The PRWIRE Press Releases https:// 2021-05-14T02:37:38Z ExtraHop Security Advisory: 67 Percent of Enterprise Environments Still Run Protocol Exploited by WannaCry and NotPetya 2021-05-14T02:37:38Z extrahop-security-advisory-67-percent-of-enterprise-environments-still-run-protocol-exploited-by-wannacry-and-notpetya SYDNEY, May 14, 2021 – ExtraHop, the leader in cloud-native network detection and response, has released a security advisory about the prevalence of insecure protocols in enterprise IT environments. The report details the ongoing use of deprecated and insecure protocols, including Server Message Block version one (SMBv1), which was exploited by the WannaCry ransomware variant to encrypt nearly a quarter of a million machines world-wide four years ago today. In early 2021, the ExtraHop threat research team conducted primary research examining the prevalence of insecure protocols in enterprise environments, specifically SMBv1, Link-Local Multicast Name Resolution (LLMNR), NT Lan Manager (NTLMv1), and Hypertext Transfer Protocol (HTTP). The research uncovered alarming usage of these protocols that expose organisations and their customers to considerable risk. SMBv1: This protocol has been exploited for attacks like WannaCry and NotPetya and can quickly spread malware to other unpatched servers across a network. ExtraHop research shows that SMBv1 is still found in 67% of environments in 2021, more than four years after the EternalBlue and related vulnerabilities came to light. LLMNR: LLMNR can be exploited to gain access to the user credential hashes. These credential hashes can be cracked to expose actual login information that gives malicious actors access to sensitive personal and business data. ExtraHop research found that 70% of environments are still running LLMNR. NTLM: Despite the recommendation from Microsoft that organizations cease use of NTLM in favor of the much more secure Kerberos authentication protocol, NTLM is still quite common. Thirty-four percent of enterprise environments have at least 10 clients running NTLMv1. HTTP: When plaintext credentials are transmitted over HTTP, those credentials are left exposed––the internet equivalent of shouting passwords across a crowded room. Despite the risks, data from ExtraHop shows that 81 percent of enterprise environments still use insecure HTTP plaintext credentials. “It’s easy to say that organisations should get rid of these protocols in their environments, but often it’s not that simple. Migrating off SMBv1 and other deprecated protocols may not be an option for legacy systems, and even when it is an option, the migration can trigger disruptive outages. Many IT and security organisations will choose to try and contain the deprecated protocol instead of risking an outage,” said Ted Driggs, Head of Product, ExtraHop. “Organisations need an accurate and up-to-date inventory of their assets' behaviour to assess risk posture as it relates to insecure protocols. Only then can they decide how to remediate the issue or limit the reach of vulnerable systems on the network.” Download the full report here: Security Advisory: Insecure Protocol Usage Exposes Organizations to Cybersecurity Risk. You can learn more about protocols and threat activities associated with them by visiting the ExtraHop Network Protocol Library. About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator. Stop Breaches 84% Faster. Get Started at www.extrahop.com/demo © 2021 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. Vocus New Zealand Selects ExtraHop Reveal(x) To Scale Workforce with Rapid Cybersecurity Network Detection and Response 2021-03-07T22:54:59Z vocus-new-zealand-selects-extrahop-reveal-x-to-scale-workforce-with-rapid-cybersecurity-network-detection-and-response AUCKLAND – 8 March 2021 – ExtraHop, a leader in cloud-native network detection and response, today announced that Vocus New Zealand, a leading provider of specialist fibre and network solutions has deployed ExtraHop Reveal(x) to amplify its security posture with network visibility. Vocus New Zealand (Vocus) has been connecting NZ businesses, government organisations, and consumers with telecommunications and IT services for over 23 years. It offers leading solutions across data centre, cloud, networking, security, and web and is part of the broader ASX-listed Vocus Group. The organisation owns and runs three data centres that house its core infrastructure as well as customer equipment hosted under colocation arrangements. Reveal(x) enables Vocus to support its decentralised workforce with real-time visibility, threat detection, and strong investigation capabilities that extend across its hybrid, multi-cloud environment, including the critical VPN infrastructure that supports its remote workforce. “We wanted to have a detection and response solution that was easy to use and deploy, scalable, and could proactively analyse in real time our corporate network and cloud traffic, as well as identify any anomalies on the VPN from remote users accessing the network,” said Ivan Reutskiy, Security Manager, Vocus New Zealand. ExtraHop Reveal(x) secures enterprises from ever-increasing advanced threats with network detection and response. Using AI and behavioural analytics, Reveal(x) provides complete east-west visibility, real-time threat detection inside the perimeter, and intelligent response at scale to help security organisations stay ahead of the advanced threats like supply chain attacks, zero days, and APTs. “From the initial stages of the proof of concept, we were impressed with the feature functionality of ExtraHop Reveal(x),” said Reutskiy. “The fact that Reveal(x) could provide visibility across our hybrid environment, give us critical insight into encrypted traffic, and use that data to deliver high-quality alerts and detections set it apart.” “Many organisations are compromised without realising it despite having firewalls and AV products. However, ExtraHop provides enterprises with visibility in real-time, enabling you to respond quickly to incidents. After all, if you can detect something fast and you have response processes in place, it might be the difference between a low impact and high impact breach.” Reutskiy added, “ExtraHop ticked all the boxes we were looking for on the security side, and it also helps us stay proactive on the operations side. We can use it to identify expired certs, monitor legacy applications, and ensure that VPN connections are both secure and reliable for our users.” To try ExtraHop Reveal(x) for yourself, check out the live interactive online demo. To hear more from ExtraHop customers, visit the Customer Stories page. About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator. Stop Breaches 84% Faster. Get Started at www.extrahop.com/freetrial © 2021 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ExtraHop Ranked Third for 2019 Market Share in Network Intelligence and Threat Analytics 2021-02-24T22:14:29Z extrahop-ranked-third-for-2019-market-share-in-network-intelligence-and-threat-analytics Seattle – February 23, 2021 – ExtraHop, the leader in cloud-native network detection and response, today announced that it was ranked third for 2019 market share by IDC as part of its recently released report: “Worldwide Network Intelligence and Threat Analytics Market Shares, 2019: How The Network Is Used To Unmask the Adversary (https://www.extrahop.com/resources/analyst-reports/idc-market-share/) The research assessed the Network Intelligence and Threat Analytics (NITA) Market , which the authors state “roughly tracks to a more common industry acronym: