In 2015, Gartner security analyst Anton Chuvakin first defined the positive compounding effects of combining network detection and response (NDR) information with SIEM and EDR to form the SOC Visibility Triad. This sparked a rush among security vendors to enable the SOC Visibility Triad for on-premises environments—helping SecOps practitioners to close critical on-premises security gaps. Now that organizations are rapidly moving workloads to the cloud, SecOps and security vendors are struggling to keep up once again.
With the introduction of ExtraHop Reveal(x) 360, ExtraHop has finally closed the gap with cloud-native technical innovations that enable deployment of NDR across on-premises, hybrid, multicloud, IoT, and remote environments from a single cloud-delivered console. And with enterprises suddenly required to increase their use of remote workforces and public cloud infrastructure, the timing couldn't be better.
Reveal(x) 360 is the first SaaS-based NDR solution allowing security operations teams to harness the power of the cloud and improve security posture without compromising availability or core business objectives. Packets stay close to their workloads, making Reveal(x) 360 cost-effective and enabling compliance where data sovereignty is a concern. It is cloud-delivered and cloud-agnostic for continuous visibility and threat protection across the entire attack surface. A fully-integrated workflow enables SecOps teams to manage detection, investigation, and response at scale and align to the demands of the business, even as IT and business realities continue to evolve. To accomplish this, ExtraHop integrates game-changing, cloud-native features into Reveal(x) 360:
ExtraHop Reveal(x) 360 Cloud-Native Innovations
Game Changer #1: Cloud-based Record Store with Flexible Pricing
ExtraHop leverages the power of the cloud to provide value and scalability as businesses grow or security needs fluctuate. With flexible and scalable cloud-based record storage, Reveal(x) 360 transforms both how and where NDR capabilities can be deployed, and how and when they can be consumed. When required, enterprises can augment sensor base record capacity by utilizing cost-efficient upfront capacity reservations, flexible on-demand record capacity, or both methods—enabling easy management of unpredictable loads, and providing value for customers with more predictable usage patterns.
From a SecOps perspective, a cloud-based record store provides a fully hosted and managed search capability for streamlined incident investigation. Security teams can finally search and query data from every segment of the hybrid environment for 360-degree visibility and situational intelligence.
Game Changer #2: Single Cloud-delivered Console
For the first time, SecOps teams can detect, investigate, and respond to threats from across all environments in a single management pane, eliminating the complexity of moving between separate consoles for on-premises and cloud environments. This is especially relevant in today's remote work environment where security and IT teams must respond to threats and conduct forensic investigations remotely.
Game Changer #3: Integration with Leading Cloud Packet Mirroring Taps
For public cloud deployments, ExtraHop leverages native integrations with packet mirroring features from Amazon Web Services and Google Cloud, as well as the announced Microsoft Azure vTAP, to capture copies of network traffic to provide agentless visibility, packet-level granularity, and security at scale.
Game Changer #4: Cloud-based ML-Powered Threat Detection
Real-time intelligence and behavioral analysis derived from petabytes of anonymized threat telemetry collected daily makes Reveal(x) 360 cloud-based machine learning uniquely reliable—all without impacting sensor performance. Cloud-scale ML provides more than 1 million predictive models for a typical enterprise deployment to identify suspicious behaviors and potential threats.
To learn more about the technical details of Reveal(x) 360, visit our How It Works page.