Cyber security solutions provider, ExtraHop, has announced the launch of ExtraHop Reveal(x) Cloud – a Software-as-a-Service (SaaS)-based network detection and response (NDR) solution for the cloud-first hybrid enterprise.
ExtraHop’s Reveal(x) Cloud solution would provide deep and continuous visibility, enabling Security Operations (SecOps) teams to analyze every transaction, detect threats, and respond to attacks to gain control over their hybrid attack surface and protect their investment in the cloud.
The Reveal(x) Cloud solution is SaaS-based, providing security teams with a zero-infrastructure service for AWS that would deploy quickly, deliver immediate asset discovery, and offer threat detection, investigation, and response.
The solution takes advantage of new enterprise features introduced by AWS during AWS re:Inforce 2019, including Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring that supports passive observation of network traffic from cloud workloads, and private network peering that allows for the secured transmission of data between AWS accounts. It also connects natively with AWS data sources, such as Amazon CloudWatch, AWS CloudTrail, and Amazon VPC flow logs.
“Today, security operations teams often rely on tools and data sources like logs that don’t provide a complete picture,” said Dave Brown, Vice President, EC2 Compute and Networking Services, Amazon Web Services. “With the introduction of Amazon VPC traffic mirroring, we’re allowing customers to extract traffic of interest from any workload in an Amazon VPC and send it to the right tools to detect and respond faster to attacks often missed by traditional log- and agent-centric tools. With Reveal(x) Cloud, ExtraHop is delivering a purpose-built solution designed to enable AWS customers to take full advantage of network traffic for better cloud visibility, detection, and response.”
The ExtraHop Reveal(x) Cloud solution offers a host of features designed to help SecOps teams support the shared responsibility model, protect cloud workloads by ensuring compliance, and deliver security across the hybrid attack surface. Key features would include:
- Automatic Discovery and Classification – Up-to-the-minute visibility and classification across all cloud workloads allows SecOps teams to track rogue instances, prioritize investigations by risk score, and correlate malicious activity and asset criticality to focus on the highest-risk threats.
- Application Layer Decoding – Full support for AWS services, such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Elastic Load Balancing means visibility into behavior, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity.
- Encrypted Payload Visibility – Reveal(x) Cloud decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.
- Rich Integrations – AWS CloudTrail events enrich network-based threat detection with on-box activity (disabled logging, suspicious processes, suspect file execution), while connection with Amazon CloudWatch allows granular tracking of privilege manipulation. Customers can also leverage integrations with orchestration platforms, such as Phantom, ServiceNow, and Palo Alto Networks, to automate response workflows.
“The modern hybrid enterprise has created an expansive and complex attack surface that cannot be managed by traditional security tools or architectures,” said Jesse Rothstein, CTO and co-founder of ExtraHop. “It’s time to stop retrofitting old models onto the new reality and start building cloud-first security operations. With Reveal(x) Cloud and Amazon VPC traffic mirroring, SecOps teams finally have inside-the-perimeter visibility and control over their hybrid attack surface.”