network detection and response (NDR).” Thirty-three vendors are included in the research, with IDC estimating that the category has now reached over US $1.3 billion in annual revenue, growing 24 percent year-over-year. The top three vendors in the report by revenue, including ExtraHop, account for over a third of that total revenue. The growth experienced by ExtraHop outpaced the category overall, with 42 percent year-over-year growth. "What seems like a natural extension of the network is that the mobility of data, the actions of users, and performance-related criteria could be turned on its head to be used to find indicators of compromise (IoCs), and chart the path of the adversary," says Chris Kissel, research director, Security and Trust Products at IDC. "What has been somewhat surprising is that by way of extending the network to include work-from-home employees, network intelligence and threat analytics (NITA) vendors have been a large part of the cybersecurity stack in 2020." ExtraHop Reveal(x) secures enterprises from ever-increasing advanced threats with network detection and response. Reveal(x) provides complete east-west visibility, real-time threat detection inside the perimeter, and intelligent response at scale to help security organisations stay ahead of the advanced threats like supply chain attacks, zero days, and APTs. "As advanced threats continue to evolve and evade traditional tools, security leaders are seeking new approaches to improve visibility, detection, and response," said Sri Sundaralingam, VP of Security and Cloud Solutions at ExtraHop. "The growth of the NITA –– or NDR –– category, underscores the unique value that the network vantage point can provide for security teams especially as resources move to the cloud, remote sites, and even the home office." Download the IDC study excerpt titled: Worldwide Network Intelligence and Threat Analytics Market Shares, 2019: How the Network Is Used to Unmask the Adversary. IDC, Worldwide Network Intelligence and Threat Analytics Market Shares, 2019: How the Network Is Used to Unmask the Adversary, December 2020, IDC #US46351020ee About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator. Stop Breaches 84% Faster. Get Started at: www.extrahop.com/freetrial © 2021 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ENDS ExtraHop Data Shows 150 Percent Increase in Suspicious Network Activity During Peak of SUNBURST Attack 2021-02-11T23:52:08Z extrahop-data-shows-150-percent-increase-in-suspicious-network-activity-during-peak-of-sunburst-attack SEATTLE – February 11, 2021 – ExtraHop, the leader in cloud-native network detection and response, today released a security report offering an in-depth look at the methods cybercriminals used to evade detection during the months before the SolarWinds SUNBURST exploit was discovered. The report also reveals significant increases in suspicious network activity that went largely ignored due to the privileged and trusted status of SolarWinds within the IT environment. As part of the report, ExtraHop also released an expanded list of over 1,700 SUNBURST indicators of compromise (IOCs) as observed across affected environments protected by Reveal(x), critical information that can help organizations determine if and to what extent they’ve been compromised. During its own investigation, and through its work with customers to help detect and remediate the SUNBURST exploit, ExtraHop threat researchers found that between late March 2020 and early October 2020, detections of probable malicious activity increased by approximately 150 percent. These detections which included lateral movement, privilege escalation, and command and control beaconing, evaded the more traditional detection methods like endpoint detection and response (EDR) and antivirus. Activity patterns outlined in the report indicate that the SUNBURST attackers were successful in flying under the radar of these detection methods either by disabling them, or by redirecting their approach before they could be detected. “Unfortunately, what we found when investigating SUNBURST is that the activity was actually detected on the network,” said Jeff Costlow, Deputy CISO, ExtraHop. “But because other detection methods weren’t alerting on the activity, it largely went ignored. In this case, the attack was strategically designed to evade those detections, and we can expect more similar attacks to follow. It’s an important reminder that the network doesn’t lie.” In addition to shedding new light on how the SUNBURST attackers were able to dwell within the network unchecked for so long, the report delves into several case studies on how ExtraHop customers investigated and remediated the exploit within their own environments. The case studies include details on how customers were able to use historical metrics to determine the duration of the compromise, as well as which systems and data may have been impacted. Download the full report here: Security Report: Lessons Learned Investigating SUNBURST Software Supply Chain Attack. For additional information on SUNBURST, please read our blog for a deep dive on the topic and read more here for our list of 1700+ IOCs. About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator. Stop Breaches 84% Faster. Get Started at www.extrahop.com/freetrial © 2021 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ENDS ExtraHop Expands Network Detection and Response Capabilities in Asia Pacific Region 2021-02-07T22:42:37Z extrahop-expands-network-detection-and-response-capabilities-in-asia-pacific-region SYDNEY – 8 February, 2021 – ExtraHop, a leader in cloud-native network detection and response, today announced new data centre investments in Australia to enhance access to its cloud-native security platform, Reveal(x) 360, across the Asia Pacific region. Reveal(x) 360 (Reveal(x) 360) is network detection and response built to secure modern enterprises against increasingly advanced threats. Reveal(x) 360 sensors can be deployed in any cloud or on-premises environment to provide complete visibility, real-time threat detection, and intelligent response across multi-cloud and hybrid deployments. With zero management overhead and an on-demand consumption model, Reveal(x) 360 makes it easy to scale to meet organisational security requirements. With the addition of new data centre facilities in Australia to host Reveal(x) 360 locally, ExtraHop delivers higher availability and reduced latency while ensuring that customers preserve the sovereignty of their data.David Sajoto, ExtraHop’s Vice President of Asia Pacific and Japan, said, “Organisations around the world are rethinking their approach to security as advanced threats like APTs and software supply chain attacks take a financial and reputational toll. At ExtraHop, we’re committed to providing our customers with the machine learning-backed detection and response capabilities that put public and private sector security teams back in the driver’s seat when it comes to protecting their organisations. That commitment includes investing in the markets we serve to ensure that our customers have access to high-availability, low-latency security capabilities that meet local standards for data sovereignty and protection. This investment affirms our commitment to the region and our customers.”Reveal(x) 360 is available immediately in the Asia Pacific region. To experience Reveal(x) 360, check out the live interactive online demo: https://www.extrahop.com/demo/About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator.Stop Breaches 84% Faster. Get Started at www.extrahop.com/demo.