Securing cloud workloads presents several challenges for organizations looking to take advantage of the scale and speed of innovation the cloud provides. A lack of visibility into critical applications and an inability to drill down into network packets has often slowed the pace of digital transformation.
With the new ExtraHop Reveal(x) integration with Google Cloud Packet Mirroring, customers can secure workloads and accelerate cloud migration with confidence.
Cloud Traffic as a Data Source
Traditionally, it has been very difficult for enterprises to capture network packets in their cloud environments. It required some kind of lightweight packet forwarder or agent via remote packet capture (RPCAP). Because this deployment was cumbersome and had difficulty scaling with cloud environments, most enterprises relied on logs from security incident and event management (SIEM) products and endpoint detection and response (EDR) tools. These are both great data sources, but they also have their drawbacks.
Log tools can be turned off, and EDR products require agents, which leave blind spots in the cloud. Solutions that monitor the network, on the other hand, and analyze that traffic in real time, are difficult to evade and can't be turned off. And, by leveraging Google Cloud's Packet Mirroring feature, there's no need to deploy any agents.
Drill Down to Forensic Evidence
Incomplete or partial information makes it more difficult to get to ground truth. ExtraHop Reveal(x) for Google Cloud supports full packet analysis by capturing payloads and headers through the integration, enabling Security Operations Centers to conduct in-depth analysis and hunt threats. With cloud-scale machine learning at the application layer, Reveal(x) for Google Cloud spots anomalous behaviors to surface the most critical threats in the cloud.
Concerned about threats that use encryption to hide? Reveal(x) for Google Cloud decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy.
Complete Investigations in Clicks
When responding to threats, every second matters. By automating several early investigation steps, Reveal(x) for Google Cloud provides analysts with intuitive workflows for rapid investigation. Reveal(x) for Google Cloud also gives your security team detailed detection cards with recommended next steps, and automatically surfaces similar threats across architectures to significantly reduce response times.
Gain Complete East-West Visibility
Before the introduction of virtual taps, security teams were often in the dark about what was on their networks in the cloud. By taking advantage of Google Cloud Packet Mirroring, Reveal(x) for Google Cloud automatically discovers, classifies, and maps dependencies between applications.
As a cloud-native network detection and response (NDR) solution, Reveal(x) for Google Cloud gives security teams visibility into every communication traversing the east-west traffic corridor. By supplementing the data you get from endpoint and log tools, Reveal(x) for Google Cloud delivers Gartner's SOC Visibility Triad to the cloud, helping you uphold your side of the shared responsibility model for cloud security.
To learn more about the Reveal(x) for Google Cloud integration, visit our Security for Google Cloud webpage.