cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ExtraHop boosts response and forensics capabilities for Hybrid Cloud

ExtraHop has announced new features and offerings that provide deep forensic insight for advanced threat response activity.

user icon Nastasha Tupas
Wed, 18 Aug 2021
ExtraHop boosts response and forensics capabilities for Hybrid Cloud
expand image

The Seattle-based company known for cloud-native network detection and response (NDR), is aiming to focus on assisting strapped security teams with the investigation into and remediation of advanced threats with New Reveal(x) 360 Threat Briefings, designed to deliver one-click incident response reports to retroactively investigate critical CVEs and exploits.

To provide highly scalable SaaS-based detection, response, and forensic investigation capabilities, the company has introduced Reveal(x) 360 Ultra Sensors to Amazon Web Services (AWS) workloads.

It's time to think more broadly about the R in NDR, according to Jesse Rothstein, co-founder and CTO, ExtraHop.


"While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organisation’s environment,” Rothstein said.

“The defence and forensics capabilities of our network detection and response solution gives incident responders a true tool for the full spectrum of response from hunting and investigations to remediation, not just another alert cannon.”

According to a recent report by ESG Research, top threat detection and response goals include improving detection of advanced threats (34 per cent) and improving the mean time to respond to threats (29 per cent).

ExtraHop can now provide incident response teams with streamlined workflow and investigative capabilities with forensics so they can better identify their overall threat exposure and reduce mean-time-to-respond (MTTR), according to Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG).

“Today’s sophisticated attacks no longer resemble the smash and grab tactics of the past," Oltsik said.

“Attackers use stealthy techniques to enter networks, land on vulnerable devices, and pivot to their desired targets, all the while watching and waiting."

Incident response teams need better threat detection and response efficacy, especially as it relates to advanced persistent threats that move laterally across networks over extended periods of time.

Blocking and containment is no longer enough for organisations supporting hybrid networks, remote employees, and a general uptick in advanced threats that follow a playbook of landing and pivoting within an organisation, Rajiv Thomas, senior systems engineer, Gas South, added.

“ExtraHop’s focus on response and forensics arms my team with the tools they need for deep investigations, tracking lateral movement to fully understand what has been compromised and for how long,” Thomas said.

ExtraHop is also making forensic data available to AWS customers with ExtraHop Packet Basics, a free packet capture product available exclusively on the AWS Marketplace.

[Related: Phishing attacks quadruple burden on businesses]

Nastasha Tupas

Nastasha Tupas

Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.