© 2021 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ExtraHop Achieves AWS Security Competency Status 2020-10-29T00:47:52Z extrahop-achieves-aws-security-competency-status SEATTLE – Oct. 28, 2020 – ExtraHop, a leader in cloud-native network detection and response, today announced it has achieved Amazon Web Services (AWS) Security Competency Status for Reveal(x) 360. This designation recognises the company’s demonstrated technical proficiency and proven ability to help customers secure workloads, applications, and data on AWS at the speed and scale of the cloud. “Earning AWS Security Competency status is a significant step in our commitment to helping our customers achieve their cloud security goals,” said Raja Mukerji, Chief Customer Officer and Co-founder, ExtraHop. “Enterprises are leveraging the cloud to accelerate digital business initiatives, and security teams find themselves in the challenging position of establishing visibility and control without adding friction to DevOps. By working with AWS, ExtraHop enables our customers to confidently and securely take full advantage of the speed, agility, and innovation unleashed by the cloud.” ExtraHop Reveal(x) 360 is a SaaS-based solution that helps organisations running on AWS discover, investigate, and respond to hidden security threats across the hybrid enterprise. Reveal(x) 360 provides the “ground source of truth” in the cloud with deep visibility, real-time threat detection, and intelligent response capabilities. By natively integrating with Amazon Virtual Private Cloud (Amazon VPC) Traffic Mirroring, Reveal(x) 360 provides agentless visibility - including into SSL/TLS encrypted traffic—with no impact to the development process. Reveal(x) 360 uses advanced machine learning and behavioural analysis, leveraging metadata extracted from cloud traffic, to accurately identify anomalous behaviours and malicious activity whenever they occur within or across the cloud. ExtraHop continually brings industry-leading security technology to customers, and the latest Reveal(x) 360 updates improve cloud visibility, real-time threat detection, and response capabilities for cloud and hybrid deployments. Examples include: Faster triage of cloud related threats: Automatic discovery and grouping of cloud services enables security teams to quickly discover and examine unusual cloud activity such as large amounts of data moving out of Amazon S3 buckets or suspicious IP addresses accessing AWS services.Rapid discovery of insider attacks and advanced persistent threats (APTs) targeting public cloud user environments: Reveal(x) 360 uses advanced machine learning, real-time threat intelligence, and behavioural analysis to discover unauthorised behaviour indicative of APTs or, for example, suspicious activity by authorised AWS users.Improved cloud security posture and reduced risk: Continuous monitoring and correlation of activity between cloud services, private cloud, and on-premises data centres enables faster discovery and remediation of attacks across multiple environments or moving between on-premises and cloud resources. AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Consulting and Technology Partners with deep industry experience and expertise. For more information, visit: ExtraHop Security for AWS, the ExtraHop blog, and request a free trial of Reveal(x). About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator. Stop Breaches 84% Faster. Get Started at: www.extrahop.com/freetrial ExtraHop Customers Experience 84 Percent Reduction in Time to Resolve Threats According to Independent Research Firm Analysis 2020-10-18T22:42:03Z extrahop-customers-experience-84-percent-reduction-in-time-to-resolve-threats-according-to-independent-research-firm-analysis SYDNEY – Oct 19, 2020 – ExtraHop, the leader in cloud-native network detection and response, today announced survey results of “The Total Economic Impact™ of ExtraHop Reveal(x).” The commissioned survey conducted by Forrester Consulting on behalf of ExtraHop reveals that ExtraHop customers benefit from “an 84 percent decrease in time to threat resolution, US $700,000 annual savings in tools consolidation, and 165 percent return on investment.” According to the study, ExtraHop provides measurable benefits for businesses including significant reductions in unplanned downtime, time spent troubleshooting, and time spent detecting and resolving security threats. Forrester’s analysis of the benefits concluded that ExtraHop customers receive “a 50 percent decrease in time to threat detection, and a 99.6 percent reduction in time to troubleshoot applications.” Findings from the study include:Improved time to threat detection and resolution: ExtraHop Reveal(x) decreased time to threat detection by 50 percent, and time to threat resolution by 84 percent. Improved efficiency responding to unplanned network outages: After implementing Reveal(x), unexpected network outages decreased by 90 percent and the time to solve any unplanned network outages decreased 92 percent. Improved time to troubleshoot applications: Reveal(x) decreased time to troubleshoot applications by 99.6 percent, from 40 hours to a matter of minutes for each application failure. Reduced cost of third-party security solutions: A subset of customers reported the ability to consolidate tools and decommission legacy security solutions, saving as much as US $700,000 annually.Additional revenue and productivity from improved uptime: Interviewees reported that the additional network and application uptime from Reveal(x) resulted in increases to both revenue and employee productivity.For the purposes of this study, Forrester interviewed five ExtraHop customers across industries with experience using Reveal(x) and aggregated the experiences into a single composite organisation. Prior to using Reveal(x), the customers were using a combination of packet capture tools, endpoint detection and response (EDR) products, and security information and event management (SIEM) solutions. “We had SIEM, but there were always holes in that information. We added EDR, and there were still certain bits of information missing,” said the SVP of global infrastructure in the financial services sector. “We didn’t get the full picture until investing in ExtraHop Reveal(x).” In a crowded cybersecurity market, the survey notes ExtraHop’s customers reported “significantly enhanced network visibility” and the “clarity needed not only to detect and respond to security threats at a much faster rate”, but also to “analyse end-user behaviour and detect anomalies that could pose a threat”, and to “monitor and troubleshoot both application and network performance.” To Learn more about the Forrester TEI study, join a webinar featuring Forrester analyst, David Holmes on Tuesday, October 20, 2020 at 8 am PT (available on demand after) titled: Improving Incident Response Time By 84%: A Forrester TEI Survey. To download the entire Forrester Total Economic Impact study click here: https://www.extrahop.com/resources/analyst-reports/forrester-tei-study-success/ About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator. Stop Breaches 84% Faster. Get Started at:http://www.extrahop.com/freetrial © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ENDS ExtraHop Threat Research Team Finds One in Three IT Environments Vulnerable to Ripple20 Threat 2020-09-11T01:14:10Z extrahop-threat-research-team-finds-one-in-three-it-environments-vulnerable-to-ripple20-threat SEATTLE – September 10, 2020 – ExtraHop, the leader in cloud-native network detection and response, today issued a report warning of