ExtraHop integrates with FireEye to defend against advanced persistent threats

ExtraHop has announced an integration of the ExtraHop wire data analytics platform with the FireEye Threat Analytics Platform (TAP). Through this integration, which leverages the ExtraHop Open Data Stream technology to push wire data into FireEye TAP, IT security teams are armed with near real-time attack visibility to more effectively detect and defend against advanced persistent threats.

  • 10 years ago Posted in

In his report “Network Security Trends in the Era of Cloud and Mobile Computing,” Enterprise Strategy Group’s Jon Oltsik notes that “61% of enterprises now divide their network security equally between perimeter and internal networks.” As this new emphasis on securing the internal network grows, IT and security teams are looking to next-generation network monitoring products to stay ahead of threats.

 

The integration of wire data from ExtraHop into the FireEye TAP delivers this next-generation visibility, arming IT security teams with an enriched security dataset, including the events and metrics needed to detect advanced persistent threats. ExtraHop wire data adds a new dimension of context to event streams being fed into TAP, which can then leverage rich insights from FireEye into threat actor profiles and behavior. This critical new data set cannot be sourced from machine or log data, but when combined and correlated together, ushers in a new era of near real-time threat analytics.

 

The integration sends the following crucial events and metrics to the FireEye TAP:

 

· DNS activity, including domain look-ups and possible command-and-control communications

Inbound and outbound HTTP payload data, including MD5 sums and threat signatures
Session tracking, such as unexpected SSH connections, from external or internal clients
Reconnaissance activity as attackers probe internal networks from compromised systems
Real-time data consumption to instantly recognise and alert on abnormal data rates indicating exfiltration from any system at any time

 

“Phishing attacks are one of the most pervasive ways that threat actors use to compromise endpoints," said Steve Pataky, vice president of worldwide channels and alliances at FireEye. “FireEye TAP significantly improves an organisation’s capabilities to detect advanced attacks, and when combined with wire data from ExtraHop, TAP gives incident responders and security teams near real-time, actionable intelligence in a central dashboard where they can quickly identify and respond to the most critical events.”

 

“In less than a year, we’ve witnessed two of the most significant zero day events in history, Heartbleed and Shellshock. The rapid exploitation of these vulnerabilities, along with a number of high-profile data breaches, underscores the need for a more proactive, pervasive approach to IT security monitoring and forensics,” said Erik Giesa, Senior Vice President of Worldwide Marketing and Business Development, ExtraHop. “This integration between ExtraHop and FireEye merges the critical next-gen network intelligence provided by wire data with the industry-leading threat analysis offered by the TAP solution, equipping IT security teams with the most complete visibility and threat detection on the market.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...