ExtraHop Integrates with AWS to Automate Response and Forensics for Cloud Workloads
December 2019 by Marc Jacob
ExtraHop announced a new integration with Amazon Web Services (AWS) that automates the isolation of compromised Amazon Elastic Compute Cloud (EC2) instances and empowers security operations teams to create a wide range of customizable response automations, from quarantining and blocking to ticketing and tagging. Alongside the new automation capability, ExtraHop Reveal(x) Cloud now offers continuous packet capture in AWS. That reduces the amount of time, effort, and money required to perform packet-level analysis while providing security teams with the forensic detail they need to get to root cause or to fulfill chain-of-custody requirements.
Response automation is considered the holy grail for many security operations, allowing teams to snuff out threats before they further infiltrate or damage the organization. But when done at a tool level instead of a system level, response automation too often results in devices being quarantined or systems being shut down based on unreliable data or incomplete information. Lengthy investigation time compounds the challenge, leaving critical systems idle until the threat can be remediated, and potentially resulting in business downtime and lost revenue.
The latest ExtraHop integration with AWS brings precision to both response automation and investigation workflows in the cloud. The AWS quarantine integration combines high-fidelity detections from Reveal(x) Cloud with AWS security group policies to automatically quarantine compromised EC2 instances, enabling timely and targeted response. Security teams can also modify the trigger, or write a new trigger, to take different actions when a detection violates policies. With right-sized continuous packet capture, Reveal(x) Cloud takes an analytics-first approach to investigation, allowing security operations teams to go from detection to associated packets in a matter of clicks, keeping investigations fast and focused.
Reveal(x) Cloud also includes new features that streamline investigation in cloud and hybrid environments, enabling analysts to rapidly identify and respond to the highest priority threats.
1G, 5G, and 10G SaaS offerings with Continuous Packet Capture within AWS environments support streamlined and guided investigation for any incident. Customers can begin purchasing the Reveal(x) Cloud PCAP for AWS offering in early 2020.
Related Detections reduce response time by automatically surfacing similar threats across architectures in a Reveal(x) Cloud investigation workflow. This provides SecOps teams with a unified view of attack patterns happening in the environment.
Enhanced reporting capability provides executive-level overviews of security posture at the touch of a button. Reports zero in on critical threats while also delivering high-level insight into compliance across hybrid and cloud environments.