ExtraHop announced ExtraHop Reveal(x) Cloud, a Software-as-a-Service (SaaS)-based network detection and response (NDR) solution for the cloud-first hybrid enterprise. Reveal(x) Cloud provides deep and continuous visibility, enabling Security Operations (SecOps) teams to analyze every transaction, detect threats, and respond to attacks to gain control over their hybrid attack surface and protect their investment in the cloud.
While the cloud has proven to be a force multiplier for DevOps and IT Ops, for SecOps teams already struggling under the burden of a sprawling attack surface and a shortage of skilled analysts, adopting cloud platforms can be a vulnerability. With SecOps taking the blame for stalled migration efforts, enterprises are recognizing the need to take a cloud-first approach to securing elastic workloads rather than trying to retrofit old practices to new technology design patterns. Without native network visibility in the cloud, enterprises have been limited to log- or agent-centric tools, making it difficult to detect and investigate complex threats in a timely manner due to lack of continuous visibility across all environments.
Reveal(x) Cloud is a SaaS-based solution that provides security teams with a zero-infrastructure service for AWS that deploys quickly, delivers immediate asset discovery, and offers threat detection, investigation, and response. The solution takes advantage of new enterprise features introduced by AWS during AWS re:Inforce 2019, including Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring that supports passive observation of network traffic from cloud workloads, and private network peering that allows for the secure transmission of data between AWS accounts. It also connects natively with AWS data sources, such as Amazon CloudWatch, AWS CloudTrail, and Amazon VPC flow logs.
Reveal(x) Cloud offers a host of features designed to help SecOps teams support the shared responsibility model, protect cloud workloads by ensuring compliance, and deliver security across the hybrid attack surface.
- Automatic Discovery and Classification: Up-to-the-minute visibility and classification across all cloud workloads allows SecOps teams to track rogue instances, prioritize investigations by risk score, and correlate malicious activity and asset criticality to focus on the highest-risk threats.
- Application Layer Decoding:Full support for AWS services, such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Elastic Load Balancing means visibility into behavior, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity.
- Encrypted Payload Visibility:Reveal(x) Cloud decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.
- Rich Integrations:AWS CloudTrail events enrich network-based threat detection with on-box activity (disabled logging, suspicious processes, suspect file execution), while connection with Amazon CloudWatch allows granular tracking of privilege manipulation. Customers can also leverage integrations with orchestration platforms, such as Phantom, ServiceNow, and Palo Alto Networks, to automate response workflows.
ExtraHop Reveal(x) Cloud is now available in preview.