Visibility and forensic data reduce false positives to improve both security and performance
Improved access to data and business intelligence to inform better business decisions
Tighter coordination with network team turns the security team into a business enabler
Financial institutions are favorite targets for cyberattacks, and destructive attacks have surged in the past year. In light of increasingly advanced threats, this financial institution wanted to increase their network security to better protect their infrastructure and their customers' data.
According to the IT Security manager, the institution had a traditional security setup. All logs ran through a SIEM tool, and a recently upgraded endpoint protection platform allowed them to more actively hunt threats. But they were missing critical east-west visibility across their on-premises and cloud environments.
"We could see the endpoints, and we could see the server—but we couldn't see all the transactions that were happening in between," says the security manager. "Our MSSP recommended we investigate NDR solutions to gain that visibility and ramp up our threat response."
As much as Reveal(x) is a security tool, it's also really helped us mature our security and business practices to completely modernize our SOC and power our adoption of the cloud.
IT Security Manager
National Finance Institution
After POCs from both ExtraHop and Darktrace, the team selected ExtraHop Reveal(x) network detection and response (NDR) based on the accuracy of its alerts and the contextual analysis it provided. "We didn't like the types of alerts Darktrace was giving us," says the security manager. During the proof of concept, Darktrace alerted network traffic back and forth to China, sending the team into emergency mode. Reveal(x) was able to prove that the alerts were caused by someone using TikTok. "Darktrace didn't give us the granular detail ExtraHop did. The Reveal(x) data was far more accurate from Day One."
ExtraHop Reveal(x) has transformed the institution's security practices, providing visibility across their IT estate, real-time threat detection, and faster response. By taking full advantage of the flexibility inherent in Reveal(x), the institution has also accelerated cloud adoption and integration. "Reveal(x) has been a tremendous tool for modernizing our security operations center (SOC), complementing our EDR and SIEM to make a whole that is much more than the sum of its parts."
Ultimately, the primary use case for Reveal(x) for this customer was more robust network security to establish normal baseline behavior and quickly identify suspicious or malicious behavior. With a small team, they also needed instant context and easy workflows. The time to value was short, according to the security manager. "We were up and running in less than a day, getting visible, viable network information right away. We'd never had this level of visibility before. We strengthened our security posture by cleaning up hygiene on day one."