• The Platform

    ExtraHop Reveal(x)

    Cloud-native visibility, detection, and
    response for the hybrid enterprise.

    Reveal(x) 360

    SaaS-based network detection
    and response.

    Learn More

    How It Works

    Competitive Comparison

    Reveal(x) Enterprise

    Self-managed network detection
    and response.

    Learn More

    How It Works

    Competitive Comparison

  • For Security

    For Security

    Protect and scale your business with complete visibility, real-time threat detections, and intelligent response.

    Use Cases

    • Comprehensive Inventory of All Devices
    • Detect Lateral Movement
    • Monitor Sensitive Data Movements
    • Respond to Alerts That Matter
    • Simple, Streamlined Threat Hunting
    • Next Generation Intrusion Detection System
    • See All Use Cases

    Security Resources

    • 2020 Gartner Market Guide for Network Detection and Response
    • 2020 SANS Network Visibility and Threat Detection Survey
    • Beginners' Guide to Network Detection and Response

    See All Resources

    Enterprise-Ready Integrations

    Crowdstrike Logo

    Detect network threats and automatically quarantine impacted devices.

    Read More...

    See All Integrations

    Featured Customer Story

    Ulta Beauty Logo

    ULTA Beauty Securely Scales High-Growth e-Commerce Operation in the Cloud with ExtraHop

    Read More...

    See All Customer Stories

  • For Cloud

    For Cloud

    Secure rapid cloud adoption and maintain control of applications, workloads, and data in cloud or multi-cloud environments.

    Use Cases

    • Monitor Critical Cloud Workloads
    • Detect Supply Chain Attacks
    • Cloud Detection and Response
    • Respond to Alerts That Matter
    • Security for AWS
    • Security for Azure
    • Security for Google Cloud
    • See All Use Cases

    Cloud Resources

    • Using MITRE ATT&CK In Cloud and Hybrid Environments
    • Multi-Cloud Security: Removing Friction from the Development Process

    See All Resources

    Enterprise-Ready Integrations

    Amazon Web Services Logo

    Unified cloud security and monitoring with AWS and ExtraHop.

    Read More...

    See All Integrations

    Featured Customer Story

    Wizards of the Coast Logo

    Wizards of the Coast Delivers Frictionless Security for Agile Game Development with ExtraHop

    Read More...

    See All Customer Stories

  • For IT Ops

    For IT Ops

    Boost NOC/SOC collaboration and ensure availability and performance across your hybrid enterprise.

    Use Cases

    • Resolve Performance Issues
    • Support Distributed Workers
    • Reliably Scale to the Cloud
    • NetOps and SecOps Collaboration
    • See All Use Cases

    IT Ops Resources

    • 451: Digital Experiences Are Front and Center In Coping with Coronavirus
    • Office Shutdown: Securing an Increased Remote Workforce

    See All Resources

    Enterprise-Ready Integrations

    ServiceNow Logo

    Know and do more, faster. ExtraHop + ServiceNow makes IT service management even more seamless.

    Read More...

    See All Integrations

    Featured Customer Story

    The Home Depot Logo

    The Home Depot Builds Unified Customer Experience with Visibility from ExtraHop

    Read More...

    See All Customer Stories

  • Blog
  • More
    • Customers
    • Partners
    • Resources
    • About Us
    • Support
    • Support Overview
    • Documentation
    • Hardware Policies
    • Services
    • Services Overview
    • ExtraHop Reveal(x) Advisor
    • Deployment
    • Training
    • Training Overview
    • Training Sessions
    • Community
    • Customer Portal Login
    • Solution Bundles Gallery
    • Community Forums
    • Customer Stories

    Partners

    • Panorama Partner Program
    • Overwatch Managed NDR
    • Technology Integration Partners
    • Partner Portal Login
    • Become a Partner

    Resources

    • Customer Stories
    • Remote Access Resource Hub
    • All Resources
    • White Papers
    • Datasheets
    • Industry Reports
    • Webinars
    • Network Attack Library
    • Protocol Library
    • Documentation
    • Firmware
    • Training Videos
    • About ExtraHop
    • About Us
    • The ExtraHop Difference
    • What Is Cloud-Native?
    • Leadership
    • Board of Directors
    • Careers
    • Careers Overview
    • Search Openings
    • News
    • Newsroom
    • Press Releases
    • ExtraHop in the News
    • Engage with Us
    • Contact Us
    • Upcoming Webinars and Events
    • Take the Live Demo

    Ulta Beauty

    ULTA Beauty Securely Scales High-Growth e-Commerce Operation in the Cloud with ExtraHop

    Read More...

