ExtraHop named a leader in the Gartner® Magic Quadrant™ for Network Detection and Response

Search
Get a Demo
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

Welcome to the ExtraHop Blog

image representing the top featured blog post

ExtraHop Named a Leader in the Gartner® Magic Quadrant™ for Network Detection and Response Two Years Running

May 21, 2026

Discover why ExtraHop was named a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) for the second consecutive year.
GartnerNDR
image representing this featured blog post

Defensibility in the Age of Machine-Speed Decisions

May 13, 2026

Speed is no longer the SOC's hardest problem. Defensibility is. Why CISOs need to rethink the data foundation behind every machine-speed security decision.

NDRRevealXNetwork SecurityThreat IntelligenceNetwork Visibility
image representing this featured blog post

The AI Traffic Explosion: How to Close the Security Gap Before Attackers Exploit It

May 18, 2026

Legacy security sensors weren't built for AI-scale traffic. Learn how unmonitored gaps are giving attackers room to operate and what closing those gaps actually requires.

Network Detection and ResponseNetwork VisibilityThreat DetectionSOCNetwork ThreatsSecurity
image representing this featured blog post

The Data Layer is Becoming the Performance Ceiling for Agentic AI in Security Operations

May 18, 2026

The bottleneck for the agentic SOC is the quality of the data your agents are asked to reason over. Why the data layer is becoming the limiting factor.

NDRRevealXNetwork SecurityThreat IntelligenceNetwork Visibility
lock Icon

Anatomy of an Attack

post image

Inside Interlock Ransomware Operations

June 16, 2026

Examine how the Interlock ransomware group leverages living off the land techniques and cloud exfiltration, and how ExtraHop RevealX detects the intrusion.

cover image for The DINDOOR Backdoor
The DINDOOR Backdoor

May 12, 2026

Iranian APT MuddyWater (Seedworm) is targeting organizations with a new, undocumented backdoor called DINDOOR. Discover how this campaign exploits the Deno runtime and Rclone for cloud exfiltration to bypass EDR, and learn how network detection and response (NDR) can help provide the visibility needed to stop these stealthy threats.

cover image for The Copy Fail: Linux Kernel Local Privilege Escalation
The Copy Fail: Linux Kernel Local Privilege Escalation

May 4, 2026

Uncover the "Copy Fail" logic flaw (CVE-2026-31431) that enables instant root access on nearly all major Linux distributions. Learn how this vulnerability bypasses file integrity monitoring and why network-based behavioral analysis is critical for securing containerized and cloud environments.

cover image for The MIMICRAT CLICKFIX Campaign
The MIMICRAT CLICKFIX Campaign

April 28, 2026

Expose how the MIMICRAT campaign weaponizes compromised financial sites and ClickFix lures to deploy fileless malware. See how ExtraHop RevealX provides the network-level ground truth to detect telemetry suppression and stealthy C2 patterns that bypass EDR.

cover image for The Chrysalis Backdoor and the Notepad++ Supply Chain Hijack
The Chrysalis Backdoor and the Notepad++ Supply Chain Hijack

April 6, 2026

Unmask the Chrysalis backdoor and the sophisticated Notepad++ supply chain hijack orchestrated by Lotus Blossom. Learn how these state-sponsored attackers bypass traditional defenses and why network-level visibility is the ultimate key to stopping them.

cover image for CHAOS in a BLACKSUIT—Triple Extortion Ransomware
CHAOS in a BLACKSUIT—Triple Extortion Ransomware

March 11, 2026

Discover how the Chaos threat group utilizes triple extortion to pressure victims. See how ExtraHop RevealX provides the decryption and network visibility required to expose these stealthy attackers before data is leaked.

cover image for From the Wire to the Data Center: Unmasking UNC5221 and the BRICKSTORM Backdoor
From the Wire to the Data Center: Unmasking UNC5221 and the BRICKSTORM Backdoor

February 20, 2026

Discover how UNC5221 exploits vCenter and ADFS. See how ExtraHop RevealX decrypts authentication protocols to expose the threat actors.

cover image for DarkSpectre
DarkSpectre

February 4, 2026

Defend your supply chain against DarkSpectre’s evolving browser-based threats. This deep dive covers operational pillars like "The Zoom Stealer," MITRE ATT&CK TTPs, and actionable remediation strategies using allow-lists and network-centric security.

cover image for Anatomy of an Attack: European Cyber Threat Landscape: December 2025
Anatomy of an Attack: European Cyber Threat Landscape: December 2025

January 14, 2026

Explore how specialized cyber operations in December 2025 weaponized BitLocker and used traffic mimicry to target critical infrastructure in Romania, France, and the UK. Learn how ExtraHop RevealX detects these "Living off the Land" tactics and supply chain breaches.

cover image for SHADOW-VOID-042 Campaign Uses Deceptive Update Lures in Targeted Global Espionage
SHADOW-VOID-042 Campaign Uses Deceptive Update Lures in Targeted Global Espionage

January 8, 2026

Stop the SHADOW-VOID-042 espionage campaign. See how this Void Rabisu-linked threat uses deceptive lures and zero-days. Learn how ExtraHop decodes 90+ protocols @ 100 Gbps to catch it.

View AllArrow pointing right

Explore Topics

magnifying glass icon
post image

5 Kubernetes Threats Behind Real-World Breaches and How to Defend Against Them

June 17, 2026

High-profile cloud breaches increasingly begin inside Kubernetes, where threat actors turn routine runtime container access into expansive multi-cloud compromise.

Network VisibilitySecurity
post image

What is an Agentic SOC? From AI Copilots to Autonomous Security Operations

June 17, 2026

Discover the critical difference between AI-assisted security and a truly agentic SOC — and get a practical blueprint for building autonomous security operations that defend at machine speed.

Threat DetectionAI AgentsSecurity
post image

Anatomy of an Attack

Inside Interlock Ransomware Operations

June 16, 2026

Examine how the Interlock ransomware group leverages living off the land techniques and cloud exfiltration, and how ExtraHop RevealX detects the intrusion.

Anatomy of an AttackRansomwareThreat IntelligenceNetwork Detection and ResponseAnatomy of an AttackLateral MovementCloud Security
post image

Your AI Needs the Noise: Why Filtering Kills the Agentic SOC

June 4, 2026

Noise reduction was built for humans, but it starves AI of context. Discover why unfiltered network truth is the essential foundation for an effective, truly autonomous agentic SOC.

AINetwork SecuritySOCThreat Detection
post image

Kubernetes Security Risks: 3 Opportunities for Threat Actors to Exploit Your Kubernetes Clusters

June 2, 2026

Discover three ways threat actors exploit Kubernetes environments — from workload visibility gaps to supply chain vulnerabilities and decentralized data — and what security teams can do about it.

CybersecurityAISupply Chain
post image

Mastering Enterprise AI Security: How to Solve the 3 Biggest Gaps in AI Governance and Oversight

June 1, 2026

Many organizations have embedded AI into their operations, yet most lack visibility into their AI footprint. Explore the three biggest gaps in AI governance and actionable steps to close them.

CybersecurityCompliance

Experience RevealX NDR for Yourself

Schedule a demo
Contact us