[June 19, 2018] |
|
ExtraHop Reveal(x) Sheds Light on the Darkspace with Precision Threat Hunting for the Enterprise
ExtraHop (News - Alert)® today announced Reveal(x)TM
Summer 2018, setting a new bar for Network Traffic Analytics at
enterprise scale. The latest release includes new capabilities designed
to modernize enterprise security operations with critical asset behavior
analysis that instantly surfaces the highest-risk threats, even those
hiding within encrypted traffic. With this high-fidelity insight,
security operations teams can zero in on critical threat patterns and
investigate down to the root cause in seconds, not days.
Between 2017 and 2018, threat dwell
time in the enterprise increased to 101 days, according to FireEye's (News - Alert)
M-Trends 2018 Report. The Verizon Data Breach Investigations Report
noted, "in many cases, it's not even the organization itself that spots
the breach-it's often a third party, like law enforcement or a partner.
Worst of all, many breaches are spotted by customers."
The Reveal(x)
Summer 2018 release significantly reduces dwell time by highlighting
late stage attack activities, shining light on the "darkspace"
in the enterprise - the hard-to-reach areas of the network along the
East-West corridor. Through comprehensive network traffic analytics,
Reveal(x) delivers real-time visibility and high-fidelity insight into
threats to your critical assets throughout the hybrid enterprise. The
new "headlines" dashboard prioritizes speed and accuracy, eliminating
the fake news fire drills from other tools by highlighting the
highest-risk detections correlated with external and industry threat
intelligence. Other key new features in the Summer 2018 release include:
-
TLS 1.3 Support: As of 2017, forty-one percent of cyber attacks1
used encryption to evade detection, so the
ability to detect threats within encrypted traffic is even more
critical. With the latest release, Reveal(x) is the only solution
that offers out-of-band decryption at up to 100 Gbps and supports the
requirements of the new TLS
1.3 protocol as well as decryption of perfect forward secrecy.
-
Need-to-Know Decryption: Respect for privacy is simple now that
authorized threat hunters and forensic investigators can be given
rights to look inside suspicious packets for authoritative evidence
(including content and user information), while other analysts only
see the detections and metadata insights gleaned from the decrypted
traffic.
-
Network Privilege Escalation Detection: Reveal(x) identifies
changes to behavior that indicate an attacker has compromised a
device, esalated access rights, and is using these higher privileges
to explore and attack within the enterprise. Reveal(x) now infers
escalation attempts on critical assets automatically based on changes
in device behavior, commands, and protocol use, enabling detection of
attacks underway and allowing SecOps teams to contain them before
damage is done.
-
Peer Group Anomaly Detection: Reveal(x) now automatically
correlates device behavior against peer devices for more precise
assessment of anomalous behavior, leveraging auto-discovery and
classification of critical assets. This strong outlier validation
improves insider threat and compromised host detection and enriches
Reveal(x) investigative workflows with critical asset context that
helps SecOps collaborate with IT teams controlling endpoints and data
centers.
-
Threat Feed Integration: The new release ingests Structured
Threat Information Expression (STIX) formatted threat intelligence
that contains suspect URIs, hosts, or IP addresses, and highlights
correlations with detections from network traffic. SecOps teams can
use STIX feeds in Reveal(x) or a secondary feed can be added for depth
of intelligence. Analysts can confirm details within the workflow via
easy access to enriched data and more easily retrace attack
interactions that involve external actors, including Command and
Control and exfiltration activities.
-
Third Party Integrations: Enterprise Security Operations teams
need to partner with other IT teams and their tools to accomplish
evaluation, scoping, containment, and mitigation within approved
processes. ExtraHop's REST APIs provide formal integrations for
automated interaction with industry-leading threat intelligence,
investigation, and response platforms including Anomali, Palo Alto
Networks, Phantom, ServiceNow, and Splunk (News - Alert). These two-way integrations
inject definitive Reveal(x) insights and wire data into other tools
and let Reveal(x) interact as part of investigation and response
workflows, including forensic packet analysis.
"Today's threat actors are taking advantage of vast attack surfaces that
extend across every endpoint from the branch office to the datacenter or
the cloud and too often they operate unnoticed," said Jesse Rothstein (News - Alert),
CTO and co-founder, ExtraHop. "At ExtraHop we've spent years developing
technology that can analyze the entire network in real time - every
critical asset and every transaction so that there are no blind spots.
With Reveal(x) Summer 2018, we've applied that deep domain expertise to
security operations, closing the visibility gap and surfacing the
accurate, targeted information that allows SecOps teams to act quickly
and with confidence."
"Security operations centers (SOCs) manage the business of security -
maintaining a reliable security infrastructure, sorting through critical
informational events and alerts, and working across the IT organization
to fix security problems," said Eric Ogren, Senior Analyst at 451
Research. "Network traffic analytics are poised to play a pivotal role
in modernizing security operations. ExtraHop Reveal(x) is a pioneer of
this emerging market segment with the ability to deliver broad network
visibility, prioritization of critical assets, and advanced behavioral
analytics to reduce and possibly eliminate the dark space within the
enterprise."
For more information on ExtraHop Reveal(x), check out these additional
resources:
About ExtraHop
ExtraHop is the leader in analytics and investigation for the hybrid
enterprise. We apply real-time analytics and advanced machine learning
to every business transaction to deliver unprecedented visibility,
definitive insights, and immediate answers that enable security and IT
teams to act with confidence. The world's leading organizations trust
ExtraHop to support core digital business initiatives like security, IT
modernization, and application service delivery. Hundreds of global
ExtraHop customers, including Sony, Microsoft (News - Alert), Adobe, and DIRECTV,
already use ExtraHop to accelerate their digital businesses. To
experience the power of ExtraHop, explore our interactive online
demo. Connect with us on Twitter
and LinkedIn.
1 Information Age, "Growing cyber threats hidden in encrypted
traffic," April 5, 2017, http://www.information-age.com/growing-cyber-threats-hiding-encrypted-traffic-123465544/
View source version on businesswire.com: https://www.businesswire.com/news/home/20180619005455/en/
[ Back To TMCnet.com's Homepage ]
|