With ExtraHop's Open Data Stream technology pushing wire data into the FireEye Threat Analytics Platform (TAP), IT security teams have the near real-time visibility they need to more effectively detect and defend against advanced persistent threats.
ExtraHop's wire data adds a new dimension of context to TAP, recording all transactions that not only happened in the past as well as those that are occuring right now. This critical new data set cannot be sourced from machine or log data but when combined and correlated together ushers in a new era of near real-time threat analytics.
Want to share this with a colleague? Download the ExtraHop + FireEye datasheet.
ExtraHop sends the following crucial events and metrics to the FireEye TAP:
- DNS activity including domain lookups and possible command-and-control communications
- Inbound and outbound HTTP payload data, including MD5 sums and threat signatures
- Session tracking, such as unexpected SSH connections from external or internal clients
- Reconnaissance activity as attackers probe internal networks from compromised systems
- Real-time data consumption to instantly recognize and alert on abnormal data rates indicating exfiltration