SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AWS
#
Cloud Services
#
Hyperscale
ExtraHop reveals expansion on response and forensics capabilities
Wed, 18th Aug 2021
FYI, this story is more than a year old
Author image
By Nick Forrester, Senior News Editor
Follow us

Network detection and response (NDR) vendor ExtraHop has announced a spate of new offerings and innovations to its advanced threat response activity.

The new features include one-click incident response reporting, SaaS-based NDR investigation capabilities, and a free packet capture product available on AWS Marketplace. ExtraHop says these innovations will focus on assisting busy security teams in investigating and remediating advanced threats.

The new offerings come as the demand for advanced threat detection and response reaches higher levels than ever. According to a recent report from ESG Research, incident response teams need better threat detection and response efficacy, especially as it relates to advanced persistent threats that move laterally across networks over extended periods.

“It's time to think more broadly about the R in NDR,” says ExtraHop co-founder and CTO Jesse Rothstein.

“While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organisation's environment.

 “The defence and forensics capabilities of our network detection and response solution gives incident responders a true tool for the full spectrum of response from hunting and investigations to remediation, not just another alert cannon.

Here is a breakdown of ExtraHop's new innovations:

Threat Briefing Reports

These reports include comprehensive information about threats that highlight the devices on the network that are particularly vulnerable.

They also include detections associated with the threat and recommended remediation actions for recent incidents like the REvil (Kaseya) ransomware campaign and Microsoft's PrintNightmare vulnerability.

Embedded detectors in the offering allow security teams to discern the impact footprint, which in turn drives a decisive incident response process.

Reveal(x) 360 Ultra Sensors

More data is being migrated to cloud-based models than ever, and security teams need a plan to secure the network. Teams need packet-level visibility in their network in order to defend against attacks on cloud infrastructure.

Reveal(x) 360 Ultra Sensors give users all of the security capabilities of ExtraHop's flagship cloud NDR solution plus packet capture forensics. It provides streamlined deployment for AWS users and always-on incident response tools.

ExtraHop Packet Basics

For recent attacks like the REvil (Kaseya) ransomware campaign, which didn't cause detections to fire, continuous packet capture enabled analysts to go back in time and inspect packets for proper forensics.

ExtraHop Packet Basics is a solution for AWS that provides incident responders, threat hunters, and investigators with richer forensic detail than what is available in logs and data from agents and firewalls.

Related stories
Keeper Security launches user-friendly passphrase generator
First-party data collection prioritised due to privacy laws
Building the cyber defences needed to ward off attacks
Keepit appoints cybersecurity veteran Kim Larsen as new CISO
Check Point boosts email security with new AI-powered features
Top stories
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds