SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

ExtraHop & CrowdStrike integrate platforms to boost security

Wed, 18th Sep 2024

ExtraHop has announced the integration of its network telemetry from the RevealX platform into the CrowdStrike Falcon cybersecurity platform.

This development aims to automate detection, investigation, and mitigation workflows for customers leveraging CrowdStrike's low-code application development platform, Falcon Foundry.

Joint customers will now be able to ingest network telemetry data from ExtraHop RevealX into CrowdStrike's Next-Gen SIEM. This data can then be orchestrated within Falcon Foundry to build custom detection and response workflows. When the ExtraHop RevealX platform detects abnormal network behaviours, Falcon Next-Gen SIEM processes the alert, correlates it with endpoint detection and response (EDR) data and other sources, and integrates this intelligence into Foundry apps and Fusion workflows.

This new integration offers several key benefits, including rapid detection and investigation of anomalous network activities through automated workflows. It also reduces the need for manual intervention in handling low-priority detections, allowing analysts to focus on critical tasks. In addition, the scalability of these customised workflows ensures that security processes remain effective as organisations grow.

"The ExtraHop RevealX NDR platform gives enterprises unique visibility into security threats as they propagate through the network and reveals risks that may not be visible through other security tools," said Kanaiya Vasani, Chief Product Officer at ExtraHop. "The breadth and depth of telemetry ExtraHop gathers from the network when combined with other data sources such as EDR, and the ability to build custom workflows to investigate a range of detections, helps customers accelerate response to security threats."

Daniel Bernard, Chief Business Officer at CrowdStrike, remarked on the significant advantages this integration brings: "With access to CrowdStrike's robust data and threat intelligence, Falcon Foundry enables users to establish creative solutions and workflows tailored to their organisation's unique needs. By adding network data from ExtraHop RevealX, a critical accelerant in understanding and closing security gaps, our partnership with ExtraHop elevates the speed in which joint customers respond to both endpoint and network threats."

The partnership between ExtraHop and CrowdStrike aims to address the increasing challenges faced by Security Operations Centres (SOCs), which include a talent shortage, siloed tools, and an overload of alerts. By automating tedious tasks and improving operational efficiency, SOC analysts can achieve quicker response times and build resilience against security threats across various domains.

This collaboration represents a significant step in enhancing the capabilities of cybersecurity platforms through the integration of comprehensive network telemetry and advanced orchestration tools. The ability to automate and customise workflows means that enterprises can be better equipped to handle evolving security threats in a streamlined and efficient manner.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X