the potential impact of the Ripple20 vulnerabilities if affected software goes undetected and unpatched. Analysing data across its customer base, ExtraHop threat researchers found that 35% of IT environments are vulnerable to Ripple20. The Ripple20 threat is a series of 19 vulnerabilities found in the Treck networking stack, a low-level TCP/IP software library developed by Treck Inc. that is commonly used by device manufacturers across many industries, including utilities, healthcare, government, and academia. The impact of this threat “ripples” through complex software supply chains, making it a difficult vulnerability to mitigate. The JSOF threat research organisation found the Ripple20 vulnerability (CVE-2020-11901) in June 2020, and unveiled the details to impacted device manufacturers and security vendors to give them ample time to deploy patches and create detections before releasing their findings to the general public. The ExtraHop threat research team studied customer data and discovered vulnerable software in one out of every three IT environments. With industry average dwell times hovering around 56 days, these devices are a ticking time bomb if left alone. ExtraHop experts predict that this exploit will be widely used by attackers as an easy backdoor into networks across industries around the globe.Click to Tweet: ExtraHop data shows one out of every three IT environments at risk for Ripple20 vulnerability, recommends immediate mitigation action. Read the report for more: https://bit.ly/2FlyP0W “The devices that utilise the Treck stack are far-reaching with the potential for vast exploitation,” said Jeff Costlow, CISO, ExtraHop. “A threat actor could conceivably use this vulnerability to hide malicious code in the embedded devices for an extended period of time, and traditional endpoint or perimeter security solutions like EDR or NGFW will not have visibility into this set of exploits.” Visibility and behavioural analysis of managed and unmanaged devices, including IoT, and visibility into unusual activity from potentially exploited devices within an organisation’s east-west traffic, are table stakes for a secure network. Organisations can take a number of steps to help mitigate the risk from Ripple20. ExtraHop mitigation recommendations include:Patching: Vendors utilising the Treck Software were given early access to the threat details so they could start producing patches immediately. Unfortunately, a large number of devices have discontinued support which has made it difficult to account for all vulnerable device makes and models. Removal from Service: If a patch is unavailable for the affected device, it’s recommended that organisations consider removing devices from service entirely and replacing them with known secure devices. Removing the device will improve hygiene and compliance, critical for keeping environments secure. Monitor for Scanning Activity: Before a vulnerable device can be compromised, attackers must first find it. Organisations will need to assess their own practices to understand and monitor which scans are legitimate and which could indicate malicious intent. Exploit Detection: Because not all vulnerable devices may be identified and patched, it is crucial that organisations detect unusual activity resulting from a Ripple20 exploit as it occurs, such as lateral movement and privilege escalation. Network-based detection is a requirement in this case because embedded devices that use the Treck software will not support endpoint agents. Isolate Vulnerable Devices: In circumstances where it is not possible to patch affected devices, it is recommended that security teams take the following steps:Verify devices are not publicly accessibleMove devices to a network segment isolated from local subnetsDrop all IP-in-IP traffic destined for affected devicesDrop all IPv6 traffic destined for affected devices Note on the research:Data privacy is one of the fundamental questions of our age. ExtraHop passively monitors every interaction on the network then extracts de-identified metadata to be processed by cloud-based machine learning. So, while we can clearly see how prevalent Ripple20 is across the infrastructures we monitor, we do not link that data to any specific customer. For more information on Ripple20, download the full security advisory: https://www.extrahop.com/resources/whitepapers/ripple20-security-advisory/ or read our blog: https://www.extrahop.com/company/blog/2020/ripple20-vulnerable-devices-and-attacks/ About ExtraHopExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyses all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behaviour and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator. Stop Breaches 84% Faster. Get Started at:http://www.extrahop.com/freetrial © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ExtraHop Listed as a “Representative Vendor” in Gartner’s Market Guide for Network Detection and Response 2020-06-17T23:57:17Z extrahop-listed-as-a-representative-vendor-in-gartners-market-guide-for-network-detection-and-response SEATTLE – June 17, 2020 – ExtraHop, provider of cloud-native network detection and response, today announced that it has been identified as a Representative Vendor in the second annual Gartner "Market Guide for Network Detection and Response” (NDR) report. “Enterprises should strongly consider NDR solutions to complement signature-based tools and network sandboxes. Many Gartner clients have reported that NDR tools have detected suspicious network traffic that other perimeter security tools had missed,” wrote Gartner analysts Lawrence Orans, Jeremy D’Hoinne, and John Chessman. Click to Tweet: ExtraHop Named as a Representative Vendor in the 2020 Gartner “Market Guide for Network Detection and Response”: https://bit.ly/37yevUf “We live in a post-compromise world in which prevention-based approaches to security leave organisations woefully unprotected,” said Bryce Hein, CMO, ExtraHop. “With the rise of multi-cloud environments, the proliferation of IoT devices, and increasingly distributed operations, the ability to analyse East-West traffic is now a must have. ExtraHop’s powerful combination of full-spectrum detection, advanced investigation, and intelligent response capabilities have quickly established Reveal(x) as the go-to network detection and response solution.” ExtraHop Reveal(x) provides the visibility, speed, and scale enterprise security teams need to secure complex hybrid and multi-cloud environments against advanced multi-stage attacks. Our approach uses stream processing to auto-discover and classify every transaction, user, session, device, and asset in the hybrid enterprise at up to 100 Gbps, with line-rate SSL/TLS decryption and continuous packet capture. ExtraHop Reveal(x) also uses the scalable computing resources of the cloud for ML and AI, applying millions of models to over 5,000 features of data derived from 4-plus petabytes of anonymized threat telemetry collected from more than 15 million devices and workloads worldwide every day. With the recently introduced Reveal(x) 360, ExtraHop now offers network detection and response as a fully hosted and managed SaaS solution. To download the full 2020 Gartner Market Guide for Network Detection and Response, click here: https://www.extrahop.com/lp/gartner-ndr-market-guide/ To learn more about Reveal(x) 360 click here: https://www.extrahop.com/products/cloud/ and watch the video here: https://extrahop-1.wistia.com/medias/dg4ckn1e0t Source: Gartner “Market Guide for Network Detection and Response” by Lawrence Orans, Jeremy D’Hoinne, and John Chessman, June 11, 2020. Required Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About ExtraHop ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to all cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world's leading enterprises including The Home Depot, Credit Suisse, Liberty Global and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo or connect with us on LinkedIn and Twitter. © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ENDS ExtraHop Partners With CrowdStrike to Deliver Cloud-Native Threat Detection from the Network to the Endpoint 2020-06-03T22:56:43Z extrahop-partners-with-crowdstrike-to-deliver-cloud-native-threat-detection-from-the-network-to-the-endpoint SEATTLE — June 3, 2020 — ExtraHop, the leader in cloud-native network detection and response, today announced a partnership with CrowdStrike, a leader in cloud-delivered endpoint protection. The partnership includes the powerful integration between ExtraHop® Reveal(x)™ and CrowdStrike Falcon®, marrying best-of-breed cloud-native detection and response capabilities to provide protection from the network to the endpoint. As businesses and government agencies have transitioned employees to remote work and moved more of their operations off premises, it has exposed gaps in availability, access, and security. Adversaries around the world quickly took advantage of the chaos, exploiting misconfigured remote desktop protocol vulnerabilities and ramping up phishing scams. With cloud adoption surging and a major spike in the use of personal computing devices for work, it is more critical than ever for organisations to maintain a clear picture of managed and unmanaged devices on their network, as well as determine which are being adequately monitored and secured. The integration between ExtraHop Reveal(x) and CrowdStrike Falcon merges complete network visibility, machine learning behavioural threat detection and real-time decryption of SSL/TLS sessions to extract de-identified metadata for analysis. This approach provides joint customers powerful endpoint security and instant remediation of threats. Real-time Detection: The integration allows security teams to rapidly detect threats observed on the network such as network privilege escalation, lateral movement, suspicious VPN connections, data exfiltration and more. It also helps thwart those occurring on the endpoint, including ransomware, local file enumeration, directory traversal, and code execution. This provides complete coverage across the entire attack surface. Instant Response: When Reveal(x) detects urgent threats it notifies the Falcon platform to contain the impacted devices ensuring analysts can rapidly investigate and resolve threats. This cuts off access to network resources and endpoints before a security incident can turn into a breach. Continuous Endpoint Visibility: With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats, even on devices where the CrowdStrike agent is not yet present. This alerts CrowdStrike customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents. “Over the past five years, the security industry has undergone a seismic shift from a model of purely ‘prevention and protection’ to one that additionally delivers detection and response,” said Raja Mukerji, ExtraHop co-founder and Chief Customer Officer. “CrowdStrike and ExtraHop have been at the forefront of that shift, arming security organisations with the situational awareness and control they need to protect businesses and consumers in a perimeterless world. With this partnership and integration, our customers can now detect and respond to every threat from the core to the edge and everywhere in between.” “The threat environment continues to grow in complexity as sophisticated cyber adversaries advance their attack techniques, evading security controls and gaining access to corporate networks,” said Matthew Polly, Vice President of Worldwide Business Development and Channels at CrowdStrike. “Comprehensive visibility and real-time threat detection that allow for fast investigation and response at scale are imperative for organisations to spot and stop threats quickly. Through this partnership, CrowdStrike and ExtraHop are providing customers the ability to identify and respond to malicious activity across the entire attack surface with a fully cloud-native integration that allows them to adapt with speed and agility.” "Sirius is excited to partner with ExtraHop and CrowdStrike to help provide a complete solution for integrating both network and endpoint detection and response,” said Jeremiah Cruit-Salzberg, Senior Director and Security Technologist at Sirius. "This integration provides complete network and endpoint visibility for clients, while helping them automate their response to any issues identified on the network." “Around the globe, we see organisations working hard to keep up as threats grow more sophisticated, allowing cyber adversaries to set the pace,” said Alex Dodd, Head of Networking and Security at Computacenter. “As such, we are constantly working to collaborate with cyber security leaders like ExtraHop and CrowdStrike who can not only deliver at the speed customers now require but execute the desired business outcomes in every aspect of an organisation.” For more information on the ExtraHop and CrowdStrike integration, visit the partnership page: http://www.extrahop.com/partners/tech-partners/crowdstrike or sign up for the upcoming wbeinar: https://www.brighttalk.com/webcast/14671/412968 CrowdStrike® and CrowdStrike Falcon® are the trademarks and/or registered trademarks of CrowdStrike, Inc. About ExtraHop ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global, and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo: https://www.extrahop.com/demo or connect with us on Linkedin: https://www.linkedin.com/company/extrahop-networks and Twitter: @ExtraHop © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x)360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ENDS ExtraHop Data Shows Shifts in IoT Device Usage During COVID-19 Have Broad Security Implications 2020-05-07T02:15:38Z extrahop-data-shows-shifts-in-iot-device-usage-during-covid-19-have-broad-security-implications-1 SEATTLE – May 6, 2020 – ExtraHop, the leader in cloud-native network detection and response, today issued a report detailing rapid substantial changes in device usage trends as businesses shifted their operations in March due to COVID-19. The report also warns of the security complexity and risks posed by connected devices—both those used by employees at home, and those left idle but connected to the office network. While there are many lenses through which to explore the ways in which COVID-19 is reshaping business operations, connected devices - including internet of things (IoT) devices—and the ways in which people and organisations interact with them tell a story all their own. Using anonymised, aggregate data from across its global user base, ExtraHop analysed business-related device activity during a one week period at the end of March 2020. This data was compared to activity from a similar study of the same global user base conducted in November 2019. The results reveal not only patterns that illuminate the state of work during the COVID-19 crisis, but also the long-term security implications of a distributed workforce. Key findings from the report include: Steep Decline in Connected Devices at the Office Raises Concerns About Questionably Secure Local Networks: ExtraHop observed a 65 percent decline in the number of laptops and a nearly 70 percent decline in the number of smartphones