BlogIt’s no surprise threat actors are getting faster. CrowdStrike’s Counter Adversary Operations team has recently found that the average time for an adversary to “break out” and move laterally from initial compromise to other hosts in the victim environment is down to an all-time low of 79 minutes.
That’s compared to 84 minutes as noted in the CrowdStrike 2023 Global Threat Report from earlier this year and to 98 minutes the previous year. The fastest adversary CrowdStrike tracked in its 2023 Global Threat Report began moving laterally within seven minutes of compromising an endpoint.
To help security operations teams win this race against adversaries, ExtraHop and CrowdStrike announced further integrations between their two security platforms that deepen their existing technology partnership and help customers meet demanding cybersecurity KPIs.
CrowdStrike Threat Intelligence for ExtraHop Customers
Specifically, ExtraHop will be integrating world-class CrowdStrike FalconⓇ Intelligence into the Reveal(x) network detection and response platform as an out-of-the-box service for all users. Falcon is recognized as a leader in The Forrester Wave™: External Threat Intelligence Services Providers, Q3 2023. ExtraHop was named a leader in The Forrester Wave: Network Analysis and Visibility Solutions, Q2 2023.
The integration of Falcon Intelligence with Reveal(x) in early 2024 will provide ExtraHop customers with real-time, high-quality telemetry and IOCs from the CrowdStrike threat research team. Fed by trillions of unique events each day, the added intelligence will help expose the latest threat actors, malicious tools, and attack techniques hiding in users' networks.
The addition of CrowdStrike Falcon Intelligence into Reveal(x) will help ExtraHop customers reduce their time to investigate cyber incidents by providing more timely and contextual detections. The integration will use the high-fidelity list of threat indicators developed by CrowdStrike threat researchers and apply them to the unique environments of every ExtraHop customer, bringing even greater speed and accuracy to detections and helping to reduce mean time to respond (MTTR).
A recent customer survey found that Falcon Intelligence Premium reduces response time, decreases time-consuming threat research, and improves risk posture. The April 2023 Techvalidate survey of CrowdStrike Cloud Security customers found:
- An 80% time savings while investigating alerts;
- A 78% reduction in effort during threat research;
- An 80% improved risk posture.
Meanwhile, a commissioned Total Economic Impact™ study conducted by Forrester Consulting on behalf of ExtraHop found that a composite organization comprised of interviewees with experience using Reveal(x) 360 led to:
- 83% reduction in time to detect threats;
- 87% reduction in time to resolve threats;
- 66% reduction in unplanned outages;
- 193% ROI.
CrowdStrike Adds Reveal(x) to Services Offering, Marketplace
ExtraHop also announced that CrowdStrike will deploy Reveal(x) as part of CrowdStrike’s Services offering to help customers defend against advanced threats. CrowdStrike customers will be able to use Reveal(x) alongside the CrowdStrike Incident Response, Compromise Assessment, and Network Monitoring Services.
Incident Response customers will be able to use Reveal(x) alongside CrowdStrike Services to quickly identify incidents and shut down attacks, and Compromise Assessment customers will be able to use Reveal(x) to understand how the incident happened and what actions to take to remediate any damage. CrowdStrike customers will also have access to the comprehensive network monitoring capabilities of Reveal(x), along with CrowdStrike services, to monitor unprotected devices, analyze network traffic, stop denial-of-service attacks, and identify threat actors on their networks.
In addition, Reveal(x) will be available in the newly launched CrowdStrike Marketplace, a one-stop destination and world-class ecosystem of third-party security products, CrowdStrike announced.
The new CrowdStrike Marketplace connects CrowdStrike customers directly to ExtraHop, resulting in simplified security stacks and reduced operational costs.
ExtraHop, CrowdStrike Customers Benefit from Deepening Partnership
Today’s announcements build on the already-powerful integration between Reveal(x) and the CrowdStrike Falcon® platform, including Falcon Insight XDR, Falcon ThreatGraph, and Falcon LogScale. When combined, the two platforms allow joint customers to achieve broader, deeper visibility when identifying and responding to threats, better positioning them to stop attacks in their earliest stages.
To learn more about the integrations between CrowdStrike and ExtraHop, watch the webinar, “How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint.”
