ExtraHop has introduced new features and offerings that provide deep forensic insight for advanced threat response activity.
New Reveal(x) 360 Threat Briefings deliver one-click incident response reports to retroactively investigate critical CVEs and exploits, while the introduction of Reveal(x) 360 Ultra Sensors to Amazon Web Services (AWS) workloads provides highly scalable, SaaS-based detection, response, and forensic investigation capabilities. ExtraHop is also making forensic data available to AWS customers with ExtraHop Packet Basics, a free packet capture product available exclusively on the AWS Marketplace. These innovations focus on assisting strapped security teams with the investigation into and remediation of advanced threats.
According to a recent report from ESG Research, top threat detection and response goals include improving detection of advanced threats (34 percent) and improving the mean time to respond to threats (29 percent). Incident response teams need better threat detection and response efficacy, especially as it relates to advanced persistent threats that move laterally across networks over extended periods of time.
“Blocking and containment is no longer enough for organizations supporting hybrid networks, remote employees, and a general uptick in advanced threats that follow a playbook of landing and pivoting within an organization,” said Rajiv Thomas, Senior Systems Engineer, Gas South. “ExtraHop’s focus on response and forensics arms my team with the tools they need for deep investigations, tracking lateral movement to fully understand what has been compromised––and for how long.”
“Today’s sophisticated attacks no longer resemble the smash and grab tactics of the past,” said Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG). “Attackers use stealthy techniques to enter networks, land on vulnerable devices, and pivot to their desired targets, all the while watching and waiting. These innovations by ExtraHop can provide incident response teams with streamlined workflow and investigative capabilities with forensics so they can better identify their overall threat exposure and reduce mean-time-to-respond (MTTR).”
“It's time to think more broadly about the R in NDR. While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organization’s environment,” said Jesse Rothstein, co-founder and CTO, ExtraHop. “The defense and forensics capabilities of our network detection and response solution gives incident responders a true tool for the full spectrum of response from hunting and investigations to remediation, not just another alert cannon.”
Threat Briefing Reports
ExtraHop is the only NDR provider with the ability to look back 90-days retroactively to assess the “blast radius” for critical CVEs, exploits, and zero days. New in-product Threat Briefing reports include comprehensive information about the threat and highlight potentially vulnerable devices on the network. They also include detections associated with the threat and recommended remediation actions for recent incidents like the REvil (Kaseya) ransomware campaign and Microsoft’s PrintNightmare vulnerability. The Threat Briefing and embedded detectors help security teams know the impact footprint which in turn drives a decisive incident response process.
Reveal(x) 360 Ultra Sensors
With 84 percent of organizations planning to migrate more workloads and data to cloud-based models within a year, cybersecurity teams need a plan for network security in the cloud. The ability of cybercriminals to quickly proliferate attacks via cloud infrastructure means teams need packet-level visibility into their network to track both north-south and east-west movement and a means for incident response. Reveal(x) 360 Ultra Sensors give users all of the security capabilities of ExtraHop’s flagship cloud NDR solution plus packet capture forensics. It provides streamlined deployment for AWS users and always-on incident response tools.
ExtraHop Packet Basics
For recent attacks like the REvil (Kaseya) ransomware campaign, which didn't cause detections to fire, continuous packet capture enabled analysts to go back in time and inspect packets for proper forensics. ExtraHop Packet Basics is a free solution for AWS that provides incident responders, threat hunters, and investigators with richer forensic detail than what is available in logs and data from agents and firewalls. Available on AWS Marketplace, ExtraHop Packet Basics can be deployed in an AWS environment with the click of a button.