connecting directly to corporate networks in March 2020. That said, the fact that these devices are no longer connected to the corporate network doesn’t mean they’re not connected at all. Employees are still accessing corporate resources, often relying on questionably secure local networks that lack the safeguards of the office network and thus are more exposed to malware Vast Majority of Office Phones and Printers Are Still Plugged In, Exposing Risk: The number of connected IP phones declined by just 7.5 percent, indicating that many of these devices remain on and connected even when no one is using them. According to ExtraHop data, nearly 25 percent of those VoIP devices are Cisco IP phones, for which a critical vulnerability (CVE-2020-3161) was announced in April. Printers – at high risk for vulnerabilities and one of the most common targets of hackers – showed even smaller declines in connectivity, dropping by just 0.53 percent. Spike in Physical Security Cameras: Connections from security cameras increased by 47 percent in March, indicating that many organizations are taking additional precautions against physical intrusion or nefarious activity. Unfortunately, these devices can also expose organizations to cyber risk. Like IP phones and printers, they often have vulnerabilities and have been observed phoning data home (https://www.extrahop.com/resources/whitepapers/eh-security-advisory-calling-home/) And Don’t Forget the Treadmills: The connections to the network from treadmills declined 100% when office gyms were some of the first aspects of office life to close down. But the connectivity of treadmills underscores the extent to which every device is now a connected device. IT and security departments now have a much broader attack surface to secure — even the office gym. “The almost overnight shift to remote work required a massive effort just to ensure the availability of applications and critical resources for employees outside the office,” said Sri Sundaralingam, Vice President, Cloud and Security Solutions at ExtraHop. “For many organisations, the management of IoT and other connected devices may have been an afterthought, or at least something they didn’t anticipate having to handle long term. As availability and security issues surrounding remote access become more settled, this needs to be an area of focus.” Click here to download the complete report: Connected Devices in the Time of COVID-19: https://www.extrahop.com/resources/whitepapers/connected-devices-security-report-direct/ Click here for more resources to help support The New Realities of IT: https://www.extrahop.com/resources/remote-access/ ### About ExtraHop ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to all cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global, and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo (https://www.extrahop.com/demo/) or connect with us on Linkedin (https://www.linkedin.com/company/extrahop-networks/) and Twitter (@ExtraHop). © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) Cloud, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ExtraHop and SANS Institute Survey Finds Huge Gaps in Security Visibility During Large-Scale Shift to Remote Work 2020-04-22T02:20:40Z extrahop-and-sans-institute-survey-finds-huge-gaps-in-security-visibility-during-large-scale-shift-to-remote-work SEATTLE – APRIL 21, 2020 – ExtraHop, the leader in cloud-native network detection and response, today announced the results of a SANS Institute survey, Network Visibility and Threat Detection. According to the report (https://www.extrahop.com/resources/analyst-reports/sans-network-visibility-and-threat-detection-survey) more than 64 percent of respondents reported suffering at least one successful attack within the last year, and 59 percent believe a lack of network visibility poses a high or very high risk to their operations. Perhaps most concerning in light of the recent large-scale shift to remote work, 44 percent of respondents see employee desktops as the most likely attack vector. As enterprise organisations and government agencies grapple with how to enable, manage, and secure newly distributed remote workforces, network visibility is more critical than ever as they adjust to the new IT reality. The survey exposes key gaps in enterprise security, including that 98 percent of respondents are concerned about their ability to see into encrypted traffic, while over 80 percent identified east-west traffic and network connected devices as areas of opacity. "Having visibility of every device and how they are meant to behave on your network is crucial to understanding what constitutes normal traffic and what could be considered a deviation," writes survey author Ian Reynolds. Bryce Hein, SVP of Marketing at ExtraHop, concurs. "At a time when organisations are rapidly transitioning to remote work and cloud usage is surging, network visibility has never been more critical," said Hein. "Organisations need to be able to see into east-west traffic to identify threats in the growing number of cloud workloads, as well as get visibility into which devices are accessing enterprise resources. The fewer tools, less time, and less friction required to get that visibility, the better." In addition to identifying critical gaps in network visibility, key survey findings include: - Growing complexity within the enterprise environment. Over 93 percent of respondents indicated that they manage more than a thousand endpoints, and almost 90 percent manage between hundreds to thousands of servers. - Lack of cloud visibility affects security posture. 40 percent of respondents identified cloud-based systems as a potential entry point for malicious actors. At the same time, only 17 percent reported high visibility into their lateral communication inside their network (east–west traffic), including all cloud traffic. - Need to reduce tool sprawl. The majority of companies use tooling from more than 10 vendors, with nearly one-fifth utilizing more than 20. 68 percent of respondents expressed a desire to reduce the complexity of their systems by reducing the overall number of tools involved in their operations. The survey also found that, while organisations want more network visibility, there are operational impediments. Lack of staff (62 percent), lack of time - including having other issues with greater importance—(51 percent) and lack of appropriate skills in the existing staff (46 percent) were the leading concerns. According to Reynolds, machine learning will play a key role in overcoming these challenges. "Choose tools that use machine learning to provide improved analytics for access to the right data in less time," he writes. "This might assist in meeting staffing concerns and provide faster resolution of unexpected behaviours, threats and incidents." To download the complete SANS Institute survey titled Network Visibility and Threat Detection, click here: https://www.extrahop.com/resources/analyst-reports/sans-network-visibility-and-threat-detection-survey/ Watch the on-demand SANS Institute Webinar on the survey here: https://www.extrahop.com/resources/webinars/cybersecurity-spending-survey/ About ExtraHop ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global, and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo: https://www.extrahop.com/demo or connect with us on Linkedin (https://www.linkedin.com/company/extrahop-networks/) and Twitter (@ExtraHop) © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) Cloud, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ExtraHop Extends Cloud-Native Detection & Response