ExtraHop Introduces Threat ID to Keep
Enterprises Ahead of Attackers with Real-Time Threat Detection
Enterprises Ahead of Attackers with Real-Time Threat Detection
New Solution Analyzes
East-West Traffic to Surface Anomalous Behavior, Helping IT Proactively
Identify and Remediate Threats
East-West Traffic to Surface Anomalous Behavior, Helping IT Proactively
Identify and Remediate Threats
SINGAPORE – July 13,
2017 – ExtraHop,
the leader in real-time IT analytics, today announced the release of its new
Threat ID bundle, an extensible plug-in to the ExtraHop platform. ExtraHop
Threat ID analyzes east-west traffic within the datacenter, looking at common threat vectors including certificates, ciphers, DNS, and scans. The
bundle then maps them against known configurations to help improve the security
posture of IT organizations by proactively identifying and managing potential
threats within the environment.
2017 – ExtraHop,
the leader in real-time IT analytics, today announced the release of its new
Threat ID bundle, an extensible plug-in to the ExtraHop platform. ExtraHop
Threat ID analyzes east-west traffic within the datacenter, looking at common threat vectors including certificates, ciphers, DNS, and scans. The
bundle then maps them against known configurations to help improve the security
posture of IT organizations by proactively identifying and managing potential
threats within the environment.
Technology and organizational gaps between IT
and security teams often mean that neither team has the visibility or resources
they need to quickly identify and remediate threats before they turn into a
major breach. ExtraHop bridges this gap with network traffic analytics and the new Threat ID bundle delivering real-time
visibility into suspicious port scans, data exfiltration activity, or
indicators of an active attack that make it past perimeter defenses. Examples of new capabilities
include:
and security teams often mean that neither team has the visibility or resources
they need to quickly identify and remediate threats before they turn into a
major breach. ExtraHop bridges this gap with network traffic analytics and the new Threat ID bundle delivering real-time
visibility into suspicious port scans, data exfiltration activity, or
indicators of an active attack that make it past perimeter defenses. Examples of new capabilities
include:
- Instantly Detect
Suspicious DNS Behavior and Scans: Threat ID surfaces suspicious DNS and
port scanning behavior patterns, allowing users to rapidly identify
potential threats quickly and initiate a targeted investigation. - Proactively
Manage Certificates and Ciphers: Threat ID delivers a complete map of encryption
certificate strength and usage for accurate risk profiling. The bundle
automatically identifies weak ciphers and determines how they are being
used to better assess risk. The bundle also tracks expiring, expired, and
wildcard certificates that could put data at risk or impact service
delivery, and audits usage of non-compliant and outdated transport layer
security protocols such as SSLv3 or TLSv1.0.
Through the ExtraHop integration with
ServiceNow, these types of anomalies
automatically trigger alerts, kicking off a workflow in ServiceNow so security
and IT operations teams can easily quarantine an infected client.
ServiceNow, these types of anomalies
automatically trigger alerts, kicking off a workflow in ServiceNow so security
and IT operations teams can easily quarantine an infected client.
“Organizations recognize that perimeter and
signature-based security are no longer effective on their own,” said Jesse
Rothstein, CTO and co-founder, ExtraHop. “With Threat ID, ExtraHop is
delivering real-time network-level visibility and threat identification that
can help all security stakeholders—from security to IT ops—stay ahead of
potential threats.”
signature-based security are no longer effective on their own,” said Jesse
Rothstein, CTO and co-founder, ExtraHop. “With Threat ID, ExtraHop is
delivering real-time network-level visibility and threat identification that
can help all security stakeholders—from security to IT ops—stay ahead of
potential threats.”
The Threat ID bundle joins
a constellation of extensible plug-ins from
ExtraHop aimed at helping global enterprises improve their security
posture with real-time insight and rapid remediation. The ExtraHop Ransomware bundle analyzes traffic from the SMB/CIFS network protocol to
detect known ransomware file extensions and behavior patterns associated with
the malware. The ExtraHop Active Directory bundle tracks user accounts,
computer accounts, DNS, LDAP, global catalog, and group policy loads to help
ensure security and compliance. Together, the
a constellation of extensible plug-ins from
ExtraHop aimed at helping global enterprises improve their security
posture with real-time insight and rapid remediation. The ExtraHop Ransomware bundle analyzes traffic from the SMB/CIFS network protocol to
detect known ransomware file extensions and behavior patterns associated with
the malware. The ExtraHop Active Directory bundle tracks user accounts,
computer accounts, DNS, LDAP, global catalog, and group policy loads to help
ensure security and compliance. Together, the
Threat ID, Ransomware, and Active Directory
bundles address critical blind spots in today’s IT environments and enable
organizations to quickly enhance their security posture.
bundles address critical blind spots in today’s IT environments and enable
organizations to quickly enhance their security posture.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
