Enterprise network traffic analysis for the cloud
ExtraHop partners closely with Microsoft Azure to natively integrate with the first-ever virtual network tap. This allows Reveal(x) for Azure to analyze and decode more than 50 protocols at 10 Gbps of data per virtual appliance so you can access rich details and context in the cloud. Machine learning guided by over 4,600 wire data metrics gives you rich, high-fidelity insights that analysts of all levels can act with confidence and speed.
Go Beyond Flow Logs to Rich Details and Context
Reveal(x) for Azure creates a unified analytics and investigation environment for the cloud: a one-stop shop where SOC analysts can easily track inventory, audit configurations, and pivot from high fidelity insights to packet-level forensic evidence in seconds. By integrating real-time wire data detections with Azure Security Center, Structured Threat Information Expression (STIX) data, and automated threat response solutions, Reveal(x) helps cloud-focused SOC teams prioritize security resources and act immediately.
Reveal(x) for Azure Looks Like This
Seamless Security Analytics
Reveal(x) for Azure helps SOC analysts combine on-prem and cloud assets into a single attack surface, removing coverage gaps and paving the way for efficient threat hunting, investigation, audit response, and hygiene. Reveal(x) integrates detection with investigation so you can view detections, activity maps, metrics, records, and (optional) packets in one intuitive dashboard.
After decrypting East-West traffic in real time (including perfect forward secrecy ciphers, now mandated under TLS 1.3) Reveal(x) allows you to authorize specific users to view decrypted sessions and packets. Protect sensitive data while allowing SecOps and IT Ops to view the packets they need for forensics, litigations, or troubleshooting.
Advanced, Peer Grouped Detection
Reveal(x) automatically clusters similar assets and devices in order to show outliers against peer groups, which dramatically reduces the risk of false positives when detecting events like network privilege escalation or suspicious and known-bad ransomware behaviors. What's more, unlike agent-based systems wire data can't be compromised or switched off.
Threat Feed and Risk Score Integration
Along with integrating with Azure Security Center, SQL Database, and Active Directory Reveal(x) also ingests formatted threat intelligence containing suspect URIs, hosts, or IP addresses. By correlating this data with any wire data detections and assigning risk scores, Reveal(x) helps you easily prioritize containment and response efforts. We also support two-way integrations with ServiceNow, Splunk, Phantom, Anomali, and Palo Alto Networks.