ExtraHop, a cloud-native network detection and response company announced that it has entered into a definitive agreement to be acquired by Bain Capital Private Equity (“Bain Capital”) and Crosspoint Capital Partners (“Crosspoint Capital”) in a strategic transaction valued at $900 million. Bain Capital is an investor in technology companies and a unit of one of the world's top multi-asset alternative investment firms. Crosspoint Capital is a private equity firm focused on cybersecurity, privacy, and infrastructure software sectors. Network detection and response (NDR) ExtraHop CEO Arif Kareem and co-founders Jesse Rothstein, Chief Technology Officer, and Raja Mukerji, Chief Customer Officer, will continue in their respective roles. Rothstein and Mukerji will also remain significant investors in the Company. According to research from IDC, ExtraHop is among the top three players in network detection and response (NDR), the second-fastest-growing segment of the cybersecurity market. The Company's growth has far exceeded that of the segment, and it has extended the power of its flagship platform to consolidate adjacent markets like intrusion detection, network forensics, and IoT security. Theft prevention Organisations today face sophisticated cyber-attacks from theft of sensitive personal and business data to illicit profit" “Organisations today face an array of incredibly sophisticated cyber-attacks with diverse motivations that run the gamut from theft of sensitive personal and business data to illicit profit. Attackers have long had the advantage, and we’re on a mission to change that,” said Kareem. “By combining our exceptional team, market need, and technology with the deep domain expertise and resources of Bain Capital and Crosspoint Capital, ExtraHop has the opportunity to grow faster and accelerate our innovation to help our customers defend their operations from even the most advanced threats.” Cybersecurity “As the events of the last few weeks make crystal clear, cybersecurity is now a mission-critical requirement in the strategy and operations of every organisation on the planet, with enormous implications for financial and reputational well-being.” “We believe that network detection and response is the next major cybersecurity segment and that ExtraHop has the best enterprise technology in the space,” said David Humphrey, a Managing Director at Bain Capital Private Equity. Address threats and security challenges “The Company’s approach is uniquely positioned to help enterprises defend against the most advanced cyber threats and address the security challenges of multi-cloud environments, enterprise IoT, and hybrid workforces. We are thrilled to join the talented team at ExtraHop, in partnership with Crosspoint Capital, to help accelerate the growth of the business and continue advancements in the art of cyber defense,” added Max de Groen, a Managing Director at Bain Capital Private Equity. ExtraHop is the first dedicated investment made from Bain Capital Fund XIII, the firm’s latest flagship $11.8 billion private equity fund. AI and behaviour-based analytics “After many years of building and delivering network visibility into the cyber industry, I was very impressed with the capabilities of ExtraHop in their ability to protect the evolving network as workloads shift to the cloud and networks expand beyond what corporations control,” said Greg Clark, Managing Partner at Crosspoint Capital. “When you're under attack, deep visibility into east-west traffic is vital for modern defense and ExtraHop has set itself apart in this emerging category with powerful AI and behaviour-based analytics.” Real-time detection and response ExtraHop brings visibility and delivers sophisticated real-time detection, investigation, and response capabilities" Ian Loring, the Managing Partner at Crosspoint Capital, added “ExtraHop brings a unique level of visibility into networks and delivers sophisticated real-time detection, investigation, and response capabilities to organisations around the world. We are excited to partner with the ExtraHop team and Bain Capital to support the Company in the next chapter of its growth.” Investments ExtraHop is among the first investments in Crosspoint Capital Fund I, a $1.3 billion private equity fund focused on the cybersecurity, privacy, and infrastructure software sectors. The transaction is expected to close in the summer of 2021 and is subject to customary closing conditions, including receipt of regulatory approvals. Qatalyst Partners is serving as the exclusive financial advisor to ExtraHop, and Wilson Sonsini is serving as legal counsel. Morgan Stanley is serving as the financial advisor to Bain Capital. Ropes & Gray LLP is serving as legal counsel to Bain Capital and Crosspoint Capital.
