Detect Software Supply Chain Attacks
Eradicate attackers already inside your enterprise environment.
Supply chain attacks get into your network through trusted software—whether your enterprise has cloud, on-premises, or hybrid infrastructure—leaving you no chance to prevent intrusion. If an attacker has already made it into your environment, how would you know? Can you still stop them?
With ExtraHop Reveal(x)
Catch Supply Chain Compromises And Stop Breaches
Once an attacker is in your environment, Reveal(x) detects the early warning signs of a stealthy supply chain intrusion, so you can stop them. Discover every device. Map the attack surface. Secure unmanaged devices and shadow IT. Eradicate software supply chain attackers.
Get Answers to the Tough Questions
How Supply Chain Attacks Go Big
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that "organizations are uniquely vulnerable to software supply chain attacks" because third-party software often has privileged access to the network, and requires frequent network communication back to the vendor to receive updates, including security patches. Attackers exploit these factors to expand access and maximize damage. From enterprise software to open source modules, any third-party software in your environment could be exploited for initial compromise by a savvy attacker.
PART I:
Attack the
supplier
PART II:
Infiltrate supplier's
customers via privileged
access channel
PART III:
Expand access.
Extort money.
Destroy the business.
Detect Supply Chain Attacks with Complete Behavioral Analysis
CISA recommends that security teams use machine learning and artificial intelligence to establish a baseline for normal network communication behavior of third-party software in their environment.
Reveal(x) discovers and analyzes every network transaction in your enterprise environment, and uses cloud-scale AI fuelled by petabytes of data per day to detect even the stealthiest shifts in behavior. Reveal(x) also automatically identifies critical assets and applies a heightened level of analytics, to assure that threats against business-critical data are detected rapidly, with plenty of time and context to respond and eradicate the threat.
An organization should identify its critical data and baseline how that data flows between processes or systems. Defenders can deploy analytics, including those based on machine learning/artificial intelligence, to identify subsequent anomalies in data flows, which may be early indicators of a threat actor's exploitation of a vulnerability.
CISA, Defending Against Software Supply Chain Attacks
Eliminate Supply Chain Blind Spots With Network Intelligence
Getting a clear view of network behavior inside the enterprise has historically been a challenge for SecOps teams, leaving a major gap in defensive intelligence, which supply chain attackers have exploited. Reveal(x) eliminates this gap.
Reveal(x) discovers every device and workload on the network, and identifies software, hardware, users, and more. This provides a complete picture of the potential attack surface for supply chain attackers—from devices to cloud workloads and containers. A complete inventory of vulnerable and actively-threatened devices is correlated with forensic data and mitigation guidance in a Reveal(x) Threat Briefing built by the ExtraHop Threat Research team.


- Automatically maps your software supply chain attack surface and identifies vulnerabilities
- Continuously updated to catch new exposures and attack attempts
eliminate
blind spots
Reveal(x) discovers, identifies, and monitors every device that talks on the network, and identifies those still running vulnerable software, and those currently under attack.
83% faster
threat detection
Reveal(x) uses machine learning and artificial intelligence, fueled by detailed behavior monitoring, to catch stealthy supply chain attackers inside your business.
87% faster
threat resolution
Reveal(x) automatically identifies vulnerable assets and detects attack attempts, and correlates detections with forensic data in
one-stop Threat Briefings that any analyst can use to rapidly investigate and resolve a supply chain threat.
CISA Guidance on Defending
Against Supply Chain Attacks
Mitigate Supply Chain Attacks From All Directions
Software supply chain risk comes in many forms. Some attacks are highly sophisticated, nation-state-backed operations with geopolitical aims. Some just capitalize on mistakes in open source code to distribute malware or mine cryptocurrencies. But they all have something in common: They must move laterally in their target network to succeed. Achieving significant scale is a necessary requirement for success in any cyber attack today, and this lateral movement offers defenders a chance to detect and respond and ultimately prevent attackers from causing an actual data breach and getting away with it.
Opening
Initial Intrusion
- Software updates
- Open source code
- Managed services
- Cloud services
Midgame
Post-Compromise
- Preserve 90 days of forensic evidence
- Secure unmanaged servers and workloads
- Detect anomalous behavior
- Automatically inventory software and hardware