SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
ExtraHop reveals expansion on response and forensics capabilities
Wed, 18th Aug 2021
FYI, this story is more than a year old

Network detection and response (NDR) vendor ExtraHop has announced a spate of new offerings and innovations to its advanced threat response activity.

The new features include one-click incident response reporting, SaaS-based NDR investigation capabilities, and a free packet capture product available on AWS Marketplace. ExtraHop says these innovations will focus on assisting busy security teams in investigating and remediating advanced threats.

The new offerings come as the demand for advanced threat detection and response reaches higher levels than ever. According to a recent report from ESG Research, incident response teams need better threat detection and response efficacy, especially as it relates to advanced persistent threats that move laterally across networks over extended periods.

“It's time to think more broadly about the R in NDR,” says ExtraHop co-founder and CTO Jesse Rothstein.

“While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organisation's environment.

 “The defence and forensics capabilities of our network detection and response solution gives incident responders a true tool for the full spectrum of response from hunting and investigations to remediation, not just another alert cannon.

Here is a breakdown of ExtraHop's new innovations:

Threat Briefing Reports

These reports include comprehensive information about threats that highlight the devices on the network that are particularly vulnerable.

They also include detections associated with the threat and recommended remediation actions for recent incidents like the REvil (Kaseya) ransomware campaign and Microsoft's PrintNightmare vulnerability.

Embedded detectors in the offering allow security teams to discern the impact footprint, which in turn drives a decisive incident response process.

Reveal(x) 360 Ultra Sensors

More data is being migrated to cloud-based models than ever, and security teams need a plan to secure the network. Teams need packet-level visibility in their network in order to defend against attacks on cloud infrastructure.

Reveal(x) 360 Ultra Sensors give users all of the security capabilities of ExtraHop's flagship cloud NDR solution plus packet capture forensics. It provides streamlined deployment for AWS users and always-on incident response tools.

ExtraHop Packet Basics

For recent attacks like the REvil (Kaseya) ransomware campaign, which didn't cause detections to fire, continuous packet capture enabled analysts to go back in time and inspect packets for proper forensics.

ExtraHop Packet Basics is a solution for AWS that provides incident responders, threat hunters, and investigators with richer forensic detail than what is available in logs and data from agents and firewalls.