ExtraHop is an industry leader in network detection and response (NDR), providing complete network visibility, real-time threat detection, and intelligent response at scale through their products.
ExtraHop Reveal(x) can block and quarantine threats through their response automation features. Their integration-driven approach allows Reveal(x) to interface with security orchestration and automation (SOAR) products, ticketing systems, network access controls, and firewalls.
Amazon Web Services
Amazon Web Services (AWS) partnered with ExtraHop to bring NDR to the hybrid cloud. Reveal(x) Cloud combines the insights and event data with AWS CloudWatch to deliver visibility at scale and identify events of interest, disabled log systems and suspicious file execution.
ExtraHop is also a member of the AWS Consulting Partner Private Offer (CPPO) program and is readily available on the AWS Marketplace.
ExtraHop partnered with Microsoft Azure to integrate with Virtual Network TAP. Reveal(x) can analyze and decode over 50 protocols at 10 Gbps of data per virtual appliance. Machine learning also provides rich, high-fidelity insights.
Their product offers full support of Azure SQL Databases and Azure Blob Storage protocols. Wire data detections can be integrated through Azure Security Center metrics and Structured Threat Information Expresttion (STIX) data.
The ExtraHop add-on for Splunk uses the ExtraHop REST APO to provide security and performance events to Splunk that would otherwise be difficult to log. The app for Splunk gives context to data provided by the add-on. Additional information includes: IP addresses, MAC addresses, hostnames, and three pre-configured dashboards (for DNS, Storage, and HTTP).
ExtraHop Reveal(x) integrates with QRadar SIEM immediately, no agents.
Use ExtraHop to give QRadar data not available from log sources for additional compliance reporting. Additionally, use ExtraHop to capture data from unreported public SaaS or on-prem application and forward to QRadar for analysis.
ExtraHop can integrate seamlessly with ArcSight’s platform to forward full-fidelity security events.
ExtraHop enables you to fully analyze every packet in your environment in real time and forward precisely what you want to LogRhythm.
Using ExtraHop Reveal(x), CrowdStrike Falcon Insight, and the bundle, users have NDR and EDR technology seamlessly integrated. Benefits include:
- Discovering and identifying all devices communicating on the network, even those not instrumented with the CrowdStrike Falcon Insight agent.
- Detecting threats on the network, including ransomware, strange VPN and VDI access patterns, data exfiltration and credential abuse
- Automatically quarantining devices impacted by network or endpoint attack behaviors
Palo Alto Networks
ExtraHop detects suspicious activity and then extracts relevant information to add it to an address group in Palo Alto Networks firewall or in Panorama. Palo Alto Network’s firewall policies will automatically block traffic to and from a compromised device.
Check Point Software Technologies Ltd.
Integrate Check Point Identity Awareness and Reveal(x) on AWS for automated response capabilities. By natively integrating with Check Point Identity Awareness gateways, Amazon SNS, and AWS Lambda, Reveal(x) for AWS eliminates the need to use direct API calls to target individual firewalls.
Cisco Identity Services Engine, Cisco Tetration, and ExtraHop integrate to detect and response to threats in real-time. ExtraHop also works with Cisco UCS and UCS-E to provide continuous, real-time application analytics.
Reveal(x) adds analytics to Phantom’s intelligent orchestration platform. Send event details to Phantom and trigger playbooks to automate the response process.
ExtraHop passively discovers everything communicating with an organization’s network and streams the information into the ServiceNow Configuration Management Database (CMDB) with no manual configuration required.
Add ExtraHop performance and security anomalies to your Slack channel to streamline your information flow.
The Datashield Advantage
Datashield has helped our clients implement ExtraHop using our proprietary orchestration tool, SHIELDVision. Our security engineers can architect and deploy Reveal(x) in multiple cloud and hybrid environments.
Our experts are able to fine tune reports and provide security reporting in a single pane of glass, 24x7x365. Learn more about our cloud-native managed detection and response (MDR) service here.
If your organization is considering Reveal(x), contact us for a no-cost consultation to see if Datashield is right for you.
We have experience migrating, building from scratch and hybridizing cloud security as well as serving as a complete outsourced SOC or co-managed environment.