2024 Global Cyber Confidence Index

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Arrow pointing leftBlog

Cloud-Native NDR & EDR With CrowdStrike and ExtraHop

Making The Cyber Visibility Triad a Reality

Chase Snyder

June 3, 2020

Detect More Threats and Automate Rapid Remediation with CrowdStrike and ExtraHop

Today we're thrilled to announce the integration of CrowdStrike Falcon and Reveal(x) network detection and response. CrowdStrike Falcon stops breaches with unified endpoint protection delivered from the cloud. ExtraHop Reveal(x) detects threats using real-time network traffic analysis, line-rate decryption, and cloud-scale machine learning to catch the stealthiest attackers and enable intelligent investigation and response. The integration enables the enterprise SOC to detect threats through ExtraHop's machine learning analysis of rich network traffic, and to automatically contain those threats through CrowdStrike Falcon. Users will also gain visibility into opaque parts of the network, such as encrypted traffic and difficult-to-monitor IoT activity.

Through this partnership, CrowdStrike and ExtraHop will provide security operations teams the opportunity to make a major step up in their security posture.

SOC Triad

Making The Cyber Visibility Triad A Reality

There is growing momentum behind the idea, originating with former Gartner analyst Anton Chuvakin, that there are three primary data sources or tool types a SOC needs in order to achieve complete security visibility: logs (SIEM), endpoint monitoring (EDR), and the network (NDR). Tight integration between best-of-breed tools in these three classes is increasingly critical for enterprises facing rapidly evolving threats and ballooning attack surfaces due to cloud migration, IoT, and skyrocketing remote work.

This integration between CrowdStrike EDR and Reveal(x) NDR offers a path to a stronger security posture, more complete monitoring, and faster remediation of threats at the endpoint and on the network.

How It Works

CrowdStrike already has best-in-class endpoint security in their Falcon product, with a network containment capability that provides for compromised endpoints to be quarantined off from the corporate network until the threat can be remediated. However, certain types of threats are more easily and quickly detected on the network than on the endpoint. ExtraHop Reveal(x) NDR brings complete network visibility and ML-driven threat detection to the table so the enterprise SOC can confidently cover their most valuable resources from the endpoint and the network perspective.

When Reveal(x) detects a high-risk threat on the network, it sends a message to the CrowdStrike Falcon agent on any endpoints that may be affected, alerting the CrowdStrike system to trigger a network containment to prevent the spread of the threat until analysts can investigate further.

ExtraHop + CrowdStrike Diagram

Additionally, if Reveal(x) detects a high-risk threat impacting an endpoint that is not being monitored by CrowdStrike, it keeps a record of that so analysts can develop a view into potential gaps in their monitoring. Because Reveal(x) sees every conversation on the network, it can provide visibility into IoT activity that may be challenging to monitor using other mechanisms.

Get Started Now

To learn more about this integration and learn how to deploy it in your own environment, download the joint solution brief and register for the upcoming webinar with ExtraHop and CrowdStrike on how Cloud Native NDR and EDR Enable Automated Threat Containment.

Let's stop some breaches together!

Discover more


Explore related articles

Experience RevealX NDR for Yourself

Schedule a demo