ExtraHop brings enterprise network traffic analysis to the cloud through Microsoft Azure

ExtraHop announced the availability of Reveal(x) for Microsoft Azure. With Reveal(x) for Microsoft Azure, enterprise security and cloud operations teams now have network traffic analysis (NTA) that uses machine learning to surface threats and automate response across the entire hybrid enterprise.

With this latest release, Reveal(x) is also available for remote site deployments, extending visibility from the data center to the branch office to the cloud.

Reveal(x) for Microsoft Azure is available immediately in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.

While cloud platforms offer scale and agility, they also expand the enterprise attack surface, creating new opportunities for malicious actors to exploit misconfigurations, access data, and compromise applications.

Reveal(x) for Microsoft Azure provides a NTA solution that delivers threat detection and investigation purpose-built for the cloud, extending the visibility and response capabilities of the enterprise security operations center (SOC) to encompass cloud infrastructure.

Reveal(x) discovers and classifies everything traversing the Azure environment, including rogue compute instances, to deliver visibility at cloud scale. That data is correlated with event data from Azure Security Center to create analytics and investigation source for SOC teams that provides visibility across the hybrid attack surface.

The Reveal(x) network traffic analysis platform integrates with the Microsoft Azure Virtual Network Tap to analyze cloud-based application payloads at scale.

The Azure Virtual Network Tap (Azure vTAP) is the virtual network tap offered by a public cloud provider that enables monitoring of all network traffic.

ExtraHop has partnered with Microsoft Azure to integrate Reveal(x) with the Azure Virtual Network Tap to deliver an agentless approach to network traffic analysis in the cloud.

With the introduction of Reveal(x) for Microsoft Azure, enterprises can address shared responsibility models and prioritize use of security resources based on assets and risk, delivering visibility across each dimension of enterprise responsibility including:

Applications & content: Integration with Azure Security Center events enriches network-based threat detection with system-level activity (disabled logging, suspicious processes, suspect file execution), while TLS 1.3 decode and transaction payload analysis spots threats and evaluates risk, even within PFS deployments.

Inventory & configuration: Discovery and classification of cloud assets gives cloud and security teams understanding of the attack surface, including the ability to track rogue instances – even when logging is disabled – and flag exposed resources.

Data access: Support for Azure SQL Database and Azure Blob Storage protocols means visibility into behavior, not just activity, while machine learning at the application layer provides detection of exfiltration activity.

Identity & access management: Integration with Azure Activity Monitoring allows tracking of privilege manipulation, while analysis and machine learning performed on Microsoft Active Directory payloads surfaces and flags suspicious behavior like credential harvesting and brute force login attempts.

“The Microsoft Azure Virtual Network Tap is the first of its kind, allowing us to access network traffic from the cloud as easily and passively as we do from our data center,” said Daniel Howard, VP of Information Technology at International Cruise & Excursions.

“This integration immediately transforms that data into a powerful source of threat detection and investigation. We now have the power to secure our cloud workloads exactly as we do our on-prem applications.”

“The enterprise attack surface is no longer confined to the data center. Enterprise IT assets exist everywhere the enterprise operates, from the branch office to the data center or the cloud,” said Jesse Rothstein, CTO and co-founder, ExtraHop.

“With Reveal(x) for Microsoft Azure, we’re enabling SecOps to detect and investigate threats across the entire hybrid enterprise while focusing on the most critical assets first so business functions can continue uninterrupted and customer data remains protected.”

Adwait Joshi, Director, Product Marketing, Azure Security, Microsoft said, “ExtraHop Reveal(x) offers comprehensive threat visibility across the hybrid enterprise allowing SecOps teams to detect threats immediately and act decisively to eliminate them. The solution works with Microsoft Azure, enabling monitoring and incident response from cloud infrastructure to the data center.”