ExtraHop and AWS integration automates response and forensics for cloud workloads

ExtraHop, the leader in cloud-native network detection and response, announced a new integration with Amazon Web Services (AWS) that automates the isolation of compromised Amazon Elastic Compute Cloud (EC2) instances and empowers security operations teams to create a wide range of customizable response automations, from quarantining and blocking to ticketing and tagging.

Alongside the new automation capability, ExtraHop Reveal(x) Cloud now offers continuous packet capture in AWS. That reduces the amount of time, effort, and money required to perform packet-level analysis while providing security teams with the forensic detail they need to get to root cause or to fulfill chain-of-custody requirements.

Response automation is considered the holy grail for many security operations, allowing teams to snuff out threats before they further infiltrate or damage the organization.

But when done at a tool level instead of a system level, response automation too often results in devices being quarantined or systems being shut down based on unreliable data or incomplete information.

Lengthy investigation time compounds the challenge, leaving critical systems idle until the threat can be remediated, and potentially resulting in business downtime and lost revenue.

The latest ExtraHop integration with AWS brings precision to both response automation and investigation workflows in the cloud. The AWS quarantine integration combines high-fidelity detections from Reveal(x) Cloud with AWS security group policies to automatically quarantine compromised EC2 instances, enabling timely and targeted response.

Security teams can also modify the trigger, or write a new trigger, to take different actions when a detection violates policies. With right-sized continuous packet capture, Reveal(x) Cloud takes an analytics-first approach to investigation, allowing security operations teams to go from detection to associated packets in a matter of clicks, keeping investigations fast and focused.

Reveal(x) Cloud also includes new features that streamline investigation in cloud and hybrid environments, enabling analysts to rapidly identify and respond to the highest priority threats.

  • 1G, 5G, and 10G SaaS offerings with Continuous Packet Capture within AWS environments support streamlined and guided investigation for any incident. Customers can begin purchasing the Reveal(x) Cloud PCAP for AWS offering in early 2020.
  • Related Detections reduce response time by automatically surfacing similar threats across architectures in a Reveal(x) Cloud investigation workflow. This provides SecOps teams with a unified view of attack patterns happening in the environment.
  • Enhanced reporting capability provides executive-level overviews of security posture at the touch of a button. Reports zero in on critical threats while also delivering high-level insight into compliance across hybrid and cloud environments.

“Though AWS supports strong controls, companies are responsible for securing their own workloads, which is a daunting task with the current cybersecurity skills shortage and nascent cloud security market,” said Jesse Rothstein, CTO and co-founder, ExtraHop.

“Our Reveal(x) solution provides SecOps teams with advanced visibility, detection, and response for hybrid environments. We are constantly working to expand our capabilities, and this integration with AWS is another step towards winning the arms race in enterprise security.”

Don't miss