ExtraHop Networks Inc - Experts & Thought Leaders

ExtraHop, a pioneer in cloud-native network detection and response (NDR), announced it is open-sourcing its expansive 16 million-row dataset, one of the most robust available to help defend against domains generated by algorithm (DGAs). This is to level the playing field for defenders and empower businesses of all sizes to better secure their organisations by strengthening defenses against malware and botnet operations. Cyber landscape Amid a widening cybersecurity skills gap (up 26% in 2022) and dwindling resources, the cyber landscape is rapidly evolving.  As new threats rapidly appear, open-sourced research and datasets are a solution to overcoming the challenges security teams face daily. Addressing the cybersecurity gap Collaboration among the cybersecurity community is invaluable, coming together to share our best work" “The challenges we face in security are formidable and dynamic, and, with this initiative, we’re democratising the tools needed for threat research detection for security teams of all sizes, backgrounds, and industries,” said Raja Mukerji, Chief Scientist and Co-Founder, ExtraHop. Raja Mukerji adds, “Collaboration among the cybersecurity community is invaluable, coming together to share our best work is the only way to remain on the offense and put attackers at a disadvantage. Our research will be a game-changer for the community and we encourage other teams to open source their insights that will similarly benefit the industry at large.” DGA detector dataset Striving for industry collaboration, ExtraHop is releasing its DGA detector dataset, made up of more than 16 million rows of data, on GitHub to help security teams identify malicious activity in their environments before it becomes a business problem. DGAs are used by threat actors to maintain control within an organisation’s environment upon making their entrance onto a network, making attacks difficult to detect and stop. Reveal(x) Originally built for ExtraHop’s award-winning NDR platform, Reveal(x), this research can be used by any security researcher to construct their machine learning (ML) classifier model to more quickly identify DGAs and intervene in attacks with greater speed and precision.  Since its implementation in Reveal(x), the ExtraHop DGA model has demonstrated more than 98% accuracy. Detect DGAs swiftly “Giving threat actors the ability to operate undetected and an uptick in these types of attacks, DGAs are increasingly considered a major threat to businesses today,” said Todd Kemmerling, Director of Data Science, at ExtraHop. Todd Kemmerling adds, “As we began developing a model for detecting DGAs, it became apparent there was a lack of public datasets accessible to security teams with a wide-ranging set of resources. With this dataset, we are filling that gap, giving any security team access to the pivotal data needed to detect DGAs swiftly.”

