back caretBlog

Azure Secures the Enterprise with Virtual Network TAP

Why the Microsoft Azure vTAP is a gauntlet for Amazon and Google

The cloud computing industry became a two-horse race seemingly overnight: while Amazon Web Services established dominance through years of in-house development and in-market testing, Microsoft Azure has rapidly gained ground among Fortune 500 and Global 2000 customers.


Owing to its decades-long focus on enterprise computing, Microsoft has an established footprint in virtually every large enterprise. They dominate in Operating Systems (Windows desktop & Server), Databases (MS SQL Server), Exchange, Active Directory, and plenty of developer-focused tech running in almost every business with 1,000-plus employees. After a few false starts, they're winning market share in cloud by focusing on the needs of their enterprise customer base.

Azure's Virtual Network TAP (vTAP), announced at Microsoft Ignite! 2018, is arguably a niche feature of the platform. It allows Security Operations teams, as well as their counterparts in IT/Cloud Ops, to obtain full packet feeds for their monitored cloud workloads. That's… kind of boring by itself. (Many enterprise-grade requirements are kind of boring. The enterprise is like the military that way.)

But combined with enterprise-grade tooling to analyze and make sense of all virtual network traffic across the enterprise, the results are spectacular: threats found, actors hunted, data breaches avoided.

Reveal(x) for Azure is the first network traffic analysis (NTA) platform to integrate with the Microsoft Azure vTAP to analyze cloud-based application payloads at scale. While the ExtraHop platform has always been able to pull in data from anywhere the enterprise network exists, Azure's introduction of the first Virtual Network TAP for cloud makes it even easier to gather virtual packets from every cloud instance.

As a completely passive NTA solution, Reveal(x) for Azure turns raw packets into searchable metadata that security teams can use to easily detect and investigate threats in the cloud. We consume a copy of unstructured network traffic from the Azure Virtual Network TAP and the ExtraHop stream processor performs line-rate decryption, decoding, and full-stream reassembly for every transaction.

The end result is structured wire data that can be analyzed, explored, and fully leveraged:

ExtraHop Reveal(x) Security Workflow

An example of the ExtraHop Reveal(x) security workflow

As enterprises continue to hybridize, the level of visibility and integrated threat intelligence provided by Reveal(x) is nothing short of critical.

With their release of the Virtual Network TAP, Microsoft has once again demonstrated their commitment to enterprise customers. In the battle for market share, Microsoft is targeting the segment they know best: big companies with big, expensive needs. The provider that serves those needs efficiently and effectively will win the enterprise.

The Azure vTAP is a shot across the bow to Microsoft's competitors in the cloud business. Amazon, Google-take heed.

More On Reveal(x) for Azure

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed