ExtraHop brings greater security to cloud environments
ExtraHop has extended the power of Reveal(x) 360 to provide frictionless threat visibility for Amazon Web Services (AWS).
ExtraHop Reveal(x) 360 now applies advanced AI to layers of network telemetry to create a ‘threat heatmap’ purpose-built to detect and stop advanced attacks such as double-extortion ransomware and software supply chain attacks, the company states.
According to ExtraHop, armed with this advanced threat visibility, security teams can zero in on, investigate and remediate hotspots of malicious activity without requiring developer time or resources.
Cloud security teams are outnumbered and the traditional approach of prevent-and-protect can't keep pace with modern advanced attack techniques, ExtraHop states.
According to the IBM-Ponemon Institute 2021 Cost of a Data Breach report, the cost of public cloud breaches far exceeds that of breaches in hybrid environments, costing, on average, $1.19 million more per incident.
Organisations with high levels of cloud migration in general experienced costlier breaches, with the average cost of a breach for cloud-mature organisations hovering at just over $5 million, compared to $3.46 million for organisations with low levels of cloud adoption.
As developers deploy assets at fast pace and adversaries continue to evolve their attacks on mission-critical applications and workloads, enterprises need a low friction, high fidelity approach to defend against advanced post-compromise activities.
ExtraHop co-founder and CTO Jesse Rothstein says, "We live in an era of large attack surfaces and frequent business compromise. Organisations need to assume that attackers are actively operating inside their cloud environment, moving laterally and evading traditional security controls.”
Rothstein says, "ExtraHop Reveal(x) 360 was purpose-built to covertly and reliably detect malicious behaviour. With the introduction of a new subscription tier for AWS, we're expanding our high-fidelity detection, threat hunting, and investigation capabilities in cloud environments without adding friction for dev teams or the organisations that need to innovate with speed and agility."
ExtraHop's new offering expands to include VPC Flow Logs and additional protocol analysis, providing both depth and breadth of visibility for threats in AWS.
VPC Flow Logs are popular for cloud security because of the broad coverage they provide, including in areas of the cloud where capturing packets can be difficult.
While flow logs are a useful data source for monitoring and analysing network traffic, most organisations do not leverage them for real-time analysis, limiting their efficacy, ExtraHop states.
Moreover, gaining access to multiple data sources has historically required using multiple products and user interfaces, which creates friction due to complexity and tool sprawl.
ExtraHop Reveal(x) 360 aims to resolve such challenges by combining real-time analysis of flow logs, packets and protocols in a unified interface providing threat defence for cloud environments. According to the company, it offers the following:
Breadth and depth of detection: Real-time visualisation of threat hotspots across workloads allows security teams to quickly investigate any incident down to root cause. This approach reduces false positives and keeps security teams focused on the highest-priority threats, maximising and scaling scarce analyst resources. Reveal(x) 360 also unifies visibility and threat detection across IaaS, PaaS, container, and serverless environments.
Zero friction for SecOps and DevOps: As an agentless solution, Reveal(x) 360 for AWS deploys without friction and provides broader coverage than agent-based endpoint tools and application logs. Reveal(x) 360 collects and analyses flow log and packet metrics to create a real-time view of all cloud workloads, while AI behavioural detection surfaces the highest priority threats for investigation and remediation in a single management pane.
Lower TCO: The new Reveal(x) 360 sensor deploys without agents and a single instance provides broad, correlated coverage of attack patterns and activity across multiple workloads in a single user interface while reducing total cost of ownership.
IDC program vice president security and trust Frank Dickson comments, "Cloud application developers have zero tolerance for security measures that impinge application performance or slow code development velocity. Pair this with the complexity of microservices-based applications that are easily accessed via APIs and you start to understand the challenges of securing the cloud.
"ExtraHop's ability to ingest both VPC Flow Logs and packets in a single UI for cloud security coverage is a no-brainer. Security teams can illuminate and investigate malicious activity in near real time without requiring developers to make adjustments to code development."