Leadership with Industry’s First Fully Integrated Hosted NDR Solution for Hybrid Enterprises 2020-03-03T08:18:45Z extrahop-extends-cloud-native-detection-response-leadership-with-industrys-first-fully-integrated-hosted-ndr-solution-for-hybrid-enterprises Sydney, 4 March 2020 — ExtraHop, the leader in cloud-native network detection and response, today accelerated its market leadership with new capabilities that provide 360-degree threat visibility, detection, and response across multi-cloud, datacentre, and IoT deployments in a single hosted solution. With ExtraHop® Reveal(x) Cloud™, security operations teams can harness the power of the cloud to eliminate friction in finding and addressing threats across workloads, reduce tool sprawl associated with multi-cloud and hybrid cloud deployments, and accelerate adoption of network detection and response (NDR) within their organisations. Today, more than 85 percent* of organisations have workloads running in multiple cloud environments. By next year, it will be 98 percent*. At the same time, the proliferation of IoT devices and the deployment of IT infrastructure across remote sites has vastly expanded the enterprise attack surface beyond cloud and data centre deployments. Those challenges are compounded by the exponential increase in tooling and agents required to monitor and manage these deployments, particularly cloud workloads and IoT. Security operations teams have long viewed the cloud as part of the problem; with its latest features, ExtraHop is turning cloud into the solution. Reveal(x) Cloud is the first and only cloud-delivered, cloud-agnostic, and cloud-intelligent NDR platform providing immediate value and continuous protection across the entire attack surface. For the first time, SecOps teams can manage detection, investigation, and response via an integrated workflow with a SaaS-based solution that scales to the demands of the business. This cloud-native model removes points of friction for security operations itself, helps to break down silos between security, IT, and cloud infrastructure teams, and gives them the tools they need to move with the speed and agility the business demands. Cloud Delivered: Reveal(x) Cloud reduces friction and accelerates time to value with a fully hosted NDR solution. The SaaS offering aggregates and analyses data from sensors deployed across networks in data centres, remote offices, and multi-cloud environments, and it surfaces information in a single UI for seamless management across workloads. ExtraHop automatically updates detectors, threat intelligence feeds, and IoT profiles via the cloud, eliminating the need for manual intervention to ensure that policies or software on sensors are up to date. Cloud Agnostic: Reveal(x) Cloud integrates with AWS Traffic Mirroring, Google Cloud Packet Mirroring, and Microsoft Azure to deliver visibility, threat detection, and response capabilities across major cloud providers – as well as data centres and remote sites – in a single, SaaS-based management pane. This cloud-agnostic approach supports collaboration between security, IT, and cloud teams for better threat response across multi-cloud and hybrid deployments. Cloud Intelligence: Reveal(x) Cloud leverages the scale and scope of the cloud to provide 360-degree visibility and situational awareness across datacentre, remote site, multi-cloud, and IoT environments to monitor and respond to threats. Real-time intelligence derived from petabytes of anonymised threat telemetry collected daily makes our cloud-based machine learning uniquely reliable – all without impacting sensor performance. Cloud-scale ML provides more than 1 million predictive models for a typical enterprise deployment to identify suspicious behaviours and potential threats. A cloud record store provides streamlined investigation with index record search and query of data from every segment of the hybrid environment. “Organisations should be able to easily secure their workloads across public, private, and hybrid clouds without requiring multiple tools or creating a management headache,” said Jesse Rothstein, ExtraHop co-founder and CTO. “ExtraHop takes advantage of the virtually unlimited compute resources of the cloud to perform machine learning at scale across more than 15 million devices – and over four petabytes of threat telemetry per day – across our customer base to deliver global intelligence to prepare every security team, from the large enterprise to the midmarket, to handle both present and future threats.” Reveal(x) Cloud for multi-cloud and hybrid cloud environments will be available in May 2020. Reveal(x) Cloud for AWS workloads is currently available on AWS Marketplace: https://aws.amazon.com/marketplace/pp/B081B6TVT6 About ExtraHop ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global, and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo: https://www.extrahop.com/demo/ or connect with us on Linkedin (https://www.linkedin.com/company/extrahop-networks/) and Twitter (@ExtraHop) © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) Cloud, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. *Assembling Your Cloud Orchestra: A Field Guide to Multicloud Management, IBM Institute for Business Value ExtraHop Breaks Down IoT Security Barriers with Device Behaviour Profiling and Advanced Threat Detection 2020-02-19T03:35:35Z extrahop-breaks-down-iot-security-barriers-with-device-behaviour-profiling-and-advanced-threat-detection SEATTLE — FEBRUARY 18, 2020 — ExtraHop, the leader in cloud-native network detection and response, today announced a suite of new features designed to streamline the secure adoption and implementation of IoT in the enterprise. ExtraHop® Reveal(x)™ now provides advanced discovery, classification, and behaviour profiling for enterprise IoT devices, providing visibility from the device to the service layer. These latest enhancements extend Reveal(x) capabilities to the enterprise IoT device edge, providing complete visibility, detection, and response across the attack surface without the need to implement narrow point solutions. IoT reduces operational friction, making businesses more efficient and employees more productive. But this comes at a cost. IoT moves computing power to the edge, vastly expanding the enterprise attack surface, and without visibility into what devices are connecting to the network and what resources they are accessing, it leaves organisations vulnerable to threats. “Our research points to consistent growth in enterprise IoT usage which, along with other enterprise initiatives, has led to a growing attack surface,” said Fernando Montenegro, Principal Analyst, Information Security, 451 Research. “This leads to increased demands from enterprise security teams for visibility into network traffic, analysis for detection of threats, followed by remediation as needed.” With the latest release, ExtraHop Reveal(x) now provides the visibility, detection, and investigation capabilities security and IT organisations need to continuously secure and manage expanding IoT deployments. - Continuous Device Discovery and Classification discovers, identifies, and profiles all IoT devices and services to deliver complete visibility without friction to IT and Security Operations teams. - Device Behaviour Profiling extracts rich L2-L7 data from network and cloud traffic, enabling deeper analysis across devices at the service level. When paired with cloud-scale machine learning from ExtraHop, this data is correlated with other network events to rapidly and accurately detect threat patterns for immediate