Network monitoring

 

Network monitoring and anomaly detection (intrusion detection/network response and detection)

ExtraHop Reveal(x) - Network Detection and Response

SecOPs teams are working under a tremendous load nowadays. The attacks, malware and phishing  are sophisticated and cybercriminals have unlimited time and resources to utilize them. False positive cases and extra noise is putting pressure and load on sysadmins and often you need to use multiple tools to find out what has happened when an attacker has breached you network.

Reveal(X) is a tool which uses passive sensors to collect all network traffic right out of the wire. It does not need agents or credentials to server or network devices as it uses mirror/spanning ports or network taps to collect the data. Even from the cloud services like Azure, AWS and Google cloud.

With Reveal(x) you'll get a view on over 80 protocols through network layers 2 to 7. Using the computing power of the cloud (in Frankfurt, Germany in EU area) and unique algorithms helps you to find the bad from the norm.

Intuitive user interface will show and guide you to mitigation suggestions even if you were not a SECops pro. This gives an advantage for the operating teams, instead of collecting all the logs from SIEM, servers, firewalls, workstations etc. and arrangin a meeting with different silos in a war room, you can detect and response to suspicious traffic in real time.

This gives an edge. When a breach is detected, according to GDPR rules you have 72 hours to report what was stolen. With Reveal(x) you will see everything all the way to TCP packet level. And in a secure way, the data is not in the network, the attacker cannot go and clean the logs nor even see that you're watching over their shoulder.

How does it work (in a nutshell)

When you fire up the Reveal(x) appliance (hardare or virtual) the first thing it does is start collectin the the data from the wire. During this initial time it creates a baseline and an inventory of the network devices. It starts to figure out what is normal and what is abnormal traffic. If there's malware running or outdated certificates or cipher suites, legacy servers etc. You may call it a Swiss Army Knife of a network traffic. Reveal(x) can decrypt TLS 1.3 traffic too, so it can see inside the encrypted traffic as well. (private keys must be available)

ExtraHop Reveal(x) components (appliances):

Discovery Appliance (EDA), Uses the passive sensors to collect the netwrok traffic from "mirror/spanning port, network tap "

Explore Appliance (EXA) Stores all the data and has a GUI for the user to see what is going on in the network.

Trace Appliance (ETA) packet capturing device which integrates with EDA and Command Appliance. User can download the PCAP with a single click on a button.

Command Appliance (ECA) centralized management applicance for environments with multiple EDA, EXA and ETA appliances. Command Appliance collect the data from distributed environments like branch offices and multiple datacenters or clouds.

Currently many network traffic analyzers need a lot of configuration work, agents and/or credentials to different data sources. Reveal(x) gets the data straight out from the wire and applies cloud based machine learning to it. This takes away the burden of keeping your configuration files and credentials up to date to keep up with the evolving threats.

Read more...

ExtraHop Reveal(x) - Properties


Automatic inventory
Always on and accurate inventory on the network traffic and devices and expired or erxpiring certificates and cipher suites.
Perfect Forward Secrecy Decryption
SSL and TLS 1.3 decryption allows you to see inside encrypted traffic.
Automatic anomaly detection
Automatically detect abnormal traffic and guide to investigate it.
Device categorizing
When the network devices are properly categorized and analyzed, it will help to detect the anomalies.
Advanced Machine Learning
Cloud based Machine Learning uses near 5000 different properties to analyze the traffic.
Detections and guided investigation
Reveal(x) guides the user to the root cause of the detection. Integrations with for example Phantom or Palo Alton can help to mitigate the problem. Reveal(x) has REST API integration possibilities and many built in integrations.

Use the form to contact us or give us a call +358 10 338 2170

More information from Extrahop: www.extrahop.com