ExtraHop is an industry leader in network detection and response (NDR), providing complete network visibility, real-time threat detection, and intelligent response at scale through their products.
ExtraHop Reveal(x) can block and quarantine threats through their response automation features. Their integration-driven approach allows Reveal(x) to interface with security orchestration and automation (SOAR) products, ticketing systems, network access controls, and firewalls.
Ingestion Integrations
Amazon Web Services
Amazon Web Services (AWS) partnered with ExtraHop to bring NDR to the hybrid cloud. Reveal(x) Cloud combines the insights and event data with AWS CloudWatch to deliver visibility at scale and identify events of interest, disabled log systems and suspicious file execution.
ExtraHop is also a member of the AWS Consulting Partner Private Offer (CPPO) program and is readily available on the AWS Marketplace.
Microsoft Azure
ExtraHop partnered with Microsoft Azure to integrate with Virtual Network TAP. Reveal(x) can analyze and decode over 50 protocols at 10 Gbps of data per virtual appliance. Machine learning also provides rich, high-fidelity insights.
Their product offers full support of Azure SQL Databases and Azure Blob Storage protocols. Wire data detections can be integrated through Azure Security Center metrics and Structured Threat Information Expresttion (STIX) data.
Correlation Integrations
Splunk
The ExtraHop add-on for Splunk uses the ExtraHop REST APO to provide security and performance events to Splunk that would otherwise be difficult to log. The app for Splunk gives context to data provided by the add-on. Additional information includes: IP addresses, MAC addresses, hostnames, and three pre-configured dashboards (for DNS, Storage, and HTTP).
IBM QRadar
ExtraHop Reveal(x) integrates with QRadar SIEM immediately, no agents.
Use ExtraHop to give QRadar data not available from log sources for additional compliance reporting. Additionally, use ExtraHop to capture data from unreported public SaaS or on-prem application and forward to QRadar for analysis.
ArcSight
ExtraHop can integrate seamlessly with ArcSight’s platform to forward full-fidelity security events.
LogRhythm
ExtraHop enables you to fully analyze every packet in your environment in real time and forward precisely what you want to LogRhythm.
Response Integrations
Fully Automated
CrowdStrike
Using ExtraHop Reveal(x), CrowdStrike Falcon Insight, and the bundle, users have NDR and EDR technology seamlessly integrated. Benefits include:
- Discovering and identifying all devices communicating on the network, even those not instrumented with the CrowdStrike Falcon Insight agent.
- Detecting threats on the network, including ransomware, strange VPN and VDI access patterns, data exfiltration and credential abuse
- Automatically quarantining devices impacted by network or endpoint attack behaviors
Palo Alto Networks
ExtraHop detects suspicious activity and then extracts relevant information to add it to an address group in Palo Alto Networks firewall or in Panorama. Palo Alto Network’s firewall policies will automatically block traffic to and from a compromised device.
Check Point Software Technologies Ltd.
Integrate Check Point Identity Awareness and Reveal(x) on AWS for automated response capabilities. By natively integrating with Check Point Identity Awareness gateways, Amazon SNS, and AWS Lambda, Reveal(x) for AWS eliminates the need to use direct API calls to target individual firewalls.
Cisco
Cisco Identity Services Engine, Cisco Tetration, and ExtraHop integrate to detect and response to threats in real-time. ExtraHop also works with Cisco UCS and UCS-E to provide continuous, real-time application analytics.
Augmented Workflow
Phantom
Reveal(x) adds analytics to Phantom’s intelligent orchestration platform. Send event details to Phantom and trigger playbooks to automate the response process.
ServiceNow
ExtraHop passively discovers everything communicating with an organization’s network and streams the information into the ServiceNow Configuration Management Database (CMDB) with no manual configuration required.
Slack
Add ExtraHop performance and security anomalies to your Slack channel to streamline your information flow.
The Datashield Advantage
Datashield has helped our clients implement ExtraHop using our proprietary orchestration tool, SHIELDVision. Our security engineers can architect and deploy Reveal(x) in multiple cloud and hybrid environments.
Our experts are able to fine tune reports and provide security reporting in a single pane of glass, 24x7x365. Learn more about our cloud-native managed detection and response (MDR) service here.
If your organization is considering Reveal(x), contact us for a no-cost consultation to see if Datashield is right for you.
We have experience migrating, building from scratch and hybridizing cloud security as well as serving as a complete outsourced SOC or co-managed environment.