning capability to help IT determine if there is adequate network capacity/infrastructure deployed to support desired VOIP quality. Problem correlation that enables IT to determine whether the service issue is originating from VOIP or from another part of the IT environment. Ability to record VOIP calls via precision packet capture, allowing IT to investigate problems without adding cost and complexity.