The Winter 2019 release of ExtraHop Reveal(x) network traffic analysis for the enterprise is here, and with it, the bar for inclusion in the increasingly critical NTA category (read Gartner's first NTA Market Guide here) has been raised once again. We'll cover the technical features and how-tos in a separate post, but here the goal is to show the transformational possibilities that the newest version of Reveal(x) will unlock for maturing enterprise security operations teams.
Proactive Hygiene Is Eating SecOps
In 2018, we saw our customers and the enterprise business world as a whole start investing heavily in proactive security hygiene. After years of reactive security practices that often resulted in analysts being overworked and unable to focus their energies on the most pressing issues, enterprises are embracing tools to stay ahead of attackers, as well as to monitor and account for things the enterprise has less control over, such as public cloud environments and third-party SaaS apps. Enterprises are also accelerating their adoption of security frameworks like the CIS Top 20, NIST, and MITRE ATT&CK Frameworks to understand threats and be better prepared to prevent, detect, and respond. This trend will mean better security posture for enterprises, better work environments and productivity for security analysts, and hopefully better sleep for CISOs.
Reveal(x) Winter 2019 brings even more capabilities and fine-grained controls for focusing monitoring scrutiny and analyst attention on critical assets using network detection and response. Reveal(x) users can now make dynamic, complex, custom device groups, automatically focus advanced analysis on them, and even fire alerts against their activities.
Ditch the Swivel Chair: Faster Access to Actionable Insights and Forensic Evidence
One of the core struggles we've seen security analysts facing over the past many years is that of making the leap from getting a detection or security event to actually understanding two things about it:
Whether it represents a real threat that warrants investigation and response
What the most effective next steps to investigate and respond might be
Too often, when a security analyst receives an alert, they have to consult a range of tools and even request data access from other teams before being able to validate whether the alert actually matters, or whether it can be ignored.
Reveal(x) Winter 2019 provides simpler, more streamlined workflows to access and make sense of the data needed to investigate and respond confidently to threats. Each detection in Reveal(x) comes with recommended next steps, informed by our in-house security expertise, to make it easy to know what to do first. Beyond that, Reveal(x) still puts the transaction records associated with a detection within just a click, and full, decrypted packets within a few more clicks, so analysts can get deep context and forensic-level evidence within minutes of detecting a potential threat.
Full-Spectrum Detection from Core to Edge to Cloud
In the first year of Reveal(x), and even several years before, we focused on building a machine learning-driven network detection capability that minimized false positives and provided confidence and context around every anomaly or potential threat it detected.
With the Winter 2019 release of Reveal(x), we're introducing a huge new piece to the detections picture: a new capability for ultrafast rules-based detections allows us to be even more effective at detecting known threats, fuelled by the same rich L2-L7 data that makes our machine learning detection system the best in the business. In many cases where ML-driven behavior analysis is unnecessary, we'll now instantly detect threats and provide the context and data analysts need to investigate and squash them.
For Incident Response, Teamwork Makes The Dream Work
Fast, accurate threat detection is vital for SecOps, and Reveal(x) provides it in spades, but detection is only the beginning. Reveal(x) has proven itself to be the market leader in providing context and investigation capabilities based on real-time network traffic analysis, and we're working with best-of-breed SIEM and firewall vendors to complete the picture with automated incident response.
Between Q4 2018 and Q1 2019, we'll release our official, supported integrations with IBM QRadar and Palo Alto Networks firewalls. This will enable Reveal(x) users to not only rapidly detect and investigate threats, but to automatically quarantine suspicious hosts, update firewall rules, and enact other automated threat responses based on high-confidence detections and investigations from Reveal(x).
Learn More About Features and Capabilities
Experience real-world scenarios in our Reveal(x) Live Interactive Demo.