Microsoft Azure  + ExtraHop Integration Logo

Microsoft Azure Integration and Security

Cloud-Native Network Detection and Response

ExtraHop partners closely with Microsoft Azure to natively integrate with the first-ever virtual network tap. This allows Reveal(x) for Azure to analyze and decode more than 70 protocols at 10 Gbps of data per virtual appliance so you can access rich details and context in the cloud. Machine learning guided by over 5,000 wire data metrics gives you rich, high-fidelity insights that analysts of all levels can act with confidence and speed.

Microsoft and ExtraHop Visibility

ExtraHop Reveal(x) for Azure Overview

Reveal(x) for Azure creates a unified analytics and investigation environment for the cloud: a one-stop shop where SOC analysts can easily track inventory, audit configurations, and pivot from high-fidelity insights to packet-level forensic evidence in seconds. By integrating real-time wire data detections with Azure Security Center, Structured Threat Information Expression (STIX) data, and automated threat response solutions, Reveal(x) helps cloud-focused SOC teams prioritize security resources and act immediately.

Enhance Your Cloud-Native Security

Protect your Microsoft Azure workloads by integrating cloud-native network detection & response (NDR) capabilities from ExtraHop Reveal(x) to Microsoft Azure Sentinel.


Seamless Security Analytics

Reveal(x) for Azure helps SOC analysts combine on-prem and cloud assets into a single attack surface, removing coverage gaps and paving the way for efficient threat hunting, investigation, audit response, and hygiene. Reveal(x) integrates detection with investigation so you can view detections, activity maps, metrics, records, and (optional) packets in one intuitive dashboard.

Need-to-Know Decryption

After decrypting East-West traffic in real time (including perfect forward secrecy ciphers, now mandated under TLS 1.3) Reveal(x) allows you to authorize specific users to view decrypted sessions and packets. Protect sensitive data while allowing SecOps and IT Ops to view the packets they need for forensics, litigations, or troubleshooting.

Advanced, Peer Grouped Detection

Reveal(x) automatically clusters similar assets and devices in order to show outliers against peer groups, which dramatically reduces the risk of false positives when detecting events like network privilege escalation or suspicious and known-bad ransomware behaviors. What's more, unlike agent-based systems wire data can't be compromised or switched off.

Threat Feed and Risk Score Integration

Along with integrating with Azure Security Center, SQL Database, and Active Directory Reveal(x) also ingests formatted threat intelligence containing suspect URIs, hosts, or IP addresses. By correlating this data with any wire data detections and assigning risk scores, Reveal(x) helps you easily prioritize containment and response efforts. We also support two-way integrations with ServiceNow, Splunk, Phantom, Anomali, and Palo Alto Networks.

Quote Icon

We get the flexibility of the cloud, with the visibility of on-premises deployments. Enabling the business, yet protecting our members. All the good things that information security people aspire to.

Mike Sheward
Senior Director of Information Security, Accolade


The Integration in Action

What happens when you correlate Azure events and metrics with real-time wire data analytics from ExtraHop Reveal(x)? This eight-minute walkthrough will show you how Reveal(x) for Azure provides unprecedented visibility and immediate answers in the cloud.

Watch to see Reveal(x) correlate data from storage, load balancers, virtual machines, and other sources into one powerful dashboard so you can quickly answer questions about public container risk, service usage, and much more.