response. This provides organisations with continuous behavioural monitoring and detection for IoT devices such as VoIP phones, printers, IP cameras, wearables, and smartboards. - Guided Investigation automatically gathers contextual information, related detections, and packet level details into a single workflow to streamline and accelerate response actions, enabling security analysts and threat hunters to quickly determine the impact and scope of an IoT event and easily drill into forensic level details. - IoT Security Hygiene helps security and IT operations teams address issues such as IoT devices and services using unencrypted communications, and when discovered, can automate response actions with other systems like creating a ticket or isolating devices on the network. “We believe that enterprise IoT is a strong fit for ExtraHop's network detection and response solution. Not only do we discover the presence of IoT devices, identifying make and model, but we also automatically segment into peer groups to detect suspicious behaviours and potential threats.” said Jesse Rothstein, CTO and co-founder at ExtraHop. “Reveal(x) enables organisations to truly understand the level of risk a device poses and provides situational awareness of the environment.” Enterprise IoT Security features (https://www.extrahop.com/company/blog/2020/announcing-extrahop-revealx-enterprise-iot-security-solution) are now globally available with ExtraHop Reveal(x) platform. To learn more about the company's industry-leading cyber analytics platform, visit: https://www.extrahop.com/solutions/security/iot and explore the Reveal(x) live interactive online demo: https://www.extrahop.com/demo About ExtraHop ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global, and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo: https://www.extrahop.com/demo or connect with us on Linkedin: https://www.linkedin.com/company/extrahop-networks and Twitter: https://twitter.com/ExtraHop © 2020 ExtraHop Networks, Inc., Reveal(x), Reveal(x) Cloud, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ExtraHop Helps Midsize Enterprises Accelerate Security Maturity with New NDR Offering and Analyst Service 2020-02-12T00:09:17Z extrahop-helps-midsize-enterprises-accelerate-security-maturity-with-new-ndr-offering-and-analyst-service SEATTLE — FEBRUARY 11, 2020 — ExtraHop, the leader in cloud-native network detection and response, today announced new products and services designed to help midsize enterprises address security maturity, reduce tool complexity, and increase efficiency to better protect their organisations. The new ExtraHop® Spotlight™ service leverages the deep domain expertise of the ExtraHop security analysts and combines it with rich insights derived across customer environments to provide targeted threat investigation guidance for lean security and IT operations teams. The new ExtraHop Reveal(x)™ 5Gbps subscription package provides cost-effective network detection and response (NDR) that delivers complete visibility, detection, and response capabilities for midsize enterprises. Midsize organisations face the same sophisticated security threats – from ransomware to insider threats – as large enterprises, but often lack the resources and security domain expertise to combat these threats at scale. With the latest offerings, ExtraHop is helping these organisations mature their security operations, keeping them focused on critical threats while aligning IT operations and security operations teams around common datasets and workflows. According to the 2019 SANS Incident Response Survey (https://assets.extrahop.com/whitepapers/SANS-2019-Incident-Response-Survey.pdf), the top two impediments to successful incident response were "shortage of staffing and skills" and "lack of budget for tools and technology." With Spotlight, ExtraHop customers can now augment their teams with the deep security domain expertise of ExtraHop analysts, providing targeted education and investigation guidance for specific Reveal(x) detections, helping them maximise the value of their investment. The Spotlight service also adds another layer of intelligence by leveraging visibility into the most common threats across customer environments to speed detection and scale response for multiple organizations. When combined with the cloud-scale machine learning of Reveal(x), this collective insight across customer environments helps customers save time and resources by surfacing only the most pressing threats. "Midsize enterprises are subject to the same malicious activity as larger organisations, but often lack the resources that help large enterprises maintain an upper hand," said Sri Sundaralingam, VP of Product and Solutions Marketing at ExtraHop. “Competition for scarce security talent is fierce, and budget constraints often slow tool modernisation, leaving existing IT and security teams under-resourced. This new offering enables medium-sized enterprises who want to scale their business with a cloud-native network detection and response solution to efficiently cover a wide breadth of use cases.” To learn more about how ExtraHop supports security for midsize enterprises visit our solutions page (https://www.extrahop.com/company/blog/2020/announcing-new-revealx-packages-for-midsize-enterprises/) or read our blog post (https://www.extrahop.com/company/blog/2020/announcing-new-revealx-packages-for-midsize-enterprises) to learn more about the benefits of these new offerings. What our partners are saying: "For 40 years, our mission has been to provide our customers with innovative solutions that reduce costs, increase productivity, and mitigate risk," said Chris Pyle, CEO at Champion Solutions Group. "As security threats become more and more sophisticated, we are seeing businesses of all sizes looking for solutions to address these security concerns. ExtraHop's expansion into the midsize enterprise will allow us to bring Reveal(x) to a whole new market." "At Exclusive Networks, we choose to partner with companies like ExtraHop that provide best-of-breed solutions such as Reveal(x)," said Gilbert de Rijke, New Business Director at Exclusive Networks Netherlands. "We share a joint purpose with ExtraHop to bring industry-leading network detection and response to enterprises of various sizes around the globe and the new midsize enterprise security solution will open new doors for us to expand our offerings.” "The new ExtraHop Reveal(x) subscription offering is a perfect fit for the APAC midsize enterprise market," said Dan Suto, General Manager of Managed Services at DXC Connect. "This enterprise-grade threat detection and response with complete visibility represents a huge opportunity for our go-to-market strategy with ExtraHop and our managed services clients." The ExtraHop Reveal(x) 4200 (5Gbps solution) will be available globally in March 2020. ExtraHop Spotlight service is now available in North America and will be available for specific global regions in the second half of 2020. To explore the Reveal(x) live interactive online demo visit: https://www.extrahop.com/demo About ExtraHop ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to all cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global, and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud. To experience the power of ExtraHop, explore our interactive online demo: https://www.extrahop.com/demo/ or connect with us on Linkedin: https://www.linkedin.com/company/extrahop-networks/ and Twitter: @ExtraHop © 2020 ExtraHop Networks, Inc., Reveal(x), and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc. ENDS