Download PDF version Contact company

ExtraHop, provider of enterprise cyber analytics from the inside out, announces new capabilities designed to help Security Operations Center (SOC) and Network Operations Center (NOC) teams identify and safeguard critical assets, rapidly detect late-stage and insider threats, and transform security analysts into threat experts with streamlined investigation workflows.

Demand for business agility and uptime have accelerated the rapid modernisation of IT, which is now highly dynamic and distributed - from the data center, to cloud infrastructure and SaaS, to remote sites and device edges.

Advanced detections

These changes introduce complexity and expand the attack surface, contributing to high rates of false positives and obscuring true threats. Analysts constantly waste time, through no fault of their own, working to validate the constant flow of alerts to determine if investigation is warranted.

Senior analysts get timely detail on users and devices to support rogue device detection, insider threat investigations, threat hunting, and forensics

The Winter 2019 release of ExtraHop Reveal(x) improves SOC and NOC analyst productivity through contextual discovery of the enterprise attack surface, full-spectrum detection, and one-click guided investigation for incident response. Advanced detections incorporate device and user context to identify known and unknown threats using an array of machine learning, rule-based, and custom techniques. Detections incorporate suggested next steps and are made actionable through clear evidence, enabling front-line analysts to validate, close, or escalate prioritised events with confidence. Senior analysts get timely detail on users and devices to support rogue device detection, insider threat investigations, threat hunting, and forensics.

Better prioritise monitoring

Significant features of the Winter 2019 release include:

  • User-to-Device Mapping: Easy correlation between users and devices allows analysts to investigate quickly, expediting validation without the need to cross-reference with other tools.
  • OS Auto-discovery: Operating system (OS) auto-discovery confirms and compares the OS each device is using with known behaviours of those systems to identify spoofing.
  • Enhanced Role Classification: Expanded role auto-classification uses behaviour to automatically infer more device types (e.g., mobile device, DHCP server, domain controller or DNS server), and then maintains groupings to keep analysts focused on what matters most.
  • Dynamic Device Grouping: Sophisticated device grouping permits users to define complex rules for extensive attributes and behaviour to better prioritise monitoring, detection, and triage.
  • Advanced Rules Engine: The advanced rules engine immediately detects known threats, policy violations, and risk-based detections.
  • Guided Investigation Workflows: One-click guided investigations link each detection to the right next steps, as well as the most relevant device's transaction and behaviour details, for instant validation of threats and faster MTTR.
  • Expanded Integrations: ExtraHop now integrates with ServiceNow CMDB, QRadar SIEM, and Palo Alto Networks firewalls.

Contextual workflow

With ExtraHop, security and IT teams can detect threats up to 95 percent faster, reduce resolution time by nearly 60 percent

Forcing analysts to switch between tools or manually pull together disparate data for an investigation increases cognitive load, delay, and the chance of missing a critical piece of evidence,” said Jesse Rothstein, CTO and Co-Founder, ExtraHop. “Our focus in this release is to bring authoritative data about every device's communications, OS, users, and network behaviour into a contextual workflow that guides analysts to the right answer immediately.”

With ExtraHop, security and IT teams can detect threats up to 95 percent faster, reduce resolution time by nearly 60 percent, and decrease unplanned downtime by as much as 86 percent. The innovative ExtraHop approach has been recognised by numerous organisations including Credit Suisse, JMP Securities, and independent analyst firms including Enterprise Management Associates.

Download PDF version Download PDF version

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Quick poll
What is the most significant challenge facing smart building security today?