The Winter 2019 release of ExtraHop® Reveal(x)™ improves SOC and NOC analyst productivity through contextual discovery of the enterprise attack surface, full-spectrum detection, and one-click guided investigation for incident response. Advanced detections incorporate device and user context to identify known and unknown threats using an array of machine learning, rule-based, and custom techniques. Detections incorporate suggested next steps and are made actionable through clear evidence, enabling front-line analysts to validate, close, or escalate prioritized events with confidence. Senior analysts get timely detail on users and devices to support rogue device detection, insider threat investigations, threat hunting, and forensics.
Significant features of the Winter 2019 release include:
● User-to-Device Mapping: Easy correlation between users and devices allows analysts to investigate quickly, expediting validation without the need to cross-reference with other tools.
● OS Auto-discovery: Operating system (OS) auto-discovery confirms and compares the OS each device is using with known behaviors of those systems to identify spoofing.
● Enhanced Role Classification: Expanded role auto-classification uses behavior to automatically infer more device types (e.g., mobile device, DHCP server, domain controller or DNS server), and then maintains groupings to keep analysts focused on what matters most.
● Dynamic Device Grouping: Sophisticated device grouping permits users to define complex rules for extensive attributes and behavior to better prioritize monitoring, detection, and triage.
● Advanced Rules Engine: The advanced rules engine immediately detects known threats, policy violations, and risk-based detections.
● Guided Investigation Workflows: One-click guided investigations link each detection to the right next steps, as well as the most relevant device's transaction and behavior details, for instant validation of threats and faster MTTR.
● Expanded Integrations: ExtraHop now integrates with ServiceNow CMDB, QRadar SIEM, and Palo Alto Networks firewalls.
“Forcing analysts to switch between tools or manually pull together disparate data for an investigation increases cognitive load, delay, and the chance of missing a critical piece of evidence,” said Jesse Rothstein, CTO and Co-Founder, ExtraHop. “Our focus in this release is to bring authoritative data about every device's communications, OS, users, and network behavior into a contextual workflow that guides analysts to the right answer immediately.”