sb-au logo
Story image

ExtraHop integrates with Google Cloud's new packet mirroring feature

26 Nov 2019

 Google Cloud has announced a new packet mirroring feature that integrates with ExtraHop’s ExtraHopReveal(x) to enable stronger threat detection, investigation, and response.

The packet mirroring feature enables Reveal(x) to analyse network traffic in a passive, agentless manner, in order to provide deeper visibility into security threats against workloads in Google Cloud.

Reveal(x) for Google Cloud Platform is able to automatically discover, classify, and map dependencies between workloads. It is also able to apply advanced machine learning to surface the most critical threats. Equipped with this information, GCP customers can rapidly identify, investigate, and respond to threats, fulfilling their obligations under the shared responsibility model.

ExtraHop CTO and cofounder Jesse Rothstein says that traditional security tools are falling short, which means new thinking is needed.

“Reveal(x) for GCP Packet Mirroring provides security teams with unparalleled network visibility and cloud-scale machine learning for detection and automated response across your business's complex attack surface.”

Through the integration with GCP packet mirroring, ExtraHop Reveal(x) provides full threat visibility, detection, and response across cloud and hybrid workloads.

Full Packet analysis: Reveal(x) leverages GCP Packet Mirroring to capture payloads and headers, enabling in-depth analysis and threat hunting. Machine learning at the application layer provides immediate detection of difficult-to-spot activity, including exfiltration.

Encrypted payload visibility: Reveal(x) decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.

Augmented investigation: Reveal(x) for GCP automates several early investigation steps to provide analysts with workflows that can be completed in clicks, enabling quick and confident response.

Google Cloud product manager Mahesh Narayanan says traffic visibility is an essential part of preventing security breaches and attacks, particularly as networks become more complex.

“With Packet Mirroring, our customers now have a way to proactively detect network intrusions, analyze, and diagnose application performance issues for both Compute Engine and Google Kubernetes Engine, across all regions and machine types."

Ulta Beauty is one organisation that sees benefits from the Google Cloud and Reveal(x) integration.

Ulta Beauty’s senior director of IT risk management and CISO Diane Brown explains, "Ulta Beauty is a company built on seeing possibilities. It's informed everything from our in-store shopping experience to how we build our business – including the technology that supports it.”

"In cloud computing, we see the ability to grow faster and deliver more 'wow' experiences to our customers. The new integration between ExtraHop Reveal(x) and Google Cloud's new packet mirroring accelerates our cloud adoption by giving us the visibility we need to secure our applications and protect our most precious asset, our customers."

ExtraHop Reveal(x) for GCP is now available in alpha.

Story image
rhipe adds Octopus licensing solutions to distie portfolio
The addition of Octopus Cloud provides rhipe partners with licensing solutions and management processes to support cloud transformation initiatives.More
Story image
Ivanti extends ESM automation capabilities with latest additions
Ivanti has made additions to its Enterprise Service Management (ESM) portfolio, with greater automation capabilities between service management and SecOps. More
Link image
Where is your data? You'll find out in 2021
Next year, we will start to realise exactly how much intellectual property was stolen by attackers during the 2020 remote working shift, writes Forcepoint global CTO Nicolas Fischbach.More
Story image
Financial firms exposing data through mismanaged access controls - Varonis
Almost two-thirds of the analysed firms leave more than 1000 sensitive files open for every employee to access.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More