Introducing ExtraHop Packet Basics

Incident responders and forensic investigators working in cloud environments often find themselves in a difficult spot. They need richer forensic detail than what is available in logs and data from agents and firewalls, but they rarely have access to network packets.

With ExtraHop Packet Basics, a free forensics offering available on AWS Marketplace, we're removing that barrier to more effective investigations, threat hunting, and incident response while helping cloud-focused security teams maintain chain-of-custody requirements.

ExtraHop Packet Basics integrates with Amazon VPC Traffic Mirroring to begin providing incident responders and forensic investigators with copies of network packets as soon as it's deployed in an AWS environment.

How ExtraHop Packet Basics Enhances Security for AWS Environments

ExtraHop Packet Basics provides four key benefits for organizations that need to defend AWS workloads:

• Enhances incident response workflows with instant access to network packets
• Reduces the amount of time and effort required to perform packet capture in the cloud
• Enables PCAP only for the packets needed for incident response and more
• Eliminates the financial burden of adding PCAP to existing toolsets

ExtraHop Packet Basics in an Incident Response Workflow

Example of ExtraHop Packet Basics in an incident response workflow.

ExtraHop Packet Basics is designed for frictionless PCAP in AWS environments, helping incident responders make confident decisions about the steps to take to stop a threat. This is one example of how an incident responder could use network packets from an ExtraHop Packet Basics instance.

1. An incident responder identifies abnormal activity and submits an EC2 instance to investigate
2. The API Gateway interacts with an AWS Lambda
3. Given input, the Lambda triggers an action
4. The Lambda launches an ExtraHop Packet Basics instance
5. The Lambda also enables Amazon VPC Traffic Mirroring
6. Amazon VPC Traffic Mirroring forwards copies of network packets to the ExtraHop Packet Basics instance
7. The incident responder can now analyze packet data on the potentially compromised workload and take their next steps

Adding ExtraHop Packet Basics to Your Security Toolset

Whether you're a longtime packet-head or someone who's interested in gaining greater context into the who, what, when, and where of a security incident, ExtraHop Packet Basics offers a great way to see the value of PCAP in your AWS environment. To learn more about ExtraHop Packet Basics or add this free PCAP tool, visit our AWS Marketplace listing.