ExtraHop launches a new level of cloud threat prevention to identify and isolate advanced cyber attacks. Reveal(x) 360 for AWS now applies advanced AI to all network telemetry sources, providing continuous visibility into malicious activity without requiring development resources.
ExtraHop, the leading provider of cloud-based Network Detection and Response (NDR), today announced that it has added threat intelligence for Amazon Web Services (AWS) to Reveal(x) 360. ExtraHop Reveal(x) 360 now offers advanced AI on top of layers of network telemetry to create a "threat heatmap" specifically designed to detect attacks such as ransomware-related extortion and software supply chain attacks . With this advanced threat intelligence, security teams can find, investigate, and remediate malicious attack hotspots without costing developers time or resources, or slowing down business innovation.
Advanced threat overview for security teams
Cloud security teams are outnumbered, and the traditional approach to prevention and protection cannot compete with modern, advanced attack techniques. According to the IBM-Ponemon Institute 2021 Cost of a Data Breach, the cost of breaches in public clouds far exceeds breaches in hybrid environments, costing an average of $1,19 million more per incident. Organizations with high levels of cloud migration generally experience more costly breaches, with the average cost of a security breach for organizations that have already migrated to the cloud being just over $5 million, compared to 3,46 Millions of dollars for companies with a low level of cloud adoption. With developers often working at full speed and attackers evolving their attacks on mission-critical applications and workloads, organizations need to run smoothly and protect against advanced post-compromise activity.
Attackers often active in the cloud environment
“We live in an era of large attack surfaces and frequent corporate compromises. Enterprises must assume that attackers are actively operating in their cloud environment, moving laterally and bypassing traditional security controls,” said Jesse Rothstein, co-founder and CTO of ExtraHop. “ExtraHop Reveal(x) 360 is specifically designed to covertly and reliably detect malicious behavior. With the launch of a new subscription model for AWS, we are expanding our heavy-duty detection, threat hunting, and investigation capabilities in cloud environments without adding friction to development teams or organizations that need to innovate quickly and flexibly.”
ExtraHop is a pioneer in defending against modern cloud attacks through the use of network telemetry. Through native integration with Amazon VPC Traffic Mirroring, the company pioneered a SaaS offering that enables agentless cloud threat detection. This offering extends that power with VPC Flow Logs and additional log analytics that provide both depth and comprehensive visibility into threats in AWS.
Threat Visibility in AWS Cloud
VPC flow logs are very popular for cloud security because they provide broad coverage, even in areas of the cloud where packet capture can be difficult. While flow logs are a data source for network traffic monitoring and analysis, most organizations do not use them for real-time analysis, which limits their effectiveness. Also, accessing multiple data sources required multiple products and user interfaces, creating friction and tool sprawl due to complexity. ExtraHop Reveal(x) 360 now eliminates these challenges by combining real-time analysis of flow logs, packets, and logs into a unified interface. The product thus offers long-overdue threat defense for cloud environments.
- Width and depth of detection: Real-time visualization of threat hotspots across workloads enables security teams to quickly investigate any incident down to root cause. This approach reduces false positives and allows security teams to focus on the highest priority threats and make the most of the resources at their disposal. Reveal(x) 360 also unifies threat visibility and detection across IaaS, PaaS, containerized and serverless environments.
- No friction losses for SecOps and DevOps: As an agentless solution, Reveal(x) 360 for AWS offers broader coverage than agent-based endpoint tools and application logs. Reveal(x) 360 collects and analyzes flow log and packet data to provide a real-time view of all cloud workloads. While AI-driven detection offers the highest priority threats for investigation and remediation in one management window.
- Lower TCO: The new Reveal(x) 360 Sensor is agentless and a single instance provides broad, correlated coverage of attack patterns and activities across multiple workloads in a single user interface while reducing total cost of ownership.
“Cloud application developers have zero tolerance for security measures that impact software performance or slow code development speeds. Combine this with the complexity of microservices-based applications that are easily accessible via APIs and you can see the challenges of securing the cloud,” said Frank Dickson, program vice president, security and trust at IDC. “ExtraHop's ability to provide both VPC flow logs and packets in a single user interface for cloud security coverage is an absolute must. Security teams can investigate malicious activity in near real-time without requiring developers to make any code adjustments.”
More at Extrahop.com
About ExtraHop
ExtraHop is dedicated to helping businesses with security that cannot be undermined, outwitted or compromised. The dynamic cyber defense platform Reveal (x) 360 helps companies to identify complex threats and react to them - before they put the company at risk. We apply cloud-scale AI to petabytes of traffic per day and conduct line rate decryption and behavioral analysis for all infrastructures, workloads and data on the fly. With the complete transparency of ExtraHop, companies can quickly identify malicious behavior, hunt down advanced threats and reliably forensic investigate every incident.