ExtraHop Reveal(x) network detection and response can analyze 100Gbps of network traffic in real time and provide instant threat detection and guided investigation based on that data.
That's an incredible amount of data, and we're constantly adding new features to make it easier for SOC analysts to gather and understand the most relevant data points from that sea of data. We started with automated investigations by pulling metrics, transaction records, and packets all together for each detection, so analysts can access validation, response, and forensics in one to three clicks.
Now we're making it even easier to report the most useful data up the chain of command, so the SOC manager, the CISO, and even the board can get the visibility they want in an instant. While the report presents a week's worth of data, many sections of it will provide value on day 1 of your deployment, especially the Network Attack Surface section that shows you the expired certificates and weak ciphersuites currently in use on your network.
This 3-minute video highlights the new On-Demand Executive Report feature that was added in the Reveal(x) Fall 2019 release. You'll learn how to generate the report, and see examples of the type of data and analysis that are presented in it, including:
- Detection summaries segmented by attack chain step, device role, attack tactics, techniques and procedures, and more
- Security hygiene and attack surface audits including expiring certificates and weak ciphersuites in use currently on your network
- Command & Control and Data Exfiltration crossing your perimeter