<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

ExtraHop: Reveal(x) 360

extrahop reveal(x) 360

ExtraHop is a leader in Network Detection and Response (NDR), a security solution category that focuses on detecting malicious network activity. They look beyond malware threats and help protect against insider attacks, lateral movement, and data exfiltration. 

ExtraHop’s cloud-first solutions provide security across on-prem and cloud environments with 360-degree visibility and situational intelligence. 

ExtraHop Reveal(x) 360 unifies security controls across hybrid, multicloud, and IoT environments. 

Real-Time Stream Processing 

ExtraHop’s real-time stream processor takes unstructured network packets and transforms them into structured wire data at line-rate. Depending on traffic types, protocols, and security policies, ExtraHop Reveal(x) 360 can perform a variety of processes in real-time. 

Here are some of the real-time actions Reveal(x) 360 can perform: 

 

Line-Rate Decryption 

The stream processor is able to decrypt SSL/TLS 1.3-encrypted traffic, including cipher suites that support Perfect Forward Secrecy (PFS) at line rate. The bulk decryption scales to 64,000 SSL transactions per second (TPS) using 2048-bit keys. 

 

TCP State Machines 

The stream processor can recreate the TCP state machines for every sender and receiver communicating on the network. Understand all TCP mechanisms and their impact for deeper application-protocol analysis. 

 

Wire-Protocol Decoding and Full-Stream Reassembly 

The real-time stream processor decodes 70+ protocols in hybrid and cloud IT environments. The processor can then construct complete flows, sessions, and transactions. Total application fluency is provided, allowing for higher-order content analysis. The processor is even able to automatically resynchronize and recover in the event of traffic anomalies like microbursts that would otherwise result in packet loss.

 

Full-Content Analysis 

After reassembling packets into full streams, the processor analyzes payload and content from layers 2-7. It can automatically discover and classify devices and clients communicating on the network. The processor will continuously correlate relationships between clients, applications, and infrastructures with over 5,000 built-in metrics. 

Full-content analysis supports protocols, providing key performance indicators (KPIs) such as: 

  • Database methods used 
  • Files accessed by a user 
  • Storage errors 
  • DNS records and errors 
  • Web URI processing time and status codes 
  • SSL certificates with expiration 

The stream processor also captures sophisticated network metrics such as receive-window throttles, retransmission timeouts, and Nagle delays. 

 

Fully Programmable Telemetry 

Customize the telemetry captured by the stream processor to provide personalized, relevant results. 

Application Inspection Triggers can be used as necessary to extract anything from a header to the full application payload. Users can also use triggers to extract, measure, and visualize data from fields or decode protocols based on TCP and UDP. 

Machine Learning and Global Intelligence 

Reveal(x) 360 takes petabytes of real-time threat telemetry and cloud-based machine learning to stay ahead of the curve. Their cloud-scale machine learning has over a million predictive models for typical enterprise deployment to identify suspicious behaviors and potential threats. 

ExtraHop's machine learning service detects cyber kill chain behaviors such as reconnaissance, exploitation, lateral movement, command and control, and actions on objective. ExtraHop also provides coverage for the MITRE ATT&CK Enterprise Matrix and detects ransomware, botnets, and unauthorized data exfiltration. 

 

Machine Learning Algorithms 

  • Attack detection: Self-adaptive unsupervised attack detection models using proprietary time series analysis and outlier detection algorithms. 
  • Entity importance: Interference engine for determining entity importance and network privilege based on observed behaviors and graph analytics 
  • Device identification: Entity clustering engine that identifies similar devices 
  • Peer group identification: Detects peer group outliers 
  • Risk score determination: Engine that scores based on domain expertise and customer base telemetry 

Continuous Intelligence 

Reveal(x) 360 automatically updates its detectors, threat intelligence feeds, and IoT profiles. 

 

Customer Data Security 

De-identified metadata is sent to ExtraHop’s cloud-based machine learning service. ExtraHop has SOC 2 Type I compliance certification for machine learning tech. 

Cloud Record Store and Data Indexing 

By providing cloud-based record storage, organizations can augment record capacity with cost-efficient upfront capacity reservations, pay-for-use record capacity as needed, or both. 

Data Visualization and Exploration 

Security teams can fully utilize Reveal(x) 360 by using its data visualization features. 

  • Customized dashboards: Create tailored dashboard interfaces and widgets. 
  • Visual Query Language: Quickly investigate threats using the visual query language, no scripting needed. 
  • Live Activity Maps: Security teams can see activity presented in a visual format to see protocol-based connections between devices and applications in real-time. 
Pricing 

Pricing for Reveal(x) 360 depends on two questions: 

 

What environments and workloads do you need to secure? 

Deploy Reveal(x) 360 for on-prem, cloud, and edge environments. It can be deployed in a data center, branch office, Amazon Web Services, Azure, and Google Cloud. 

 

How much record capacity is needed? 

Each Reveal(x) 360 cloud sensor has built-in record capacity. If a customer exceeds the built-in record capacity at the account level, cloud record storage overage will be charged in arrears on a monthly basis. 

 

The Datashield Advantage 

Using SHIELDVision powered by ExtraHop, Datashield leverages automated, intelligence-driven threat hunting, internally developed threat detection content, and centralized reporting for all customers simultaneously, regardless of size. 

We have assisted our clients in using cloud-native solutions for a hybrid or complete cloud architecture. Choosing an MSSP with a consultative approach will ensure your organization picks the solution that best fits your business operations and future goals. 

If your organization is considering Reveal(x) 360, contact us for a no-cost consultation to see if Datashield is right for you.  

We have experience migrating, building from scratch and hybridizing cloud security as well as serving as a complete outsourced SOC or co-managed environment. 

Contact Us 

Topics from this Article

SHIELDVision, Threat Intelligence, Cloud SIEM, NDR, Network Detection and Response, ExtraHop

Cassidy Trowbridge
Cassidy Trowbridge
Cassidy is a marketing specialist at Datashield. She manages Datashield's content and social marketing strategies.

Related Posts

ExtraHop: Reveal(x) 360

Mimecast: Large File Send

Mimecast Large File sending service provides a solution for companies to send and receive large files without leaving the Microsoft Outlook e-mail platform's ecosystem and avoids using third-party file senders, which complicates overall IT security defenses.

Mimecast: Outlook Plugin

Mimecast is a security company that offers solutions for corporate users to secure their email communications along with threat detection technologies.