BlogIn the early days of ExtraHop, our elevator pitch was "Google Earth for your network." At the time, it was a fun and colloquial metaphor for how ExtraHop enabled you to browse through real-time communications. You could start with a device in your environment and easily see all the ways it was interacting with other machines. But for the most part, these metrics were represented in tables, lists, and charts.
Today, with ExtraHop 7.0, we are getting a lot more literal with the "Google Earth" analogy. The flagship feature for this release is live activity maps, which advances the state-of-the-art in terms of how IT Operations, Network, and Security teams can explore what's happening in their environment. Like the mapping applications we use every day on our phones, this feature allows you to pan and zoom, and drill down into details about an object.
Live activity maps enable you to explore network communications in a new way.
It's an incredibly useful feature, but frankly it's also a lot of fun. Remember the first time you used Google Maps? You got to see what your house looked like from the sky, moved around to identify other local landmarks, then zoomed out to explore your entire region. Live activity maps beg to be played with in the same way.
In the video below, Colin Walker shows why this highly useful eye-candy will become as essential as other maps in your life.
Addy Wears a White Hat
Besides live activity maps, there are two other heavy-hitter features that we're announcing together with the 7.0 release. First off, ExtraHop Addy has gotten a lot smarter with new security-focused anomalies that detect things like malware command and control, attempts to evade intrusion detection systems, suspicious file access patterns, data exfiltration, and more. Detecting these types of behavioral anomalies is vital to finding threats that have bypassed traditional perimeter security mechanisms and are quietly at work inside your network. You can't spot malicious insiders or attackers with stolen credentials using rules or signatures—you have to have anomaly detection tracking actual behaviors, which is what Addy does.
Addy now automatically detects a number of new security anomalies.
Addy's new security expertise couldn't have come at a better time because 7.0 also improves Addy alerting capabilities, including the ability to send Open Data Stream events to third-party systems. In other words, Addy can now tell operations teams in Slack about performance issues, initiate incident response workflows in ServiceNow, or block infected clients with Cisco Tetration. Our data science team continues to explore new ways in which Addy's machine learning can take advantage of incredibly rich corpus of data—"features" in the parlance of machine learning—collected by the ExtraHop platform. Stay tuned for more!
Support for Perfect Forward Secrecy
The other big 7.0 feature is support for Perfect Forward Secrecy (PFS) in our SSL/TLS Decryption Suite. I can hear you say, "Huh? Never heard of it." Basically, PFS is a mode of encryption whereby the session keys are not negotiated over the wire, as with more traditional RSA key exchange. This is great for ensuring your encrypted traffic stays private, but threatens to obscure visibility for network-based systems such as IDS/IPS, DLP, DDoS mitigation, and network monitoring. Furthermore, the Internet Engineering Task Force is likely to require PFS in the next version of TLS. So if you haven't heard about it by now, you will. Here's a primer on what it is and why it matters. But in any case, ExtraHop has you covered.
What's the Takeaway for 7.0?
When you consider the sheer number of "complete unknowns" lurking in most IT environments, managing and securing the digital enterprise can be daunting, if not downright terrifying. ExtraHop 7.0 represents a huge advance in terms of gaining visibility into what's actually happening in your environment. Addy is smarter about detecting bad guys' activities, live activity maps makes it easier for us humans to "connect the dots" (sorry, bad pun), and PFS support means you can maintain visibility even while implementing stronger forms of encryption.