    Crowdstrike

    Detect network threats and automatically quarantine impacted devices. Inventory devices not yet protected by endpoint security.

    Read More...

    2020 Gartner Market Guide for Network Detection and Response

    ExtraHop is a representative vendor two years running. Learn why.

    Read More...

    Newsroom

    Get the latest news and information about ExtraHop, including press releases and third-party coverage.

    Read More...

X button
Login
Logout
Start Demo

The Platform

For Security

For Cloud

For IT Ops

Blog

More

Start the Democaret-right

Contact Uscaret-right

caret-left Back

ExtraHop Reveal(x)

Cloud-native visibility, detection, and
response for the hybrid enterprise.

Reveal(x) 360

SaaS-based network detection
and response.

Learn More

How It Workscaret-right

Reveal(x) Enterprise

Self-managed network detection
and response.

Learn More

How It Workscaret-right

caret-left Back

For Security

Protect and scale your business with complete visibility, real-time threat detections, and intelligent response.

Learn More

Comprehensive Inventory of All Devices

Detect Lateral Movement

Monitor Sensitive Data Movements

Respond to Alerts That Matter

Simple, Streamlined Threat Hunting

Next Generation Intrusion Detection System

caret-left Back

For Cloud

Secure rapid cloud adoption and maintain control of applications, workloads, and data in cloud or multi-cloud environments.

Learn More

Monitor Critical Cloud Workloads

Detect Supply Chain Attacks

Cloud Detection and Response

Respond to Alerts That Matter

Security for AWS

Security for Azure

Security for Google Cloud

caret-left Back

For IT Ops

Boost NOC/SOC collaboration and ensure availability and performance across your hybrid enterprise.

Learn More

Resolve Performance Issues

Support Distributed Workers

Reliably Scale to the Cloud

NetOps and SecOps Collaboration

caret-left Back

Blog

Learn More
caret-left Back

Customers

Partners

Resources

About Us

caret-left Back

Customers

Customer resources, training,
case studies, and more.

Visit Customer Portal

Support

Professional Services

Training

Solution Bundles Gallery

Community Forums

caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Visit Partner Portal

Panorama Partner Program

Overwatch Managed NDR

Technology Integration Partners

Become a Partner

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories

Network Attack Library

Protocol Library

Documentation

Firmware

Training Videos

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

The ExtraHop Difference

What Is Cloud-Native?

Careers

Newsroom

Upcoming Webinars and Events

How to Detect and Respond to the Sunburst Attack Security Alert: Detecting CVE-2020-1472 Zerologon Vulnerability Exploitation with NDR The Recent Exchange Server Vulnerability and SSRF Attacks

Blog | Security Alerts

How to Detect and Respond to the SUNBURST Attack

  • ExtraHop
  • December 14, 2020

Security Alert: Detecting CVE-2020-1472 Zerologon Exploitation with NDR

  • Jeff Costlow
  • September 16, 2020

The Recent Exchange Server Vulnerability and the Problem of SSRF Attacks

  • Jeff Costlow
  • March 3, 2021

Security Alert: Detecting CVE-2020-1472 Zerologon Exploitation with NDR


The Recent Exchange Server Vulnerability and the Problem of SSRF Attacks


How to Detect and Respond to the SUNBURST Attack

  • All Posts
  • Security
  • Cloud
  • Tech
  • Community
  • Trending
  • Security Alerts
  • NDR
  • Security Frameworks
  • Decryption
  • Industry Trends

3.23.21

Ransomware, Exfiltration, and the Recent REvil Attacks

The recent ransomware attack on Acer evidences an increasing trend of combining ransomware and exfiltration for a two-pronged attack. Learn how ExtraHop Reveal(x) can detect and stop ransomware.

Jeff Costlow

Read On

3.12.21

Microsoft Exchange Server Security

How to secure Microsoft Exchange Server and why decryption is a critical capability for security solutions.

Jeff Costlow

Read On

3.9.21

Are You Ready to Defend Against the Next Supply Chain Attack?

What can organizations do now to defend against the next supply chain attack? Find out more in our latest blog post.

Dan Frey

Read On

3.3.21

The Recent Exchange Server Vulnerability and the Problem of SSRF Attacks

A new Exchange server vulnerability is being exploited to perpetrate active server side request forgery (SSRF) attacks.

Jeff Costlow

Read On

2.11.21

New Report on Lessons Learned Observing SUNBURST's Behavior

Get ExtraHop's latest report exploring how SUNBURST's behavior evaded defenses and what we can do going forward.

