Intelligent CISO Issue 03 | Page 60

Reveal(x) focuses the security analysts’ attention on the most important risks and streamlines response to limit exposure. behavioural patterns as they occur and correlates them against continuously monitored critical assets so that security teams can target the most immediate threats • Automated investigation: The Reveal(x) analytics-first workflow takes you from issue to associated packets in a matter of clicks. This simplicity replaces hours spent manually collecting and parsing through data, enabling real-time insights and rapid root cause determination. Global search and indexing provide immediate access to security insights. And ExtraHop integrates with existing security infrastructure and automates response using Splunk, Phantom, Palo Alto, ServiceNow, Cisco, Ansible and others. “Attack surfaces are expanding and the sophistication of attackers is increasing. There simply aren’t enough talented security professionals to keep up,” said Jesse Rothstein, CTO and co- founder, ExtraHop. 60 “Reveal(x) provides security teams with increased scrutiny of critical assets, detection of suspicious and anomalous behaviours and workflows for both automated and streamlined investigation. With the global availability of Reveal(x), we now enable practitioners across the world’s largest enterprises to do more with less by getting smarter about the data they already have.” Reveal(x) addresses the gaps in security programs by harnessing wire data, which encompasses all information contained in application transactions. It auto-discovers, classifies, and prioritises all devices, clients and applications on the network and employs machine learning to deliver high-fidelity insights immediately. Anomalies are directly correlated with the attack chain and highlight hard-to-detect activities, including internal reconnaissance, lateral movement, command and control traffic and exfiltration. “When you work in a business dealing with the nation’s leading insurance companies, there is a lot of pressure to get it right. We rely on ExtraHop to provide us with the visibility needed to investigate performance and security issues,” said Chris Wenger, Senior Manager of Network and Telecommunication Systems at Mitchell International. “With ExtraHop in our IT environment, we can more easily monitor all the communications coming into our network, including use of insecure protocols. These insights enable my team to better secure our environment. ExtraHop has been that extra layer of security for us.” Rob Bamforth, Independent Analyst, said a complete data source is the starting point for successful security analytics programmes. “Prioritising critical assets with insights from smart, machine learning-based network traffic analytics is a way to deliver comprehensive visibility that ultimately enables security teams to sort through the noise of threat alerts in order to detect and investigate what matters most, before critical damage is done,” he said. u Issue 03 | www.intelligentciso.com