ExtraHop November TL;DR

Welcome to the November edition of the ExtraHop TL;DR! This is your place to get the highlights on what we're talking about this month. You can also watch our video broadcasts on the fourth Friday of every month on our LinkedIn page.

Visit ExtraHop at AWS re:Inforce 2022

We're heading to Vegas—are you? Stop by booth 112 to chat with the ExtraHop team, see a live demo, and enter to win a pair of Beats Studio3 noise-canceling headphones. You can also stop by the AWS Jam Lounge (booth 412) to get hands-on experience with Reveal(x) 360 for AWS security use cases, and we're co-hosting a special presentation with the CrowdStrike team (booth 109).

IDC Technology Assessment Guide: Guide for Extracting Value from SOAR Faster with NDR

SOAR has tremendous potential to accelerate security operations. It can automatically find and reject false positives before they reach security teams, helping them focus on what matters. But to really be useful, SOAR requires data integrations with other security tooling. One critical tool is network detection and response (NDR). See how NDR software extracts metadata from packets, applies insights about the packet based on user and device behaviors and network events, and cross-correlates with threat intelligence or attack simulation to find adversaries.

Gartner®: How to Respond to the 2022 Cyberthreat Landscape

Organizations face new threats as they prepare for the future of work and accelerate digital transformations. Read Gartner's advice on how security and risk management leaders can continually refine their strategy to combat top threats, high-momentum threats and emerging threats.

A Practical Guide to Shields Up

The guidance issued by CISA is still as important as ever. Learn how to keep your organization safe from nation-state cyberthreats by practicing proper security hygiene and maintaining a strong security posture.

Customer Success: Wood County Hospital

Learn how this Ohio-based hospital's IT team managed to identify and respond to a ransomware attack by filling in their visibility gaps across the network.

Threat of the Month: REvil

REvil (pronounced "R" Evil) is a ransomware-as-a-service (RaaS) operation, originally based in Russia. They deploy multiple encryption and exfiltration techniques to add even more leverage to their ransoms, including a successful $50 million attack on Acer in 2021 and a $70 million attack on Kaseya only a few months later.

From the ExtraHop Blog

Take a look at some of our recent stories.

Here's What's New in 9.0 and Reveal(x)

Discover retrospective threat intelligence (RTI), edit detection tuning rules, new dashboards and custom network localities, all in Reveal(x) 9.0.

How to Respond to OpenSSL Vulnerabilities

Learn about the risk of OpenSSL vulnerabilities, how to identify devices running OpenSSL, and how your organization can spot exploit attempts after the initial intrusion.

Healthcare's IoT Challenge

Find out why healthcare IT teams face a greater challenge and how network visibility can help close their security gaps.

In Other News

Read, watch, or listen to some interesting news from around the internet.

The Verge: Decoder Podcast—Never Pay the Ransom

Steve Cagle, CEO of Clearwater Compliance, tries to keep the bad guys from accessing patients' data. Listen to this Decoder podcast to learn how he combats ransomware attacks.

SC Media: White House Launches Effort to Bolster Chemical Sector Cybersecurity

The White House has unveiled a new CISA-led action plan for the U.S. chemical industry, which aims to strengthen threat intelligence sharing between the sector and the federal government.