Combination of ExtraHop Wire Data Analytics Platform with the FireEye Threat Analytics Platform Enriches Existing Security Datasets to Monitor DNS Activity, HTTP Payload Data, and Reconnaissance Activity for Industry-Leading Threat Detection and Prevention
LAS VEGAS, NV – AWS re:Invent – November 11, 2014 – ExtraHop®, the global leader in real-time wire data analytics for IT intelligence and business operations, today announced an integration of the ExtraHop wire data analytics platform with the FireEye Threat Analytics Platform (TAP). Through this integration, which leverages the ExtraHop Open Data Stream technology to push wire data into the FireEye TAP, IT security teams are armed with near real-time attack visibility to more effectively detect and defend against advanced persistent threats.
In his report "Network Security Trends in the Era of Cloud and Mobile Computing," Enterprise Strategy Group's Jon Oltsik notes that "61% of enterprises now divide their network security equally between perimeter and internal networks." As this new emphasis on securing the internal network grows, IT and security teams are looking to next-generation network monitoring products to stay ahead of threats.
The integration of wire data from ExtraHop into the FireEye TAP delivers this next-generation visibility, arming IT security teams with an enriched security dataset, including the events and metrics needed to detect advanced persistent threats. ExtraHop wire data adds a new dimension of context to event streams being fed into TAP, which can then leverage rich insights from FireEye into threat actor profiles and behavior. This critical new data set cannot be sourced from machine or log data, but when combined and correlated together, ushers in a new era of near real-time threat analytics.
The integration sends the following crucial events and metrics to the FireEye TAP:
- DNS activity, including domain look-ups and possible command-and-control communications
- Inbound and outbound HTTP payload data, including MD5 sums and threat signatures
- Session tracking, such as unexpected SSH connections, from external or internal clients
- Reconnaissance activity as attackers probe internal networks from compromised systems
- Real-time data consumption to instantly recognize and alert on abnormal data rates indicating exfiltration from any system at any time
"In less than a year, we've witnessed two of the most significant zero day events in history: Heartbleed and Shellshock. The rapid exploitation of these vulnerabilities, along with a number of high-profile data breaches, underscores the need for a more proactive, pervasive approach to IT security monitoring and forensics," said Erik Giesa, Senior Vice President of Worldwide Marketing and Business Development, ExtraHop. "This integration between ExtraHop and FireEye merges the critical next-gen network intelligence provided by wire data with the industry-leading threat analysis offered by the TAP solution, equipping IT security teams with the most complete visibility and threat detection on the market."
To learn more about how ExtraHop is working with FireEye, download the datasheet: ExtraHop and FireEye – Detect Advanced Persistent Threats by Examining Activity on the Wire. To get started with ExtraHop, request your free-forever virtual appliance for real-time monitoring.