ExtraHop, a globally renowned company in cloud-native network detection and response solutions, has announced that it has achieved Amazon Web Services (AWS) Security Competency Status for Reveal(x) 360. AWS Security Competency Status This Security Competency Status designation recognises the company’s demonstrated technical proficiency and proven ability to help customers secure workloads, applications, and data on AWS at the speed and scale of the cloud. “Earning AWS Security Competency status is a significant step in our commitment to helping our customers achieve their cloud security goals,” said Raja Mukerji, Chief Customer Officer and Co-founder, ExtraHop. Raja adds, “Enterprises are leveraging the cloud to accelerate digital business initiatives, and security teams find themselves in the challenging position of establishing visibility and control without adding friction to DevOps. By working with AWS, ExtraHop enables our customers to confidently and securely take full advantage of the speed, agility, and innovation unleashed by the cloud.” ExtraHop Reveal(x) 360 ExtraHop Reveal(x) 360 is a SaaS-based solution that helps organisations running on AWS discover, investigate, and respond to hidden security threats across the hybrid enterprise. Reveal(x) 360 provides the ‘ground source of truth’ in the cloud with deep visibility, real-time threat detection, and intelligent response capabilities. By natively integrating with Amazon Virtual Private Cloud (Amazon VPC) Traffic Mirroring, Reveal(x) 360 provides agentless visibility, including into SSL/TLS encrypted traffic, with no impact to the development process. Advanced machine learning and behavioural analysis Reveal(x) 360 uses advanced machine learning and behavioural analysis Reveal(x) 360 uses advanced machine learning and behavioural analysis, leveraging metadata extracted from cloud traffic, to accurately identify anomalous behaviors and malicious activity whenever they occur within or across the cloud. ExtraHop continually brings industry-renowned security technology to customers, and the latest Reveal(x) 360 updates improve cloud visibility, real-time threat detection, and response capabilities for cloud and hybrid deployments. Examples include: Faster triage of cloud related threats: Automatic discovery and grouping of cloud services enables security teams to quickly discover and examine unusual cloud activity such as large amounts of data moving out of Amazon S3 buckets or suspicious IP addresses accessing AWS services. Rapid discovery of insider attacks and advanced persistent threats (APTs) targeting public cloud user environments: Reveal(x) 360 uses advanced machine learning, real-time threat intelligence, and behavioural analysis to discover unauthorised behaviour indicative of APTs or, for example, suspicious activity by authorised AWS users. Improved cloud security posture and reduced risk: Continuous monitoring and correlation of activity between cloud services, private cloud, and on-premises data centres enables faster discovery and remediation of attacks across multiple environments or moving between on-premises and cloud resources. AWS Competency Program Amazon Web Services (AWS) is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Consulting and Technology Partners with deep industry experience and expertise.
ExtraHop, a provider of cloud-native network detection and response, announced a partnership with CrowdStrike, a provider of cloud-delivered endpoint protection. The partnership includes the powerful integration between ExtraHop Reveal(x) and CrowdStrike Falcon, marrying best-of-breed cloud-native detection and response capabilities to provide protection from the network to the endpoint. As businesses and government agencies have transitioned employees to remote work and moved more of their operations off premises, it has exposed gaps in availability, access, and security. Adversaries around the world quickly took advantage of the chaos, exploiting misconfigured remote desktop protocol vulnerabilities and ramping up phishing scams. Powerful endpoint security With cloud adoption surging and a major spike in the use of personal computing devices for work, it is more critical than ever for organisations to maintain a clear picture of managed and unmanaged devices on their network, as well as determine which are being adequately monitored and secured. The integration between ExtraHop Reveal(x) and CrowdStrike Falcon merges complete network visibility The integration between ExtraHop Reveal(x) and CrowdStrike Falcon merges complete network visibility, machine learning behavioural threat detection and real-time decryption of SSL/TLS sessions to extract de-identified metadata for analysis. This approach provides joint customers powerful endpoint security and instant remediation of threats. Access network resources Real-time Detection: The integration allows security teams to rapidly detect threats observed on the network such as network privilege escalation, lateral