CM – ExtraHop extends response and forensics functions with deep threat insights for hybrid cloud


ExtraHop, the leading provider of cloud-native network detection and response (NDR), announced new features and offerings that provide deep forensic insights for advanced threat response activities. Adding Reveal (x) 360 Ultra sensors to Amazon Web Services (AWS) workloads provides highly scalable, SaaS-based detection, response, and forensic investigation capabilities. ExtraHop also provides forensic data to AWS customers with ExtraHop Packet Basics, a free package capture product available exclusively on the AWS Marketplace. These innovations focus on helping tight security teams investigate and remediate advanced threats.

According to a recent ESG Research report, key threat detection and response goals include improving advanced threat detection (34%) and reducing average threat response time (29%). Incident response teams need improved threat detection and response efficiency, especially in the case of advanced persistent threats that move sideways across networks for extended periods of time.

« Blocking and containment are no longer enough for organizations supporting hybrid networks, remote workers, and an overall surge in advanced threats that follow a game book of landing and turning within an organization, » said Rajiv Thomas, senior systems engineer, Gas South . « ExtraHop’s focus on response and forensics equips my team with the tools they need for in-depth investigation and sideways movement to fully understand what has been compromised – and for how long. »

« The sophisticated ones Today’s attacks are no longer similar to the smash-and-grab tactics of the past, ”said Jon Oltsik, senior principal analyst and fellow at Enterprise Strategy Group (ESG). “Attackers use covert techniques to break into networks, land on vulnerable devices, and move to their desired destinations, all while watching and waiting. These innovations from ExtraHop can offer incident response teams an optimized workflow and investigation options with forensics, so that they can better identify their overall threat situation and reduce the mean time to response (MTTR). « 

“It is time to think more broadly about the R in NDR. While blocking and containment are important steps, full incident response is about gathering forensic evidence, sharing it between teams to determine the root cause, put together an actionable plan, and the risk or vulnerability from the company’s environment to eliminate, ”said Jesse Rothstein, co-founder and CTO, ExtraHop. « The defense and forensics functions of our network detection and response solution offer emergency responders a real tool for the entire spectrum of response from hunting to investigations to remediation, not just another alarm cannon. »
Reports of threats
ExtraHop is the only NDR provider with the option of looking back 90 days to assess the “explosion radius” for critical CVEs, exploits and zero days. New in-product threat briefing reports provide comprehensive information about the threat and highlight potentially vulnerable devices on the network. They also include threat-related detections and recommended remediation actions for recent incidents such as REvil (Kaseya) ransomware campaign and Microsoft’s PrintNightmare vulnerability. The threat briefing and built-in detectors help security teams understand the impact of the impact, which in turn drives a critical incident response process.
Reveal (x) 360 ultra sensors
With 84% of organizations planning to migrate more workloads and data to cloud-based models within the next year, cybersecurity teams need to develop a cloud network security strategy. Because cybercriminals can spread attacks quickly through the cloud infrastructure, teams need packet-level visibility on their network to track both north-south and east-west movements and a method of responding to incidents. Reveal (x) 360 Ultra sensors provide users with all of the security features of ExtraHop’s flagship cloud NDR solution plus packet capture forensics. It provides streamlined deployment for AWS users and always-on incident response tools.
ExtraHop package basics
In recent attacks, such as the REvil (Kaseya) ransomware campaign, which failed to trigger detections, continuous packet capture allowed analysts to go back in time and examine packets for appropriate forensics. ExtraHop Packet Basics is a free solution for AWS that provides incident responders, threat hunters, and investigators with more forensic details than is available in logs and data from agents and firewalls. ExtraHop Packet Basics is available on AWS Marketplace and can be deployed to an AWS environment with one click.

Similar title :
ExtraHop shows extension of reaction and forensic functions -Features
ExtraHop expands response and forensics capabilities with Deep Threat Insights for Hybrid Cloud


ExtraHop Networks,Cloud computing,Computer security,ExtraHop Networks, Cloud computing, Computer security,,,

Donnez votre avis et abonnez-vous pour plus d’infos

Vidéo du jour: