Learn how Datashield partners with ExtraHop, our premier Network Detection and Response (NDR) partner, from our Director of Product Management Mike Heller.
I first met the ExtraHop team at RSA Conference 2020, just weeks before the world changed from COVID-19. After the initial meet and greets, we decided to schedule a time to do a deep dive post-conference. Datashield saw an immediate value-add that our service would bring from a technology perspective.
Datashield has been in the managed service space since 2009 and continues to leverage packets for our investigations and detections. We have a highly sophisticated team in the Security Operations Center (SOC) with extensive experience in deep packet analysis.
The synergy created between ExtraHop's Reveal(x) platform and Datashield's managed detection and response services is crystal clear. Our clients that are deploying ExtraHop see immediate benefits of network detection and the long-term gains of advanced insights from our SOC.
Here are a few reasons we chose to partner with ExtraHop and how we are strengthening the overall offering:
- Cloud-Based and Scalable: ExtraHop's Reveal(x) 360 fits very nicely into our cloud strategy. The security landscape is quickly moving to the cloud, and we find that organizations do not want to take on the expense of hosting appliances in their data centers. We also see our customers' ecosystem quickly changing, and the ExtraHop product allows for a quickly scalable solution as the needs of our customers continue to grow. Datashield is a leader in cloud security adoption, and we look to partner with forward-thinking companies like ExtraHop.
- Network Discovery: Maintaining an accurate, up-to-date inventory of devices inside a corporate network has been a longstanding challenge for security and IT teams. The rapid adoption of work-from-home policies, VPN, and IoT is making it even harder. Lack of visibility creates huge security holes and prevents Datashield analysts from detecting malicious events. Datashield considers data stewardship a crucial aspect of the service that we provide to our customers. A key objective is to manage and oversee an organization's data assets to help provide business users with high-quality data easily accessible in a consistent manner.
The ExtraHop Network Discovery feature ensures that every device that communicates across the network can be identified by observing its behavior. We pair this with the Datashield Asset Criticality Assessment that is completed with all customers that we monitor. This 2-day onsite assessment is completed by one of our security architects and has proven to be immensely valuable to Datashield and our customers.
ExtraHop improves our ability to detect by providing context around the most critical applications in a customer's environment and their dependencies. Additionally, it helps set the collaboration tone between our customer and the Datashield security team, increasing overall visibility with a first glance into the environment, which improves time to detect and setting expectations with support teams for configuration and deployment.
- Detection Capabilities: Combining the 24x7 monitoring of Datashield with the ExtraHop NDR provides superior detection capabilities against threats.
ExtraHop eliminates blind spots with complete coverage, including continuous visibility across all devices and workloads monitoring of all East-West and North-South Traffic while offering line-rate decryption of SSL/TLS 1.3 encrypted traffic. This technology enhances the ability of Datashield analysts to reduce the Mean Time To Respond (MTTR) in the environments that we monitor. Our content team works to customize bundles and triggers to develop and ensure threat defense continuously is optimal with content specific to attack vectors that matter to our customers.
Simply put, ExtraHop can detect threats that other tools miss. Their products offer cloud-scale machine learning applied to over one million predictive models. Datashield uses evidence-based knowledge about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. This threat intelligence is derived from petabytes of data per day in addition to behavioral analysis using more than 5000 features of data.
ExtraHop allows our team to respond 84% faster by going from the investigative stage to detection to forensics in just a few clicks with integrated response automation to act on threats immediately. The Datashield Security Team bolsters the ExtraHop offering by conducting proactive threat hunting. Our team goes beyond alert churn and regurgitation, bringing truly contextualized alerting with enhanced knowledge of the customer environment while reducing alert fatigue. The process of proactively searching through records is used to detect and respond to advanced cyber threats that evade traditional rule-or signature-based security controls.
Looking back now at our initial meeting at RSA Conference 2020, the Datashield and ExtraHop partnership brings a complete and needed offering to the security market by combining best-of-breed NDR technology with the white glove NDR monitoring approach by Datashield.