ExtraHop Integrates with FireEye to Defend against Advanced Persistent Threats

Combination of ExtraHop Wire Data Analytics Platform with the FireEye Threat Analytics Platform Enriches Existing Security Datasets to Monitor DNS Activity, HTTP Payload Data, and Reconnaissance Activity for Industry-Leading Threat Detection and Prevention


LAS VEGAS, NV – AWS re:Invent – November 11, 2014ExtraHop®, the global leader in real-time wire data analytics for IT intelligence and business operations, today announced an integration of the ExtraHop wire data analytics platform with the FireEye Threat Analytics Platform (TAP). Through this integration, which leverages the ExtraHop Open Data Stream technology to push wire data into the FireEye TAP, IT security teams are armed with near real-time attack visibility to more effectively detect and defend against advanced persistent threats.

In his report "Network Security Trends in the Era of Cloud and Mobile Computing," Enterprise Strategy Group's Jon Oltsik notes that "61% of enterprises now divide their network security equally between perimeter and internal networks." As this new emphasis on securing the internal network grows, IT and security teams are looking to next-generation network monitoring products to stay ahead of threats.

The integration of wire data from ExtraHop into the FireEye TAP delivers this next-generation visibility, arming IT security teams with an enriched security dataset, including the events and metrics needed to detect advanced persistent threats. ExtraHop wire data adds a new dimension of context to event streams being fed into TAP, which can then leverage rich insights from FireEye into threat actor profiles and behavior. This critical new data set cannot be sourced from machine or log data, but when combined and correlated together, ushers in a new era of near real-time threat analytics.

The integration sends the following crucial events and metrics to the FireEye TAP:

  • DNS activity, including domain look-ups and possible command-and-control communications
  • Inbound and outbound HTTP payload data, including MD5 sums and threat signatures
  • Session tracking, such as unexpected SSH connections, from external or internal clients
  • Reconnaissance activity as attackers probe internal networks from compromised systems
  • Real-time data consumption to instantly recognize and alert on abnormal data rates indicating exfiltration from any system at any time
"Phishing attacks are one of the most pervasive ways that threat actors use to compromise endpoints," said Steve Pataky, vice president of worldwide channels and alliances at FireEye. "FireEye TAP significantly improves an organization's capabilities to detect advanced attacks, and when combined with wire data from ExtraHop, TAP gives incident responders and security teams near real-time, actionable intelligence in a central dashboard where they can quickly identify and respond to the most critical events."

"In less than a year, we've witnessed two of the most significant zero day events in history: Heartbleed and Shellshock. The rapid exploitation of these vulnerabilities, along with a number of high-profile data breaches, underscores the need for a more proactive, pervasive approach to IT security monitoring and forensics," said Erik Giesa, Senior Vice President of Worldwide Marketing and Business Development, ExtraHop. "This integration between ExtraHop and FireEye merges the critical next-gen network intelligence provided by wire data with the industry-leading threat analysis offered by the TAP solution, equipping IT security teams with the most complete visibility and threat detection on the market."

To learn more about how ExtraHop is working with FireEye, download the datasheet: ExtraHop and FireEye – Detect Advanced Persistent Threats by Examining Activity on the Wire. To get started with ExtraHop, request your free-forever virtual appliance for real-time monitoring.

About ExtraHop

Cyberattackers have the advantage. ExtraHop is on a mission to help you take it back with security that can't be undermined, outsmarted, or compromised. Our dynamic cyber defense platform, Reveal(x) 360, helps organizations detect and respond to advanced threats—before they compromise your business. We apply cloud-scale AI to petabytes of traffic per day, performing line-rate decryption and behavioral analysis across all infrastructure, workloads, and data-in-flight. With complete visibility from ExtraHop, enterprises can detect malicious behavior, hunt advanced threats, and forensically investigate any incident with confidence. ExtraHop has been recognized as a market leader in network detection and response by IDC, Gartner, Forbes, SC Media, and numerous others.

When you don't have to choose between protecting your business and moving it forward, that's security uncompromised. Learn more at www.extrahop.com.

© 2022 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc.

Press Contact

Catherine Segar