ExtraHop rolled out its first pure-play security product, Reveal(x).
The new product builds on the company’s earlier performance management software that uses machine learning to provide real-time insights into network behavior. It analyzes wire data that ExtraHop picks up, and automatically discovers, classifies, and prioritizes all devices, clients, and applications on the network. Reveal(x) then uses machine learning to produce insights and detect anomalies.
Relying on log data, which is self-reported, “has historically been a challenge” to security analysts, said Matt Cauthorn, VP of security at ExtraHop. “It’s not the complete picture. You need to round it out with an observational point of truth, and that point of truth is the network.”
To this end, the new security software also performs internal reconnaissance, scanning for open ports and active hosts, brute force attacks, attempted logins, and unusual access patterns. It detects lateral movement, which is how attackers move from an original point of entry across a network, searching for sensitive data or spreading ransomware. And it highlights communications between a compromised host within the network, suspicious activities such as large file transfers, and unusual application and user activity.
After highlighting anomalies and unusual activities, Reveal(x) gives these potentially malicious activities context — the exhibited behavior, baselined measurements, transaction details, and assets involved — to help security analysts determine the most important risks and streamline response to limit exposure.
Additionally, live activity maps show communications in real time and can replay transactions to show the incident’s timing and scope. It also provides detailed forensic evidence. This allows security teams to immediately determine the root cause of the attack by providing visibility into individual packets, Cauthorn said.
“Instead of data first, it’s insight first,” he said. “We’ve got this visual, investigative experience where we can visually represent a given asset. Then we go into the transactions themselves, and from there, we can go into the forensic trail or even the packets, replaying them in real time.”
ExtraHop has traditionally been a network performance monitoring company. But for the past several years, security has been its customers’ top use case for its real-time analytics software, Cauthorn said. So the company decided it was time to launch a security-specific product.
“Our scale and flexibility, and on top of that our analytical capabilities, have landed us in this one particularly sweet spot in the security landscape,” Cauthorn said.
A year ago, Cisco partnered with ExtraHop to boost the analytics capabilities of Tetration, Cisco’s data center analytics platform. ExtraHop integrates with a number of other technology partners including Amazon Web Services (AWS), Splunk, Palo Alto Networks, and Forescout to boost their real-time visibility and security posture. Cauthorn said ExtraHop’s new security product will continue to integrate with other vendors’ products.