Identifying and isolating advanced cyber attacks
ExtraHop, the leading provider of cloud-based network detection and response (NDR), today announced that it has expanded Reveal(x)360 to include threat overview for Amazon Web Services (AWS).
ExtraHop Reveal(x) 360 now offers advanced AI on layers of network telemetry to create a “threat heatmap” specifically designed to detect attacks such as ransomware with associated extortion and attacks on the software supply chain. With this advanced threat overview, security teams can detect, investigate and remediate malicious attack hotspots without requiring developers time or resources, or even slowing down business innovation.
Reveal(x) 360 for AWS now applies advanced AI to all network telemetry sources, providing continuous visibility of malicious activity without requiring development resources
Cloud security teams are outnumbered, and the traditional approach to prevention and protection cannot compete with modern, advanced attack techniques. According to the “IBM-Ponemon Institute 2021 Cost of a Data Breach”, the cost of security breaches in public clouds far exceeds that of breaches in hybrid environments, costing an average of $ 1.19 million more per incident. Companies with a high level of cloud migration generally have more costly breaches, with the average cost of a security breach for companies that have already migrated to the cloud being just over $5 million, compared to $3.46 million for companies with a low level of cloud adoption. Since developers often work on the attack and attackers develop their attacks on business-critical applications and workloads, companies need smooth operations and to protect themselves against advanced post-compromise activities.
“We live in a time of large attack surfaces and frequent compromise of companies. Companies must assume that attackers are actively operating in their cloud environment, moving sideways and bypassing traditional security controls,” says Jesse Rothstein, Co-Founder and CTO of ExtraHop. “ExtraHop Reveal(x) 360 was developed specifically for covert and reliable detection of malicious behavior. With the introduction of a new subscription model for AWS, we are expanding our high detection, threat hunting and investigation capabilities in cloud environments, without additional friction losses for developer teams or companies that need to innovate quickly and flexibly.“
ExtraHop is a pioneer in the defense against modern cloud attacks through the use of network telemetry. Already through the native integration with Amazon VPC Traffic Mirroring, the company was a pioneer for a SaaS offering that enables cloud threat detection without agents. The offer now available extends this performance with VPC Flow logs and additional log analyses, which offer both depth and comprehensive visibility of threats in AWS.
VPC Flow Logs are very popular for cloud security because they provide wide coverage, even in areas of the cloud where packet capture can be difficult. While flow logs are a data source for monitoring and analyzing network traffic, most companies do not use them for real-time analysis, which limits their efficiency. In addition, access to multiple data sources required multiple products and user interfaces, which led to friction losses and tool proliferation due to the complexity. ExtraHop Reveal(x) 360 now eliminates these challenges by combining real-time analysis of data flow logs, packets and protocols in a unified interface. Thus, the product offers a long overdue threat defense for cloud environments.
Width and depth of detection
Real-time visualization of threat hotspots across workloads allows security teams to quickly investigate each incident to the root cause. This approach reduces false positives and ensures that security teams can focus on top-priority threats and make the most of the resources available to them. Reveal(x) 360 also combines threat visibility and detection across IaaS, PaaS, container, and serverless environments.
No friction losses for SecOps and DevOps
As an agentless solution, Reveal(x) 360 for AWS provides broader coverage than agent-based endpoint tools and application protocols. Reveal(x) 360 collects and analyzes flow log and packet data to get a real-time overview of all cloud workloads. While AI-driven detection offers the highest priority threats for investigation and remediation in a management window.
The new Reveal(x) 360 sensor is deployed without agents, and a single instance provides broad, correlated coverage of attack patterns and activities across multiple workloads in a single user interface, while reducing total cost of ownership.
“Developers of cloud applications have zero tolerance for security measures that affect software performance or slow down the speed of code development. In connection with the complexity of microservices-based applications, which can be easily accessed via APIs, one suspects the challenges of securing the cloud,” says Frank Dickson, Program Vice President, Security and Trust at IDC. “ExtraHop’s ability to have both VPC flow logs and packages in a single user interface for cloud security coverage is an absolute must. Security teams can investigate malicious activity in near real-time without developers having to make adjustments to the code.”