What is the ExtraHop SASE security solution?
ExtraHop do not offer a SASE solution. However, they offer real-time network and endpoint threat detection in partnership with CrowdStrike. The solution integrates ExtraHop Reveal(x), and CrowdStrike Falcon Insight to offer clients a combination of endpoint security, network visibility, remediation, and machine learning behavioral threat detection. ExtraHop SASE works as Reveal(x) detects threats that are only visible on the network and automatically notifies CrowdStrike, where compromised devices will be contained. Analysts will use endpoint data collected from CrowdStrike and network data collected from ExtraHop to investigate, validate and appropriately respond to threats.
What ZTNA (Zero Trust Network Access) Solution is Supported by ExtraHop Networks?
ExtraHop do not offer a ZTNA solution, however their Reveal(x) 360 NDR solution enables the visibility required to support the roll out of ZTNA to the network at any phase. The risks and lead time of ZTNA deployment can be reduced when working in tangent with Reveal(x) 360, as the single management pane provides real time insights into users, assets, cloud workloads and across the network.
What CASB (Cloud Access Security Broker) Solution is Supported by ExtraHop Networks?
ExtraHop do not offer a CASB solution, however, Reveal(x) 360 extends NDR to the cloud, offering multi-cloud security solutions for AWS, Azure and Google Cloud (see, How does ExtraHop Networks deliver cloud security?).
What SWG (Secure Web Gateway) Solution is Supported by ExtraHop Networks?
ExtraHop do not offer a SWG solution, however this may be available from a third-party company.
What FWaaS (Firewall as a Service) Solution is Supported by ExtraHop Networks?
ExtraHop offer their partnership with Palo Alto to provide a bundle service which allows users to quarantine compromised devices in Panorama or on a client’s pre-existing Palo Alto firewall. This is carried out in real-time as the ExtraHop Discover appliance identifies alerts. Included in the bundle are two triggers, one for alerts and one for detections. Clients can choose which alerts and detections that they wish to be monitored, as well as the address group where they will be quarantined. The bundle comes with a dashboard that shows clients how many detection and alert events have been sent to the firewall, as well as the IP address of related devices. The bundle also supports Panorama, which is a centralized management system that supports global visibility and allows clients to control multiple Palo Alto Next Generation Firewalls (NGFW) via their web-based interface. The bundle includes:
- Palo Alto as an application.
- The Palo Alto Remediation dashboard.
- Two triggers: Palo Alto Firewall Remediation - Alerts, and Palo Alto Firewall Remediation - Detections.
In order to use this bundle, clients must ensure that they reach the following requirements:
- ExtraHop firmware version 7.5 or later.
- An administrator account for Palo Alto firewall or Panorama - Palo Alto recommend that users create admin accounts for API access.
- Access to the discover appliance with an account that has Unlimited privileges.
Installation advice is available on the ExtraHop website.
What MDR (Managed Detection and Response) Solution is Supported by ExtraHop Networks?
ExtraHop do not offer MDR directly. However, they are one of MDR provider Datashield’s premier partners. The partnership combines the ExtraHop Reveal(x) NDR platform with Datashield’s MDR services, leveraging Datashield’s Security Operations Center (SOC). The solution also integrates with ExtraHop Reveal(x) 360, to bring MDR to the cloud, and offer scalability for client’s looking to move to the cloud. Datashield keep an up-to-date record of all devices that are inside a corporate network. This is augmented by the ExtraHop Network Discovery feature, which learns the behavior of devices within the network to help to identify them. Datashield also offers constant monitoring via their SOC, which is combined with ExtraHop NDR for Threat Detection capabilities.
What NDR (Network Detection and Response) Solution is Supported by ExtraHop Networks?
Reveal(x) Enterprise is a self-managed NDR solution for hybrid network architectures, cloud and containerized applications. The solution helps companies to detect advanced threats, analyze breaches and deliver improved responses through automation and network visibility. This enables network security improvements such as critical asset discovery, hygiene and compliance and automated responses via SOAR as well as performance improvements including real time application analytics, machine learning anomaly detection and more. Please see below for a features breakdown for the ExtraHop NDR solution:
- Automated Inventory: Uses auto discovery to classify all network communications to ensure the inventory is current at all times.
- Automated Investigation: Supports responses to detected threats by offering expert guidance for next steps, as well as attack background, context and risk scoring.
- Confident Response Orchestration: Response workflows can be automated and augmented by integrations such as Palo Alto and Phantom whilst Reveal(x) provides investigative tools and detection of threats.
- Cloud-scale Machine Learning: Reveal(x) uses 5,000+ features covering Layers 2 to 7 to offer predictive modeling and cloud-scale machine learning to protect critical assets by identifying, examining and prioritizing threats.
- Perfect Forward Secrecy Decryption: Uses decryption of SSL/TLS 1.3 with PFS passively to provide real-time monitoring of encrypted traffic to hunt and identify concealed threats.
- Peer Group Detections: Reduces the number of false positive detections when an anomaly is detected as devices are automatically assigned to specific Peer Groups.
The ExtraHop NDR solution is available in various different tiers dependent on enterprise size and cloud capabilities:
- ExtraHop Reveal(x) Essential
- ExtraHop Reveal(x) for Midsize Enterprises
- ExtraHop Reveal(x) Enterprise
- ExtraHop Reveal(x) 360
What XDR (Extended Detection and Response) Solution is Supported by ExtraHop Networks?
ExtraHop Networks do not currently offer a full XDR solution, however their Reveal(x) NDR platform can be integrated with Exabeam Fusion XDR or Exabeam Fusion SIEM to provide faster threat response and develop a more rounded XDR solution. ExtraHop is the only NDR vendor within the XDR Alliance, an open cybersecurity ecosystem of vendors.