ExtraHop® announces the availability of Reveal(x)™ for Microsoft Azure

September 2018 by Emmanuelle Lamandé

ExtraHop® announced the availability of Reveal(x)™ for Microsoft Azure. With this latest release, Reveal(x) is also available for remote site deployments, extending visibility from the data center to the branch office to the cloud.

Reveal(x) for Microsoft Azure is available immediately in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.

Reveal(x) for Microsoft Azure provides an enterprise-grade NTA solution that delivers threat detection and investigation purpose-built for the cloud, extending the visibility and response capabilities of the enterprise security operations center (SOC) to encompass cloud infrastructure. Reveal(x) automatically discovers and classifies everything traversing the Azure environment, including rogue compute instances, to deliver complete real-time visibility at cloud scale. That data is correlated with event data from Azure Security Center to create a unified analytics and investigation source for SOC teams that provides always-on, always-everywhere visibility across the hybrid attack surface.

The Reveal(x) network traffic analysis platform integrates with the Microsoft Azure Virtual Network Tap to analyze cloud-based application payloads at scale. ExtraHop has partnered with Microsoft Azure to natively integrate Reveal(x) with the Azure Virtual Network Tap to deliver a completely passive, agentless approach to network traffic analysis in the cloud.

With the introduction of Reveal(x) for Microsoft Azure, enterprises can effectively address shared responsibility models and prioritize use of security resources based on critical assets and risk, delivering complete visibility across each dimension of enterprise responsibility including:

Applications & Content: Integration with Azure Security Center events enriches network-based threat detection with system-level activity (disabled logging, suspicious processes, suspect file execution), while real-time TLS 1.3 decode and transaction payload analysis spots threats and evaluates risk, even within PFS deployments.

Inventory & Configuration: Automatic discovery and classification of all cloud assets gives cloud and security teams up-to-the-second understanding of the attack surface, including the ability to track rogue instances – even when logging is disabled - and instantly flag exposed resources.

Data Access: Full support for Azure SQL Database and Azure Blob Storage protocols means visibility into behavior, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity.

Identity & Access Management: Integration with Azure Activity Monitoring allows granular tracking of privilege manipulation, while analysis and machine learning performed on Microsoft Active Directory payloads surfaces and flags suspicious behavior like credential harvesting and brute force login attempts.