sb-au logo
Story image

CrowdStrike and ExtraHop partner up to bolster cloud threat detection

ExtraHop has partnered with CrowdStrike, combining cloud-native detection and response with network-to-endpoint protection.

It comes as adoption of cloud services sees an unprecedented boom largely in response to its increased necessity throughout the COVID-19 era – but as ever, cyber attackers are loath to turn down an opportunity, and subsequently this rise in cloud adoption has exposed gaps in its security.

Threat actors have exploited misconfigured desktop protocol vulnerabilities and doubled down on phishing campaigns as millions work from home – and the integration announced by ExtraHop and CrowdStrike today is one of many attempts to prevent further breaches.

The partnership has culminated in an integration between ExtraHop Reveal(x) and CrowdStrike Falcon, which the companies say will marry network visibility, machine learning (ML) behavioural threat detection and decryption of SSL/TLS sessions.

Joint customers of the two companies can leverage the ‘best of both worlds’ – endpoint security and remediation of threats.

“Over the past five years, the security industry has undergone a seismic shift from a model of purely ‘prevention and protection’ to one that additionally delivers detection and response,” says ExtraHop co-founder and chief customer officer Raja Mukerji. 

“CrowdStrike and ExtraHop have been at the forefront of that shift, arming security organisations with the situational awareness and control they need to protect businesses and consumers in a perimeter-less world. 

“With this partnership and integration, our customers can now detect and respond to every threat from the core to the edge and everywhere in between.”

Here are the primary features of the new integration:

Real-time detection

Security teams can detect threats observed on the network such as network privilege escalation, lateral movement, suspicious VPN connections and data exfiltration.

Greater visibility of threats occurring on the endpoint can also be leveraged, which can range from ransomware, local file enumeration, directory traversal, and code execution. 

Instant response

The Falcon platform is notified immediately if Reveal(x) detects urgent threats, where it can contain impacted devices.

This action severs access to network resources, ensuring the incident does not turn into a more serious breach.

Continuous endpoint visibility 

With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats – even on devices where the CrowdStrike agent is not yet present. 

This alerts CrowdStrike customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents.

“The threat environment continues to grow in complexity as sophisticated cyber adversaries advance their attack techniques, evading security controls and gaining access to corporate networks,” says CrowdStrike vice president of worldwide business development and channels Matthew Polly. 

“Comprehensive visibility and real-time threat detection that allow for fast investigation and response at scale are imperative for organisations to spot and stop threats quickly. 

“Through this partnership, CrowdStrike and ExtraHop are providing customers the ability to identify and respond to malicious activity across the entire attack surface with a fully cloud-native integration that allows them to adapt with speed and agility.”

Story image
LogRhythm named #1 for customer satisfaction in G2 report
Named a Leader in G2 Research's reports for SIEM, Incident Response, and usability based on aggregated user rating data.More
Story image
Why enabling a remote workforce requires converging security at the edge
Fast-tracking an agile yet more secure remote workforce requires a recognition of the fundamental importance of cloud services and mobile access play for today’s users. More
Link image
Employee distraction, remote work & cyber risk - a recipe for disaster?
Moving your workforce out of the corporate office can bring big changes and potential risks in how they save their data. It is important that your IT team plan these changes with your employees.More
Story image
Businesses move to cloud-based security solutions in a bid to support remote working
Cloud-based security tools are becoming increasingly popular following the rise in remote working during COVID-19, including a marked increase in businesses using such tools to protect of corporate financial information.More
Download image
Workforce demographics and culture is changing. Management must too
The way we work is changing, and so is the make-up of the workforce. To get the best results, businesses need to take on dynamic workforce management.More
Story image
Australians ignoring cybersecurity policies in favour of productivity
Trend Micro has found that 67% of remote workers have increased their cybersecurity awareness during COVID-19 related lockdowns. However, despite greater awareness people may still engage in risky behaviour, the survey finds.More