With ExtraHop's Open Data Stream technology pushing wire data into the FireEye Threat Analytics Platform (TAP), security teams have the real-time visibility they need to more effectively detect and defend against advanced persistent threats.
Detect advanced persistent threats more effectively
ExtraHop's wire data adds a new dimension of context to the FireEye TAP, recording all transactions that not only happened in the past but those that are occurring right now. This critical new data set cannot be sourced from machine or log data but when combined and correlated together ushers in a new era of real-time threat detection and response.
Rapid, actionable threat intelligence
A centralized dashboard of all suspicious events
Real-time correlation between logs, flow records, and wire data
FireEye TAP significantly improves an organization's capabilities to detect advanced attacks, and when combined with wire data from ExtraHop, TAP gives incident responders and security teams near real-time, actionable intelligence in a central dashboard where they can quickly identify and respond to the most critical events.
Steve Pataky VP of Worldwide Channels and Alliances, FireEye
ExtraHop sends the following crucial events and metrics to the FireEye TAP:
DNS activity including domain lookups and possible command-and-control communications
Inbound and outbound HTTP payload data, including MD5 sums and threat signatures
Session tracking, such as unexpected SSH connections from external or internal clients
Reconnaissance activity as attackers probe internal networks from compromised systems
Real-time data consumption to instantly recognize and alert on abnormal data rates indicating exfiltration