ExtraHop, global provider of analytics for security and performance management, has announced the availability of Reveal(x) for Microsoft Azure. With Reveal(x) for Microsoft Azure, enterprise security and cloud operations teams now have enterprise-grade network traffic analysis (NTA) that uses advanced machine learning to instantly surface high-risk threats and automate response across the entire hybrid enterprise. With this latest release, Reveal(x) is also available for remote site deployments, extending visibility from the data center to the branch office to the cloud.
Reveal(x) Network Traffic Analysis (NTA) solution
Reveal(x) for Microsoft Azure is available immediately in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.
While cloud platforms offer incredible scale and agility, they also expand the enterprise attack surface, creating new opportunities for malicious actors to exploit misconfigurations, access sensitive data, and compromise applications. Reveal(x) for Microsoft Azure provides an enterprise-grade NTA solution that delivers threat detection and investigation purpose-built for the cloud, extending the visibility and response capabilities of the enterprise security operations center (SOC) to encompass cloud infrastructure. Reveal(x) automatically discovers and classifies everything traversing the Azure environment, including rogue compute instances, to deliver complete real-time visibility at cloud scale. That data is correlated with event data from Azure Security Center to create a unified analytics and investigation source for SOC teams that provides always-on, always-everywhere visibility across the hybrid attack surface.
Microsoft Azure Virtual Network Tap (Azure vTAP) The Reveal(x) network traffic analysis platform integrates with the Microsoft Azure Virtual Network Tap to analyse cloud-based application payloads at scale
The Reveal(x) network traffic analysis platform integrates with the Microsoft Azure Virtual Network Tap to analyse cloud-based application payloads at scale. Announced at Microsoft Ignite, the Azure Virtual Network Tap (Azure vTAP) is the industry’s first virtual network tap offered by a public cloud provider that enables out-of-band monitoring of all network traffic. ExtraHop has partnered with Microsoft Azure to natively integrate Reveal(x) with the Azure Virtual Network Tap to deliver a completely passive, agentless approach to network traffic analysis in the cloud.
With the introduction of Reveal(x) for Microsoft Azure, enterprises can effectively address shared responsibility models and prioritise use of security resources based on critical assets and risk, delivering complete visibility across each dimension of enterprise responsibility including:
- Applications & Content: Integration with Azure Security Center events enriches network-based threat detection with system-level activity (disabled logging, suspicious processes, suspect file execution), while real-time TLS 1.3 decode and transaction payload analysis spots threats and evaluates risk, even within PFS deployments.
- Inventory & Configuration: Automatic discovery and classification of all cloud assets gives cloud and security teams up-to-the-second understanding of the attack surface, including the ability to track rogue instances – even when logging is disabled - and instantly flag exposed resources.
- Data Access: Full support for Azure SQL Database and Azure Blob Storage protocols means visibility into behavior, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity.
- Identity & Access Management: Integration with Azure Activity Monitoring allows granular tracking of privilege manipulation, while analysis and machine learning performed on Microsoft Active Directory payloads surfaces and flags suspicious behavior like credential harvesting and brute force login attempts.
Network traffic access from the cloud
The Microsoft Azure Virtual Network Tap is the first of its kind, allowing us to access network traffic from the cloud"
“The Microsoft Azure Virtual Network Tap is the first of its kind, allowing us to access network traffic from the cloud as easily and passively as we do from our data center,” said Daniel Howard, VP of Information Technology at International Cruise & Excursions. “This integration immediately transforms that data into a powerful source of threat detection and investigation. We now have the power to secure our cloud workloads exactly as we do our on-premises applications.”
“The enterprise attack surface is no longer confined to the data center. Enterprise IT assets exist everywhere the enterprise operates, from the branch office to the data center or the cloud," said Jesse Rothstein, CTO and co-founder, ExtraHop. "With Reveal(x) for Microsoft Azure, we're enabling SecOps to detect and investigate threats across the entire hybrid enterprise while focusing on the most critical assets first so business functions can continue uninterrupted and customer data remains protected.”
Threat analysis and incident management
Adwait Joshi, Director, Product Marketing, Azure Security, Microsoft Corp. said, "ExtraHop Reveal(x) offers comprehensive threat visibility across the hybrid enterprise allowing SecOps teams to detect threats immediately and act decisively to eliminate them. The solution works with Microsoft Azure, enabling monitoring and incident response from cloud infrastructure to the data center.”