Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Company
Platform
Modern NDR
Resources
Company
Customer Story
Overview
A global electronics provider of technology products, services, and solutions for industrial and commercial customers faced a severe, high-risk security challenge within its 11 global IT labs. These labs, essential for presales testing, were constantly under cyberattack and contained a rotation of unmanaged devices, many owned by customers. Traditional security tools like EDR could not be deployed on these unmanaged assets, creating a significant visibility gap and putting sensitive customer data at risk. The business impact was severe, including 2–3 significant breaches per year, negatively impacting customer trust.
The company selected the ExtraHop RevealX™ platform after a competitive review, achieving the following strategic outcomes:
The company secured critical broadcast infrastructure against downtime and high-level threats. This protection safeguarded core revenue-generating operations.
ExtraHop resolved a unique visibility challenge by implementing specialized filtering for high-bandwidth multicast traffic. This deployment eliminated the need for a costly packet broker.
The SOC gained complete east-west visibility across siloed broadcast, media, and corporate segments. This unified perspective decreased the manual effort required to manage disparate network environments.
The platform bridged critical security gaps by feeding high-value contextual data to existing investments, including CrowdStrike and Google Chronicle. These integrations maximized the effectiveness of the total security stack.
Challenge
As one of the world's largest diversified media companies, this company operates a vast, segmented network that handles high-bandwidth media traffic and houses critical broadcast infrastructure. Securing this complex environment presented several core challenges.
The company struggled with a critical lack of east-west visibility and pervasive blind spots between its siloed broadcast, media, and corporate network segments.
The company lacked a mechanism for proactive detection of unusual device or user behavior, which routinely led to delayed threat identification and obscured IT/cyber hygiene issues.
The limited visibility into key traffic flows prevented the team from adequately securing broadcast infrastructure. This vulnerability posed a major risk to core operations.
Analyzing the high-bandwidth media traffic that utilized multicast posed a specialized visibility challenge. The team required a specialized ERSPAN deployment to filter and analyze the traffic at the switch level because the environment lacked a packet broker.
The large network maintained minimal EDR coverage and experienced integration issues with existing tools, including CrowdStrike EDR, CrowdStrike SIEM, and Google Chronicle SIEM, further limiting centralized security control.
Solutions
ExtraHop successfully proved its ability to provide unified security coverage that met the company’s unique security requirements to address corporate, media, and broadcast networks. The modern NDR platform enabled the SOC to achieve transformative efficiency. ExtraHop was selected as the sole proof-of-concept (POC) vendor, ultimately winning the selection over an NDR competitor.
The key outcomes and advantages delivered to the company include:
The company secured the required forensic depth and network control when it deployed ExtraHop, which analyzes 100 Gbps of east-west traffic and uses high-speed decryption to immediately find threats previously hidden within encrypted flows.
The cloud-scale machine learning built into the ExtraHop platform lifted the SOC’s operational burden because it provided high-fidelity, low-noise detections. This shift allowed analysts to move focus from low-value false positives to highly reliable network activity, signaling true post-compromise threats and endpoint detection and response (EDR) evasion tactics.
The security team achieved comprehensive insight by using identity-based investigation, which links malicious network activity directly to user and service accounts, finally enabling the detection of all missed AD and lateral movement attacks.
ExtraHop fundamentally simplified incident response workflows, because it established itself as the definitive source of network truth, automatically feeding high-value contextual data to the customer’s existing SIEM and EDR platforms.
The company gained efficiency and reduced complexity by consolidating NDR, NPM, and IDS capabilities into one unified, integrated solution for comprehensive network security and observability.
The company mitigated major risk by gaining deep fluency (parsing over 90 protocols) that allowed for accurate decoding of all traffic, including sensitive database communications, without introducing performance risk. This was critical for detecting hidden AD attacks and lateral movement.
PLATFORM
Results
The diversified media leader achieved transformative visibility and security improvements across its highly complex environment following the deployment of the ExtraHop NDR platform.
The company gained crucial east-west visibility across its formerly siloed broadcast, media, and corporate network segments.
The solution secured critical broadcast infrastructure and provided proactive threat detection. This deployment addressed the lack of visibility into key traffic flows.
ExtraHop successfully analyzed high-bandwidth multicast traffic, solving a unique visibility challenge required by the nature of media operations.
The platform closed integration gaps and successfully fed contextual data to existing security tools, including CrowdStrike and Google Chronicle.
ExtraHop displaced the competition. This selection demonstrated the platform’s ability to handle the company’s complex NDR requirements.
