The ExtraHop Professional Services Team has something to offer big companies as well as small. They recently engaged with one of our larger customers as part of a bundled service of migration to Reveal(x). That customer has a highly skilled IT team, and consequently it had taken them a while to connect with us. So, did our team have insights that benefitted them?
While not technically part of the standard migration service, the ExtraHop Solution Architect (SA) decided to review their data feed for the EDA's being migrated. He discovered that no new devices were reflected in the last 18 months. This seemed odd considering the dynamic nature of this Fortune 100 organization and the fact that Reveal(x) automatically detects and classifies devices communicating on the network.
Upon further investigation the SA realized the client's packet aggregator was not working. At some point ARPs (Address Resolution Protocol) stopped being delivered. Over two hundred devices were not being detected or monitored.
For eighteen months they were unaware they had a visibility gap and that their security posture was at risk. They, like many IT admins, had multiple system responsibilities and relied on operational cues to alert them to issues. With no alerts the assumption was the system was working fine.
Working with the packet aggregator company, the SA determined the firmware was outdated (very outdated) and an upgrade would solve the issue. With an upgrade and a configuration change, all those missing devices were now visible.
Improving Security Posture Through Health Checks
The "aha" moment for them was the realization that regular health checks should be an integral part of maintaining system integrity. The adage "you don't know what you don't know," applied in this situation. Having a Solution Architect, an ExtraHop expert who can spot the abnormal, investigate root causes, and optimize the system, freed IT to focus on higher value tasks and improved the performance of their Reveal(x) and their overall security.
We want to help you use Reveal(x) to eliminate blind spots! Reach out to our ExtraHop Professional Services Team to learn more.