Product Overview: ExtraHop Reveal(x)
ExtraHop Reveal(x) is a cutting-edge Network Detection and Response (NDR) platform designed to enhance cyber security, reduce risk, and improve the efficiency of security operations. Here’s a detailed look at what the product does and its key features.
What Reveal(x) Does
Reveal(x) provides comprehensive network visibility, enabling security teams to detect, investigate, and respond to cyber threats more effectively. It fills the coverage gaps left by traditional security tools such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and logs. By leveraging the network as a central source of truth, Reveal(x) offers real-time detection and rapid investigation capabilities, powered by cloud-scale machine learning and artificial intelligence.
Key Features and Functionality
Complete Network Visibility
Reveal(x) offers broad risk visibility across the entire attack surface, including on-premises, hybrid, and cloud environments. It provides continuous, passive discovery and classification of all devices, applications, users, and transactions, ensuring that every aspect of the network is monitored and understood.
Cloud-scale Machine Learning
The platform uses advanced machine learning algorithms to analyze network behavior, detect threats, and automate investigation steps. This results in faster and more accurate threat detection and response, without impacting network performance.
Real-time Threat Detection
Reveal(x) employs both machine learning and rule-based detection to identify threats that other tools might miss. It includes features such as targeted, out-of-band decryption at high speeds, supporting advanced protocols like TLS/SSL 1.3, SMB V3, and MS-RPC. This ensures that even encrypted network traffic is visible and can be analyzed for potential threats.
Streamlined Investigation
The platform enhances investigation workflows with intuitive, AI-driven tools. The AI Search Assistant allows users to navigate the platform using natural language queries, while Smart Investigations automate the process of correlating detections and creating incident case files. This reduces the mean time to investigate (MTTI) and respond (MTTR) to threats.
Packet Forensics
Reveal(x) includes packet forensics capabilities with continuous packet capture and a scalable PCAP repository. This allows for the quick querying of packets across hybrid environments, aiding in forensic evidence collection and compliance requirements. It also helps uncover attacker actions in encrypted traffic and across multiple protocols.
Advanced Threat Detection
The platform detects post-compromise recon and lateral movement by tracking the sequence of steps taken by an attacker. It also identifies early-stage attacks, such as “living off the land” tactics, through full packet capture and line-rate decryption.
File-Based Detection and Threat Hunting
Recent updates to Reveal(x) include searchable file-based detection and threat hunting capabilities. Features like the ‘Right-Click File Hash Lookup’ and integration with VirusTotal enable quick verification of malicious files and deeper investigations. This is particularly useful for monitoring unmanaged assets and IoT devices where endpoint agents are not installed.
BYO Threat Intelligence
Reveal(x) allows customers to import threat intelligence from various sources via STIX and TAXII integration, enhancing the platform’s ability to detect and respond to known threats.
Intelligent Response
The platform integrates seamlessly with other security tools for automated response or analyst-led actions. This ensures that threats can be stopped quickly and confidently, improving overall security hygiene and compliance.
In summary, ExtraHop Reveal(x) is a powerful NDR solution that leverages advanced technologies like machine learning, AI, and packet forensics to provide complete network visibility, rapid threat detection, and streamlined investigation and response capabilities. This makes it an essential tool for modern security operations centers looking to enhance their threat detection and response strategies.