Download PDF version Contact company

ExtraHop, globally renowned provider of cloud-native network detection and response solutions, has announced a new integration with Amazon Web Services (AWS) that automates the isolation of compromised Amazon Elastic Compute Cloud (EC2) instances and empowers security operations teams to create a wide range of customisable response automations, from quarantining and blocking to ticketing and tagging.

ExtraHop Reveal(x) Cloud

Alongside the new automation capability, ExtraHop Reveal(x) Cloud offers continuous packet capture in AWS

Alongside the new automation capability, ExtraHop Reveal(x) Cloud now offers continuous packet capture in AWS. That reduces the amount of time, effort, and money required to perform packet-level analysis while providing security teams with the forensic detail they need to get to root cause or to fulfill chain-of-custody requirements.  

Response automation is considered the Holy Grail for many security operations, allowing teams to snuff out threats before they further infiltrate or damage the organisation. But when done at a tool level instead of a system level, response automation too often results in devices being quarantined or systems being shut down based on unreliable data or incomplete information.

ExtraHop integration with AWS

Lengthy investigation time compounds the challenge, leaving critical systems idle until the threat can be remediated, and potentially resulting in business downtime and lost revenue. The latest ExtraHop integration with AWS brings precision to both response automation and investigation workflows in the cloud.

The AWS quarantine integration combines high-fidelity detections from Reveal(x) Cloud with AWS security group policies to automatically quarantine compromised EC2 instances, enabling timely and targeted response.

Streamline investigations in cloud and hybrid environments

Security teams can also modify the trigger, or write a new trigger, to take different actions when detection violates policies. With right-sized continuous packet capture, Reveal(x) Cloud takes an analytics-first approach to investigation, allowing security operations teams to go from detection to associated packets in a matter of clicks, keeping investigations fast and focused.

Reveal(x) Cloud also includes new features that streamline investigation in cloud and hybrid environments, enabling analysts to rapidly identify and respond to the highest priority threats.

  • 1G, 5G, and 10G SaaS offerings with Continuous Packet Capture within AWS environments support streamlined and guided investigation for any incident. Customers can begin purchasing the Reveal(x) Cloud PCAP for AWS offering in early 2020.
  • Related Detections reduce response time by automatically surfacing similar threats across architectures in a Reveal(x) Cloud investigation workflow. This provides SecOps teams with a unified view of attack patterns happening in the environment.
  • Enhanced reporting capability provides executive-level overviews of security posture at the touch of a button. Reports zero in on critical threats while also delivering high-level insight into compliance across hybrid and cloud environments.

Advanced visibility and detection

Though AWS supports strong controls, companies are responsible for securing their own workloads, which is a daunting task with the current cyber security skills shortage and nascent cloud security market,” said Jesse Rothstein, CTO and co-founder, ExtraHop.

Jesse adds, “Our Reveal(x) solution provides SecOps teams with advanced visibility, detection, and response for hybrid environments. We are constantly working to expand our capabilities, and this integration with AWS is another step towards winning the arms race in enterprise security.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?