Reveal(x) focuses
the security analysts’
attention on the most
important risks and
streamlines response
to limit exposure.
behavioural patterns as they
occur and correlates them against
continuously monitored critical
assets so that security teams can
target the most immediate threats
• Automated investigation: The
Reveal(x) analytics-first workflow
takes you from issue to associated
packets in a matter of clicks. This
simplicity replaces hours spent
manually collecting and parsing
through data, enabling real-time
insights and rapid root cause
determination. Global search and
indexing provide immediate access
to security insights. And ExtraHop
integrates with existing security
infrastructure and automates
response using Splunk, Phantom,
Palo Alto, ServiceNow, Cisco, Ansible
and others.
“Attack surfaces are expanding and
the sophistication of attackers is
increasing. There simply aren’t enough
talented security professionals to keep
up,” said Jesse Rothstein, CTO and co-
founder, ExtraHop.
60
“Reveal(x) provides security teams with
increased scrutiny of critical assets,
detection of suspicious and anomalous
behaviours and workflows for both
automated and streamlined investigation.
With the global availability of Reveal(x),
we now enable practitioners across the
world’s largest enterprises to do more
with less by getting smarter about the
data they already have.”
Reveal(x) addresses the gaps in security
programs by harnessing wire data,
which encompasses all information
contained in application transactions. It
auto-discovers, classifies, and prioritises
all devices, clients and applications
on the network and employs machine
learning to deliver high-fidelity insights
immediately. Anomalies are directly
correlated with the attack chain and
highlight hard-to-detect activities,
including internal reconnaissance, lateral
movement, command and control traffic
and exfiltration.
“When you work in a business dealing
with the nation’s leading insurance
companies, there is a lot of pressure
to get it right. We rely on ExtraHop to
provide us with the visibility needed
to investigate performance and
security issues,” said Chris Wenger,
Senior Manager of Network and
Telecommunication Systems at Mitchell
International. “With ExtraHop in our IT
environment, we can more easily monitor
all the communications coming into
our network, including use of insecure
protocols. These insights enable my
team to better secure our environment.
ExtraHop has been that extra layer of
security for us.”
Rob Bamforth, Independent Analyst, said
a complete data source is the starting
point for successful security analytics
programmes. “Prioritising critical assets
with insights from smart, machine
learning-based network traffic analytics
is a way to deliver comprehensive
visibility that ultimately enables security
teams to sort through the noise of threat
alerts in order to detect and investigate
what matters most, before critical
damage is done,” he said. u
Issue 03
|
www.intelligentciso.com