SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

ExtraHop extends CrowdStrike integration with XDR functionality

ExtraHop, the specialist in cloud-native network intelligence, has announced an integration with CrowdStrike, a specialist in cloud-delivered protection of endpoints, cloud workloads, identity and data, to take security analysts from detection to threat containment to investigation with a single click.

The new push-button response integration expands the best-of-breed extended detection and response (XDR) partnership between the two companies, enabling users to quarantine individual assets from a detection directly within Reveal(x) and then pivot into an investigation workflow.

Armed with this capability, defenders can accelerate response times and minimise the impact to the business.

The new native push-button response feature within ExtraHop Reveal(x) gives defenders the tools they need to dramatically accelerate containment while minimising disruption to the organisation.

Unlike automated response offerings, push-button response gives security analysts the ability to control how and when assets are quarantined based on high-fidelity detections and enriched intelligence that extends from the network to the endpoint.

Jesse Rothstein, co-founder and CTO, ExtraHop, says, “Over the past five years, the security pendulum has started to swing more meaningfully towards a detect-and-respond model that assumes even the best perimeter defences will eventually be breached. But many organisations remain reluctant to invest more in this approach due to the complexity of playbook-driven response.

"With our new native push-button response, were continuing to build on our partnership with CrowdStrike and existing response integration capabilities to give defenders the ability to rapidly and precisely quarantine compromised devices without causing massive disruption to the organisation.

Chris Kissel, research director, security and trust, IDC, comments, “This new capability enables faster remediation and faster time to respond, letting teams focus on critical assets and resources. The focus on streamlining the work of the overburdened SOC analyst adds real value for defenders.

The push-button response integration builds upon ExtraHop's existing partnership with CrowdStrike which offers integrations throughout the CrowdStrike Falcon platform, including Falcon X, Threat Graph, Falcon Insight (with Real Time Response integration), Humio and Falcon XDR, to deliver XDR to joint customers around the world.

Unified Threat Intelligence: Reveal(x) 360 correlates indicators of compromise (IOCs) from CrowdStrike Falcon X and security telemetry from the CrowdStrike Falcon platform with network details and behavioural insights to deliver complete coverage. The data is correlated and contextualised in the Reveal(x) console.

Real-time Detection: With the integration of Reveal(x) 360 and the CrowdStrike Falcon platform, security teams can detect threats observed on the network such as network privilege escalation, lateral movement, suspicious remote access connections and data exfiltration. They also can thwart attack techniques occurring on the endpoint, including ransomware, local file enumeration, process spawning and code execution. This provides complete coverage across the entire attack surface.

Instant Response: With the new push-button response offering, security analysts can use the network containment capability of the CrowdStrike Falcon platform to instantly quarantine a device with a single click within the Reveal(x) platform. This approach cuts off attacker access to network resources and endpoints, stopping an attack in progress without disrupting business or slowing an analyst's investigation workflow.

Continuous Endpoint Visibility: With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats, even on devices where the CrowdStrike Falcon agent is not yet present. This alerts CrowdStrike customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents.

Geoff Swaine, vice president of global programs, store, and alliances at CrowdStrike, says, "With new advanced and evolving threats challenging organisations daily, security teams must act with impeccable speed and accuracy to safeguard the business from a breach.

"Our tight partnership and breadth of integration with ExtraHop helps to unify security telemetry across network and endpoints, providing customers with enhanced detection and response capabilities to stop advanced threats faster.

"This new capability offered in the ExtraHop platform helps deepen our integration, enabling security teams to quickly and precisely take action for more effective threat detection, investigation, and response across IT environments."

ExtraHop is also a launch partner of the CrowdXDR alliance, joining forces to establish common XDR language for data sharing between security tools and processes to enrich detections and threat hunting capabilities.

Follow us on: