Rich Wire Data Insights Meet Simple, Powerful Automation
ExtraHop Reveal(x) provides a uniquely rich, real-time data source by turning unstructured packets into structured wire data and analyzing it in real-time. Based on this data, you can use Phantom to confidently automate security workflows and investigations and orchestrate precise, rapid responses to security threats more effectively than ever before.
Automate Investigations. Orchestrate Responses. Stop Threats Faster.
ExtraHop Reveal(x) automatically discovers and classifies all devices and their interactions in your environment, and uses machine-learning to develop a baseline of what's normal in your environment. This data can be an asset to enrich your existing security platforms and enhance your overall operational intelligence, and can enable new, more effective automated response workflows.
In Phantom, Reveal(x) can provide unique data and insights because of the breadth of visibility afforded by wire data, combined with ExtraHop's uniquely deep visibility into application layer (L7) communications. Phantom can use these insights to kick of workflows that quarantine infected clients, increase the level of monitoring on suspicious endpoints, or automatically investigate potential data breaches.
Reveal(x) detects anomalies, conducts real-time analytics, and captures full packets in a single workflow. With Phantom, you can kick off automated response workflows with the confidence that full forensic evidence is available at any time.
Encryption Compliance Enforcement
Detect systems using weak encryption like SSLv3 or TLSv1.0 on your environment and automatically cut off their communications until encryption is upgraded to a secure ciphersuite.
Monitor Critical Assets
Reveal(x) already monitors all your assets and focuses extra scrutiny on the most critical ones, but criticality of an asset can change. Via Phantom, you can automatically maintain visibility and respond to actions against your most critical assets.
What Reveal(x) Does
ExtraHop Reveal(x) analyzes wire data to discover and classify every asset communicating on your environment, and uses machine learning to develop a running baseline for what normal behavior looks like. Reveal(x) provides rich data about every asset, and can do even deeper analysis on assets defined as critical; things like databases, file servers, and anywhere sensitive data is stored or communicated. Reveal(x) sees who's acting on your critical assets, and what they're doing, right down to the DB queries or file manipulation commands they're executing.
When something abnormal happens that indicates a security threat, an anomaly is recorded and mapped to a step of the attack chain. These anomalies are easily accessible in the user interface, or can be delivered as alerts through the user's preferred channel. Every relevant transaction and even full packets related to any anomaly are captured and accessible with a click.
What Phantom Does
Phantom provides a simple, drag-and-drop (really!) interface for automating workflows for hundreds of services and thousands of systems. Reveal(x) provides wire data insights about your critical assets and potential attacks in progress on your environment. This data can be used to accelerate your current investigation processes, automate away slow, tedious steps, and automate rapid responses so that attacks can be stopped in action, or investigated soon enough to prevent further damage.
Extrahop and Phantom connect through simple, powerful REST APIs, making it simple to build and iterate new use cases to get the most value for the least effort, a vital capability for stretched-thin enterprise security teams.