SecOPs teams are working under a tremendous load nowadays. The attacks, malware and phishing are sophisticated and cybercriminals have unlimited time and resources to utilize them. False positive cases and extra noise is putting pressure and load on sysadmins and often you need to use multiple tools to find out what has happened when an attacker has breached you network.
Reveal(X) is a tool which uses passive sensors to collect all network traffic right out of the wire. It does not need agents or credentials to server or network devices as it uses mirror/spanning ports or network taps to collect the data. Even from the cloud services like Azure, AWS and Google cloud.
With Reveal(x) you'll get a view on over 80 protocols through network layers 2 to 7. Using the computing power of the cloud (in Frankfurt, Germany in EU area) and unique algorithms helps you to find the bad from the norm.
Intuitive user interface will show and guide you to
mitigation suggestions even if you were not a SECops pro. This
gives an advantage for the operating teams, instead of collecting
all the logs from SIEM, servers, firewalls, workstations etc. and
arrangin a meeting with different silos in a war room, you can
detect and response to suspicious traffic in real time.
When you fire up the Reveal(x) appliance (hardare or virtual) the first thing it does is start collectin the the data from the wire. During this initial time it creates a baseline and an inventory of the network devices. It starts to figure out what is normal and what is abnormal traffic. If there's malware running or outdated certificates or cipher suites, legacy servers etc. You may call it a Swiss Army Knife of a network traffic. Reveal(x) can decrypt TLS 1.3 traffic too, so it can see inside the encrypted traffic as well. (private keys must be available)
Discovery Appliance (EDA), Uses the passive sensors to collect the netwrok traffic from "mirror/spanning port, network tap "
Explore Appliance (EXA) Stores all the data and has a GUI for the user to see what is going on in the network.
Trace Appliance (ETA) packet capturing device which integrates with EDA and Command Appliance. User can download the PCAP with a single click on a button.
Command Appliance (ECA) centralized management applicance for environments with multiple EDA, EXA and ETA appliances. Command Appliance collect the data from distributed environments like branch offices and multiple datacenters or clouds.
Currently many network traffic analyzers need a lot of configuration work, agents and/or credentials to different data sources. Reveal(x) gets the data straight out from the wire and applies cloud based machine learning to it. This takes away the burden of keeping your configuration files and credentials up to date to keep up with the evolving threats.
Always on and accurate inventory on the network traffic and devices and expired or erxpiring certificates and cipher suites.
|Perfect Forward Secrecy Decryption
SSL and TLS 1.3 decryption allows you to see inside encrypted traffic.
|Automatic anomaly detection
Automatically detect abnormal traffic and guide to investigate it.
When the network devices are properly categorized and analyzed, it will help to detect the anomalies.
|Advanced Machine Learning
Cloud based Machine Learning uses near 5000 different properties to analyze the traffic.
|Detections and guided investigation
Reveal(x) guides the user to the root cause of the detection. Integrations with for example Phantom or Palo Alton can help to mitigate the problem. Reveal(x) has REST API integration possibilities and many built in integrations.
More information from Extrahop: www.extrahop.com