The XDR Alliance™ announced the release of a new set of open-source API specifications that help pioneering cybersecurity vendors collaborate and more easily integrate their advanced technology solutions. As a result, end-user customer organisations worldwide can rationalise their disparate and previously siloed cybersecurity solutions, enabling them to more easily operationalise broader coverage for threat detection, investigation, and response (TDIR) use cases. Customers can extract more value from their existing technology tools and avoid proprietary approaches from portfolio vendors.  On average, organisations have more than 31 security tools deployed. In order for security teams to work efficiently, it’s critical that these tools integrate seamlessly within organisational workflows. Open-source APIs facilitate communication between the solutions required for the most extensive and dependable security coverage. Author's quote Despite the hype, there is no single technology company on the market that can do it all" “Despite the hype, there is no single technology company on the market that can do it all. Robust security coverage requires integration and collaboration among the best of the best cyber solutions, easily working together without obstacles,” said Gorka Sadowski, Founder, XDR Alliance and Chief Strategy Officer, Exabeam. He adds, “We hear customers loud and clear. They want to minimise vendors yet avoid vendor lock-in, and want best-of-breed without paying an integration tax. We have solved this conundrum and it’s at the core of our API announcement today.”  XDR Alliance’s open-source CIM The new open-source API specifications are a follow-up to the XDR Alliance’s open-source Common Information Model (CIM), which provides the broader cybersecurity community with a common foundation for understanding, normalising, getting deeper visibility into, and enriching data across technologies.  The APIs have been developed in collaboration with member organisations earning domain expertise across endpoint, network, cloud, identity, email security, security analytics, security log management, SIEM, and more to provide the most in-depth security coverage for organisations.  XDR Alliance member quotes Armis  Collaborating more effectively to support end-user integration is essential to furthering" “It's critical that enterprises and governments globally prioritise cybersecurity, implementing robust and resilient programs that address the new extended attack surface that managed and unmanaged connected assets create,” said Nadir Izrael, CTO and Co-Founder, Armis. He adds, “We're proud to participate in the XDR Alliance to offer our expertise here, joining forces with our peers that bring unique insight in their respective areas. Collaborating more effectively to support end-user integration is essential to furthering the cybersecurity industry and protecting society from the malicious attacks of cybercriminals.” Banyax  “The Banyax mission is to provide world-class cybersecurity TDIR services for every organisation in our geography. To do so, it’s critical for us to help our customers easily integrate all their tools,” said Carlos Alanis, CEO and Co-Founder at Banyax. He adds, “We have already adopted these APIs to improve the operationalisation of our services across our customer base and have seen the benefits firsthand.”  Exabeam  Exabeam is grateful for the collaboration of all XDR Alliance members in their support of this initiative" “As a pioneering SIEM and behavioural analytics platform provider, Exabeam connects the dots between all the disparate technologies deployed in organisations and integrates them to power TDIR use cases and outcomes for the simplest to the most demanding environments,” said Seth Spiel, Head of Product Application Platform, Exabeam. He adds, “These open-source API specifications enable easier, tighter, and more complete tool rationalisation, and Exabeam is grateful for the collaboration of all XDR Alliance members in their support of this initiative.” ExtraHop  “In cybersecurity, the network is a key source of truth, shining a light on all traffic: malicious, mundane, and everything in between,” said Phil Shigo, Vice President, Business Development, ExtraHop. “It is important that the broader cybersecurity community is able to correlate robust network insights with a wide range of data sources - logs, endpoints, and more - to gain a greater understanding of how an attacker enters an environment and carries out their offence. The latest from the XDR Alliance is a key step to achieving this cohesion throughout the SOC, helping enterprises uncover cyberattacks before it's too late.”  Mimecast  Mimecast is committed to the open XDR approach to create a more cybersafe email experience" “Because email is a favourite delivery vector for adversaries, any cybersecurity strategy needs to include email security use cases in scope. Mimecast is committed to the open XDR approach to create a more cybersafe email experience for everyone,” said Jules Martin, Vice President Technology Alliances, Mimecast. He adds, “We are excited to have contributed to these API specifications available as open source, and look forward to seeing the benefits.”  Netskope  “The modern workforce's use of the cloud demands protection wherever users, apps, and data are located. Netskope is proud to have added its unique insights into cloud security to the XDR Alliance definitions of open-source API specifications for the benefit of our customers and the broader user community,” says Andy Horwitz, Vice President, Business Development and Technology Alliances at Netskope. ReliaQuest  “ReliaQuest provides detection, investigation and response services for hundreds of organisations worldwide, and at-scale integrations between disparate tools is critical for us to provide effective offerings to our customers. We are excited to have contributed to the XDR Alliance’s open-source API specification which will help our users break down silos between their security solutions,” says Brian Foster, President of Product and Technical Operations at ReliaQuest. In the past year, the XDR Alliance has welcomed Banyax, Deloitte, and ReliaQuest as new members to strengthen its presence in the MSSP/MDR market.

ExtraHop, a pioneer in cloud-native network detection and response NDR, announces support for Amazon Security Lake from Amazon Web Services (AWS). The offering will allow customers to share network insights from Reveal(x) 360™, the ExtraHop NDR platform, on AWS from cloud, on-premises, and custom sources into a purpose-built data lake stored in their account. Faster threat detection According to an ExtraHop report, 67% of IT and cybersecurity professionals experience friction in the cloud, including visibility and coverage gaps. Amazon Security Lake helps to overcome these challenges by automatically centralising security data from disparate sources into a purpose-built data lake, allowing customers to store, analyse, and query insights from any environment, application, or solution at petabyte scale. Amazon Security Lake helps to overcome these challenges by automatically centralising security data When integrated with Amazon Security Lake, ExtraHop securely feeds detections identified on the network to the customer’s Amazon Security Lake. Customers who subscribe to Amazon Security Lake can access and take action with ExtraHop data, as well as data from other sources in Amazon Security Lake, for faster threat detection, investigation, and response. Faster threat detection “Our long-term relationship with AWS has provided organisations with significant advantages over the years as they realise the tremendous value derived from network intelligence in cloud environments,” said Raja Mukerji, Co-Founder and Chief Customer Officer, ExtraHop. Raja Mukerji adds, “This new integration with Amazon Security Lake is the next natural step in our relationship. ExtraHop customers on AWS now gain complete end-to-end visibility, streamlined investigations, and immediate value by integrating their network insights with best-of-breed endpoint and log sources.”