Carol Caley

Read On

1.20.21

Sunburst Origin Story Part 2: A Forensic Examination of SUNBURST After Detection

The SolarWinds Orion SUNBURST supply chain attack has rocked the confidence of many security teams across industries. This blog reconstructs the timeline of the attack and provides insights on how to improve threat detection in the future.

Todd Kemmerling

Read On

1.7.21

SUNBURST: Why Supply Chain Attacks Are So Destructive

Why was the SUNBURST supply chain attack so destructive? In this blog, ExtraHop identifies common elements of a supply chain attack and how to stop these attacks in the early stages.

Dan Frey

Read On

1.6.21

SUNBURST: An Origin Story

Get a forensic examination of the Sunburst attack from ExtraHop and learn how the attack went undetected for so long.

Todd Kemmerling

Read On

12.21.20

Video: SUNBURST Attack Series

SolarWinds Orion Sunburst attack video series by ExtraHop. Learn what steps ExtraHop recommends to ensure your network is not compromised.

ExtraHop

Read On

12.21.20

Video: How to Use NDR to Detect Malware Threats Like SUNBURST

Video from ExtraHop: What we have learned about how the attack works and how NDR is essential to detect threats such as the SUNBURST malware.

ExtraHop

Read On

12.18.20

Analyzing the SUNBURST SolarWinds Attack Campaign For Threat Intelligence

SolarWinds attack: ExtraHop is sharing 1700+ suspicious IP addresses (for threat hunters and data scientists) that were associated with the Sunburst backdoor attack.

Todd Kemmerling

Read On

12.14.20

How to Detect and Respond to the SUNBURST Attack

Sunburst attack 2020: Learn how to detect and respond to the Sunburst backdoor supply chain attack with ExtraHop's spectrum of detection approaches.

ExtraHop

Read On

11.2.20

Security Alert: Ransomware Warning for Healthcare

A recent cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warns of an imminent cybercrime threat to hospitals.

Jeff Costlow

Read On

10.14.20

Security Alert: 'Bad Neighbor' Vulnerability Affects Windows 10 Systems

The Windows 10 vulnerabilities unveiled by Microsoft on October 13 include a remote DoS (CVE-2020-16899) and a remote code execution flaw (CVE-2020-16898) dubbed 'Bad Neighbor'. Get the rundown on potential exploits and what you should do.

Jeff Costlow

Read On

9.16.20

Security Alert: Detecting CVE-2020-1472 Zerologon Exploitation with NDR

The recent Zerologon vulnerability (CVE-2020-1472) could allow attackers to get control of a Windows domain without any user credentials. Learn how it works and how to protect against exploits.

Jeff Costlow

Read On

7.24.20

Ripple20: Finding Vulnerable Devices and Detecting Attacks

The Ripple20 group of vulnerabilities affects hundreds of millions of devices across many industries. Learn how to identify devices using the vulnerable Treck software and detect Ripple20 exploits.

Jeff Costlow

Read On

5.29.20

What's Worse? RDP Open to the Internet or Closing Up Shop? RDP Best Practices to Follow in 2020

Enabling remote desktop protocol has been a popular choice for IT teams in the mad dash of WFH access in 2020. Read five best practices to follow.

Chase Snyder

Read On

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More

Global Headquarters
520 Pike St
Suite 1600
Seattle, WA 98101
United States


EMEA Headquarters
WeWork 8
Devonshire Square
London EC2M 4PL
United Kingdom

APAC Headquarters
3 Temasek Avenue
Centennial Tower
Level 18
Singapore 039190

Platform

  • Reveal(x) 360
  • Reveal(x) Enterprise

Security

  • Comprehensive Inventory of All Devices
  • Detect Lateral Movement
  • Monitor Sensitive Data Movements
  • Respond to Alerts That Matter
  • Simple, Streamlined Threat Hunting
  • Next Generation Intrusion Detection System

Cloud

  • Monitor Critical Cloud Workloads
  • Detect Supply Chain Attacks
  • Cloud Detection and Response
  • Respond to Alerts That Matter
  • Security for AWS
  • Security for Azure
  • Security for Google Cloud

IT Ops

  • Resolve Performance Issues
  • Support Distributed Workers
  • Reliably Scale to the Cloud
  • NetOps and SecOps Collaboration

Blog

More

  • Customers
  • Partners
  • Resources
  • About Us
  • Careers
  • Newsroom
  • Contact Us
  • Copyright ExtraHop Networks 2021
  • Terms of Use
  • Privacy Policy
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
  • YouTube