While the cloud and expanded use of remote workforces may be force multipliers for DevOps and IT Ops, for security teams, they can also leave organizations more vulnerable to advanced threats. Enterprises are recognizing the need to take a cloud-native approach to securing data and workloads rather than trying to retrofit old technology to new cloud security best practices. For example, most legacy tools can't provide complete visibility into network traffic, hampering their ability to detect, investigate, and respond to complex threats at the speed and scale the hybrid attack surface demands. Security teams are also struggling with visibility into containers such as Amazon Elastic Kubernetes Service (EKS), orchestration platforms like Amazon Elastic Container Service (ECS), and compute engines like AWS Fargate.
ExtraHop Reveal(x) 360 is a SaaS-based network detection and response (NDR) solution that helps organizations in AWS adopt a cloud-native approach to securing the hybrid enterprise, even if workloads are deployed in services such as Amazon EKS, Amazon ECS, or AWS Fargate.
ExtraHop sensors decrypt and process network traffic and extract metadata for behavioral analysis, real-time threat detection, and investigation performed in Reveal(x) 360. ExtraHop offers two purchase models for sensors—reserved priced and on-demand billed by the hour— and you can also leverage our on-demand pricing for a cloud-based record warehouse that enables index record search, query, and drill-down investigation in every segment of your hybrid environment for situational intelligence. Additionally, Reveal(x) 360 for AWS also offers sensors with continuous packet capture (PCAP) for in-depth forensics.
By natively integrating with Amazon VPC Traffic Mirroring, Reveal(x) 360 provides agentless visibility to eliminate friction from DevOps processes. With real-time threat detection and intelligent response capabilities at scale, Reveal(x) NDR lets you secure your applications and confidently scale your hybrid business.
Automatically discover and classify every asset in your cloud infrastructure, including rogue instances. Reveal(x) provides deep, continuous visibility—including into SSL/TLS encrypted traffic—and situational intelligence across hybrid, multicloud, IoT, and remote work environments from a single management pane accessible from anywhere.
Harden your attack surface with immediate detection of anomalous behaviors and malicious activity that indicate unauthorized access and attempts to exploit misconfigurations and insecure APIs. Reveal(x) uses cloud-based machine learning that leverages more than 5,000 wire data features to accurately identify threats whenever they occur within or across cloud workloads.
Take a nuanced approach to incident response with Reveal(x). Guided investigative workflows enable you to pivot from detection to forensic evidence in 3 or fewer clicks. Native integrations with AWS EC2, S3, Amazon CloudWatch and CloudTrail, Amazon VPC Flow Logs, and Lambda give your team the comprehensive insight and automation you need to protect your infrastructure in the cloud.
SSRF Attack — AWS Instance Metadata Service (IMDS)
ExtraHop allowed me to work natively with my platforms. That's critical, rather than having other third-party add-ons or agents that you have to plug in.
Chief Architect & Information Security Officer, Wizards of the Coast
|Reserved-price cloud sensors|
|On-demand sensors billed hourly|
|Simplified sensor deployment via Cloud Console|
|ExtraHop-managed record warehouse|
|Control plane for unified visibility (hybrid and multicloud)|
|Amazon VPC Traffic Mirroring integration|