movement, suspicious VPN connections, data exfiltration and more. It also helps thwart those occurring on the endpoint, including ransomware, local file enumeration, directory traversal, and code execution. This provides complete coverage across the entire attack surface. Instant Response: When Reveal(x) detects urgent threats it notifies the Falcon platform to contain the impacted devices ensuring analysts can rapidly investigate and resolve threats. This cuts off access to network resources and endpoints before a security incident can turn into a breach. Continuous Endpoint Visibility: With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats, even on devices where the CrowdStrike agent is not yet present. This alerts CrowdStrike customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents. Situational awareness “Over the past five years, the security industry has undergone a seismic shift from a model of purely ‘prevention and protection’ to one that additionally delivers detection and response,” said Raja Mukerji, ExtraHop Co-Founder and Chief Customer Officer. "CrowdStrike and ExtraHop have been at the forefront of that shift, arming security organisations with the situational awareness and control they need to protect businesses and consumers in a perimeterless world. With this partnership and integration, our customers can now detect and respond to every threat from the core to the edge and everywhere in between.” Real-time threat detection “The threat environment continues to grow in complexity as sophisticated cyber adversaries advance their attack techniques, evading security controls and gaining access to corporate networks,” said Matthew Polly, Vice President of Worldwide Business Development and Channels at CrowdStrike. This integration provides complete network and endpoint visibility for clients" “Comprehensive visibility and real-time threat detection that allow for fast investigation and response at scale are imperative for organisations to spot and stop threats quickly. Through this partnership, CrowdStrike and ExtraHop are providing customers the ability to identify and respond to malicious activity across the entire attack surface with a fully cloud-native integration that allows them to adapt with speed and agility.” Endpoint detection and response "Sirius is excited to partner with ExtraHop and CrowdStrike to help provide a complete solution for integrating both network and endpoint detection and response,” said Jeremiah Cruit-Salzberg, Senior Director and Security Technologist at Sirius. "This integration provides complete network and endpoint visibility for clients, while helping them automate their response to any issues identified on the network." “Around the globe, we see organisations working hard to keep up as threats grow more sophisticated, allowing cyber adversaries to set the pace,” said Alex Dodd, Head of Networking and Security at Computacenter. “As such, we are constantly working to collaborate with cyber security leaders like ExtraHop and CrowdStrike who can not only deliver at the speed customers now require but execute the desired business outcomes in every aspect of an organisation.”
ExtraHop, the leader in cloud-native network detection and response, announced its top predictions for the cybersecurity and technology industries in 2020. Informed by insight from customers, partners and industry analysts and insiders, ExtraHop leaders predict a year of tool consolidation, headline-grabbing breaches and a shifting industry focus on what makes a successful tech start-up. The Year of Deeper Scrutiny for Fast-Growth Companies: “2019 was a tough year for heavily hyped, fast-growth companies going public in Silicon Valley. Several companies that raised huge rounds ultimately failed to deliver expected results or even approach profitability after they went public, and Wall Street was not amused. In 2020, we expect the investment community to more deeply scrutinise companies' financials and business fundamentals, ultimately leading to the support of companies who deliver on their promises, are capital-efficient with sound vision and innovation, and have truly sustainable business results and models to back them up.” - Arif Kareem, CEO File hashing has been the default mechanism for detecting malicious threat activity" Antiquated Threat Detection Methods like File Hashing and Signature-Based IDS Waste Time: “Since the 1990s, file hashing has been the default mechanism for detecting malicious threat activity, despite the fact that it's ineffective against modern attacks that use polymorphic or fileless methods to go undetected. The same goes for signature-based IDS, which are extremely noisy while providing very little actual alert context. Security teams will continue to rely on these antiquated methods of detection because they are expected to, regardless of how well they work in today's threat landscape.” - Jesse Rothstein, CTO and co-founder Accountability for the Ethical Use of Users’ Data: “Recent headlines tell of giant data corporations like Google and Facebook monetising users' data and lacking sufficient transparency in these activities. There’s already been significant social backlash, but in 2020 we predict that users will demand companies not just follow the often-dated laws, but that they also do what’s right. Regulations like GDPR and CCPA are helping to bring more clarity around what’s appropriate, but 2020 will be the year that the industry is held accountable for the ethical, in addition to regulatory-compliant, use of personal data.” - Raja Mukerji, CCO and co-founder A Slowing Economy Will Force Tool Consolidation: “In security programs, it's been very difficult to turn tools off. What gaps will I create? What unintended consequences will I see? As the economy has rolled along over the last decade, most security programs have had the necessary funding to add new tools and retain legacy tools under the guise of risk management. Economic slowdown is likely to change all of that, as investments in new technology will require cost savings elsewhere. A tighter economy will finally cause us to pull the plug on legacy security tools.” - Bill Ruckelshaus, CFO A tighter economy will finally cause us to pull the plug on legacy security tools""Observability" Will Gain Ground as Both a Concept and a Vocabulary Term in Security and DevOps: “Observability is a term that several companies are using to describe the practice of capturing metrics, logs and wire telemetry, or sometimes other data sources, mostly in the DevOps space. The value of correlating insights from these data sources has gained enough ground that vendors need a word for it. Observability, The SOC Visibility Triad, and other terms have been spotted in marketing materials and on big screens and main stages at security and analytics conferences. In 2020, we'll see heated competition to control the vocabulary and mental models that enterprises and vendors use to discuss and market security best practices regarding gathering multiple data sources and correlating insights between them.”- John Matthews, CIO A Major Information Leak from a Cloud Provider is Coming: “In 2020, we are likely to see a major information leak from a cloud provider. While at the same time the cloud providers are providing many useful built-in tools, it's not clear that they are using their own tools to secure themselves. As a further prediction, the leak will not effectively diminish migration to the cloud. As we have noticed with other breaches, they do not significantly erode confidence in the services.” - Jeff Costlow, CISO 2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers" The Wave Begins Towards Security Tool Consolidation: “Organisations will take a strong look at the number of security vendors within their ecosystem in 2020 to determine overlap and begin a move towards consolidation of tools. The winners will include those that have proven their API superiority and ability to work together within an organisation’s ecosystem. The losers will be those who have not proven their ability to strengthen core security.” - Chris Lehman, SVP of Worldwide Sales A Vendor Will Be Responsible for a Major Breach of Data Due to Phoning Home: “In 2019, ExtraHop issued a security advisory about the vendor practice of phoning data home and how this is happening without the knowledge of customers. The problem with this practice is that it expands the attack surface via which that data can be breached, exposing it to threats within the vendor’s environment. 2020 may well be the year that a breach of a vendor’s environment exposes the data of one or more of their customers. Regulations like GDPR have imagined exactly this type of scenario and laid out specific requirements for data controllers and data processors. But when such a breach occurs, it will have broad impact and implications.” - Matt Cauthorn, VP Security The Big IoT Breach is Coming: “In 2017, major ransomware attacks crippled the networks, and operations, of major global organisations. While those attacks did billions in damage, for the most part, IoT devices were left unscathed. But sooner or later, and probably sooner, the big IoT breach is coming, and it could have global implications. Whether it happens in the US or abroad, in healthcare, shipping and logistics, or manufacturing, IoT devices around the globe are fertile hunting grounds for attackers. Taking down every connected device, from telemetry sensors to infusion pumps to mobile points-of-sale, could easily grind operations to a halt.” - Mike Campfield, VP of Global Security Programs
