Platform
Modern NDR
Resources
Joanne WhiteCIO, Wood County Hospital
TLS 1.2 and 1.3 utilize perfect forward secrecy (using Elliptic Curve Diffie-Hellman Encryption), which creates an ephemeral session key. The ephemeral secret is only used for that conversation, and cannot be derived from the private key of either the server or the client. For hackers trying to steal large databases of intellectual property or millions of credit card numbers, this presents a significant challenge. Unfortunately, the same challenge is presented to SecOps teams who need visibility into their traffic in order to detect and investigate threats.
Over 98% of web traffic loaded by Chrome occurs over HTTPS connections secured with SSL/TLS. TLS is the modern successor to the deprecated SSL protocol—this is commonly referred to as SSL/TLS. Security best practices advise teams to utilize TLS 1.2 and 1.3 with perfect forward secrecy to secure web traffic and ensure the confidentiality and integrity of data in transit.
RevealX addresses the visibility issue by focusing on decrypting traffic to and from an organization's public-facing services, such as email, web servers, DNS servers and core infrastructure such as database and Active Directory servers. This approach restores visibility into critical business services allowing for the early detection of exploitation, lateral movement, and living-off-the-land tactics.
Automatically discover and classify all devices communicating on your network—including those using encrypted Microsoft protocols. Protect your sensitive data while maintaining compliance with various industry standards such as HIPAA, PCI, DORA, GDPR, and others.
Detect suspicious behavior across all on-premises and cloud assets. Unlike tools that stop at TLS fingerprinting or use a method similar to signature-based detection called encrypted traffic analysis, SSL/TLS decryption allows the application of behavioral analysis and machine learning to all network traffic in flight.
Automate investigation workflows by connecting detections from RevealX with tools like CrowdStrike Falcon and cloud services. Take advantage of robust integrations and cut your overall time to resolve threats 84% faster.
The advent of advanced encryption adds new ways for attackers to avoid detection—yet avoiding encryption is not an option for organizations who want to thrive in the modern digital era. ExtraHop Reveal(x) is the only NDR product capable of decrypting SSL/TLS with perfect forward secrecy and Microsoft Active Directory protocols at line rate, and without putting any sensitive data at risk during the process.
Sign In
