Microsoft Azure

Eliminate the darkspace to secure your cloud infrastructure.

Enterprise network traffic analysis for the cloud

ExtraHop partners closely with Microsoft Azure to natively integrate with the first-ever virtual network tap. This allows Reveal(x) for Azure to analyze and decode more than 50 protocols at 10 Gbps of data per virtual appliance so you can access rich details and context in the cloud. Machine learning guided by over 4,600 wire data metrics gives you rich, high-fidelity insights that analysts of all levels can act with confidence and speed.

Microsoft and ExtraHop Visibility

Go Beyond Flow Logs to Rich Details and Context

Reveal(x) for Azure creates a unified analytics and investigation environment for the cloud: a one-stop shop where SOC analysts can easily track inventory, audit configurations, and pivot from high fidelity insights to packet-level forensic evidence in seconds. By integrating real-time wire data detections with Azure Security Center, Structured Threat Information Expression (STIX) data, and automated threat response solutions, Reveal(x) helps cloud-focused SOC teams prioritize security resources and act immediately.

Reveal(x) for Azure Looks Like This

Seamless Security Analytics


Reveal(x) for Azure helps SOC analysts combine on-prem and cloud assets into a single attack surface, removing coverage gaps and paving the way for efficient threat hunting, investigation, audit response, and hygiene. Reveal(x) integrates detection with investigation so you can view detections, activity maps, metrics, records, and (optional) packets in one intuitive dashboard.

Need-to-Know Decryption


After decrypting East-West traffic in real time (including perfect forward secrecy ciphers, now mandated under TLS 1.3) Reveal(x) allows you to authorize specific users to view decrypted sessions and packets. Protect sensitive data while allowing SecOps and IT Ops to view the packets they need for forensics, litigations, or troubleshooting.

Advanced, Peer Grouped Detection


Reveal(x) automatically clusters similar assets and devices in order to show outliers against peer groups, which dramatically reduces the risk of false positives when detecting events like network privilege escalation or suspicious and known-bad ransomware behaviors. What's more, unlike agent-based systems wire data can't be compromised or switched off.

Threat Feed and Risk Score Integration


Along with integrating with Azure Security Center, SQL Database, and Active Directory Reveal(x) also ingests formatted threat intelligence containing suspect URIs, hosts, or IP addresses. By correlating this data with any wire data detections and assigning risk scores, Reveal(x) helps you easily prioritize containment and response efforts. We also support two-way integrations with ServiceNow, Splunk, Phantom, Anomali, and Palo Alto Networks.

Quote Icon

We get the flexibility of the cloud, with the visibility of on-premises deployments. Enabling the business, yet protecting our members. All the good things that information security people aspire to.

Mike Sheward Principal Security Architect, Accolade

 

The Integration in Action

What happens when you correlate Azure events and metrics with real-time wire data analytics from ExtraHop Reveal(x)? This eight-minute walkthrough will show you how Reveal(x) for Azure provides unprecedented visibility and immediate answers in the cloud.

Watch to see Reveal(x) correlate data from storage, load balancers, virtual machines, and other sources into one powerful dashboard so you can quickly answer questions about public container risk, service usage, and much more.

Meet the Product

Ready to See for Yourself?

Push to Start