Product Overview: ExtraHop Reveal(x)
ExtraHop Reveal(x) is a comprehensive Network Detection and Response (NDR) solution designed to provide unparalleled visibility, detection, and response capabilities to security operations teams. Here’s a detailed look at what the product does and its key features.
What Reveal(x) Does
Reveal(x) is engineered to automatically discover and classify every device communicating across the network, ensuring complete visibility from the data center to the cloud and the edge. This real-time visibility enables security teams to identify hidden attackers, understand crucial transaction details, and maintain robust security hygiene without compromising network performance.
Key Features and Functionality
Complete Network Visibility
Reveal(x) offers full East-West visibility, allowing security teams to understand their enterprise from the inside out. It automatically discovers and classifies all devices on the network, enhancing security hygiene and providing an always-up-to-date inventory.
Real-Time Threat Detection
The platform detects threats in real time by extracting over 5,000 L2-L7 features from network traffic. It uses cloud-scale machine learning to identify critical assets, compare peer groups, and deliver high-fidelity detections correlated with risk scores and threat intelligence. This enables security teams to prioritize efforts and respond with confidence.
Detection of Lateral Movement
Reveal(x) detects post-compromise recon and lateral movement by showing the sequence of steps taken by an attacker, reducing the Mean Time to Identify (MTTI) and Mean Time to Detection (MTTD).
Advanced File-Based Detection and Threat Hunting
The latest versions of Reveal(x) include searchable file-based detection, file hashing, and file carving capabilities. These features allow for the detection of malicious files across unmanaged assets and endpoints, such as IoT devices, and integrate seamlessly with VirusTotal for deeper investigations.
AI and Machine Learning Enhancements
Reveal(x) leverages generative AI and cloud-scale machine learning to enhance SOC analysts’ efficiency. Key AI-driven features include:
- AI Search Assistant: Allows users to navigate the platform using natural language search queries, democratizing threat hunting for analysts of all skill levels.
- Smart Investigations: Automates the investigation workflow by correlating detections for high-risk attack patterns and creating incident case files.
Streamlined Investigation and Response
The platform provides intuitive workflows that accelerate the mean time to investigate threats. Features include:
- 3-Click Investigation: Enables quick investigation from detection to root cause using streamlined workflows enhanced by AI.
- Automated Response: Offers turnkey integration for automated response or analyst-led action to stop threats quickly and confidently.
Packet Forensics and Intrusion Detection
Reveal(x) includes advanced packet forensics capabilities with continuous packet capture and a scalable PCAP repository. This allows for the collection of forensic evidence and the detection of known malware and exploits in real-time. Custom rules based on the Suricata framework can also be easily uploaded.
Integration and Compliance
The platform integrates with various threat intelligence services via STIX and TAXII integration, allowing customers to import threat intelligence from ISACs and other sources. It also helps organizations meet or exceed evidence collection and compliance requirements.
In summary, ExtraHop Reveal(x) is a powerful NDR solution that combines real-time visibility, advanced threat detection, and AI-driven investigation and response capabilities to help security teams identify, investigate, and respond to threats more efficiently and effectively.