ExtraHop, global provider of cloud-native network detection and response solutions, has announced that it has joined the Microsoft Intelligent Security Association (MISA), which brings together an elite group of security-related companies partnering with Microsoft to defend against threats facing hybrid enterprises today. ExtraHop also announced a new integration between the ExtraHop Reveal(x) platform and Microsoft Azure Sentinel enabling faster threat investigation and remediation. ExtraHop Reveal(x) and Microsoft Azure Senitel integration ExtraHop Reveal(x) is the first cloud network detection platform to offer in-depth integration with Azure Sentinel ExtraHop Reveal(x) is the first cloud-native network detection and response vendor to offer in-depth integration with Azure Sentinel. Through this integration, high-fidelity alerts from Reveal(x) can be used to automate responses based on an organisation’s unique security policies. The integration also allows for the creation of customisable Jupyter Notebooks that security and development operations teams can use for threat hunting and investigation. Additionally, customers can now access Reveal(x) dashboards within Azure Sentinel for unified access to real-time threat analysis. Enterprise security “Cloud has forced a reckoning in enterprise security, driving the shift from perimeter-based ‘prevent and protect’ strategies to ones that increasingly center on visibility, detection, and response,” said Raja Mukerji, Chief Customer Officer and Co-founder at ExtraHop. "Through the Microsoft Intelligent Security Association and by integrating with solutions like Reveal(x), Microsoft is enabling the next frontier of cybersecurity.” Sarah Fender, Group Program Manager, Microsoft Cloud + AI Security said, “ExtraHop’s integration with Azure Sentinel enables our mutual customers do more. By connecting data, insights, and automation workflows with ExtraHop’s Reveal(x) network detection and response offering, Azure Sentinel customers benefit from extended visibility across their cloud networks, empower their defenders to act quickly in response to threats.”
ExtraHop, provider of enterprise cyber analytics from the inside out, launched the ExtraHop for IBM QRadar app, which integrates with IBM Security Intelligence technology to stream accurate, contextual network behavioural detections into the QRadar SIEM. With Reveal(x) detections in QRadar, organisations have a complete picture of suspicious or anomalous behaviour on their network, as well as the ability to perform rapid, guided investigations. This bi-directional integration lets analysts move back to ExtraHop to explore forensic detail captured from network data. The new application is freely available to the security community through IBM Security App Exchange, a platform where developers across the industry can share applications based on IBM Security technologies. As sophisticated threats evolve, collaborative development among security providers is critical to helping organisations adapt quickly and to speeding innovation in the fight against cybercrime. Security teams can search for specific events, quickly drill down to investigate IP addresses of offenders and victims in Reveal(x) Advanced analytics to prioritise threats The ExtraHop app complements IBM QRadar, the company’s Security Intelligence platform, which gives organisations complete visibility into their entire infrastructure in real-time and applies advanced analytics to prioritise critical threats. Leveraging QRadar’s open application programming interface (API), ExtraHop allows joint customers to stream Reveal(x) machine learning-powered detections of anomalous and malicious behaviours into QRadar, where they can sort the events by title, risk score, update time, and more. Security teams can also search for specific events, quickly drill down to investigate IP addresses of offenders and victims in Reveal(x), and create new rules based on Reveal(x) detections of anomalous and malicious behaviours. Each detection viewed within QRadar is linked to the Reveal(x) environment, enabling analysts to quickly pivot to Reveal(x) and extract immediate, contextual details they simply cannot gather from log and netflow data alone. Automated threat detection Real-time detections enable SOC analysts using IBM QRadar to recognise attacks earlier Rich insights (4700 metadata types) extracted in real time from network traffic are especially important to identify late-stage attack activity, including lateral movement, privilege escalation, command and control (C2), and exfiltration. Real-time detections of these and other behaviours enable SOC analysts using IBM QRadar to recognise attacks earlier, with higher confidence, and access forensic-quality detail to validate and deposition an incident with less effort and time. "Hundreds of our joint enterprise-class customers have told us that IBM and ExtraHop working together helps them adopt a security-first approach. With our powerful technical integration, global enterprises will have access to invaluable automated threat detection, correlation, and investigation," said Raja Mukerji, Chief Customer Officer and Co-Founder at ExtraHop. "Now ExtraHop and IBM QRadar app customers will have complete real-time visibility into suspicious network activity and the ability to quickly detect and investigate threats to critical assets.”