ExtraHop and CrowdStrike work together to detect both network-based and endpoint-based attack behaviors and to automatically quarantine impacted endpoints, as well as identifying IoT devices, remote connections, and other devices not yet protected by endpoint security.
Automatically quarantine threats & inventory unsecured devices
Network Detection and Response (NDR) and Endpoint Detection and Response (EDR) form two pillars of the SOC visibility triad. By Integrating Reveal(x) and CrowdStrike, your team gains powerful visibility, detection, investigation and response capabilities throughout your environment.
To use the integration, you need ExtraHop Reveal(x), CrowdStrike Falcon Insight, and the ExtraHop CrowdStrike Bundle (download here).
You'll gain rapid investigation and response abilities, including:
- Discover and identify all devices communicating on the network, and inventory those that are not instrumented with the CrowdStrike Falcon Insight agent.
- Detect threats on the network, including ransomware, strange VPN and VDI access patterns, data exfiltration and credential abuse, among many others.
- Automatically quarantine devices impacted by network or endpoint attack behaviors
Continuous inventory of unsecured devices including IoT, BYOD, & remote access
Instant, automatic quarantine of devices impacted by network and endpoint threats
Full network and endpoint visibility for fast, confident investigation and response
ExtraHop's Reveal(x) Cloud allows customers... to achieve better network visibility, detection and response, and to do that as a service.
Senior Analyst, 451 Research