News
ExtraHop Partners With CrowdStrike to Deliver Cloud-Native Threat Detection from the Network to the Endpoint
June 2020 by Marc Jacob
ExtraHop announced a partnership with CrowdStrike, a leader in cloud-delivered endpoint protection. The partnership includes the powerful integration between ExtraHop® Reveal(x)™ and CrowdStrike Falcon®, marrying best-of-breed cloud-native detection and response capabilities to provide protection from the network to the endpoint.
As businesses and government agencies have transitioned employees to remote work and moved more of their operations off premises, it has exposed gaps in availability, access, and security. Adversaries around the world quickly took advantage of the chaos, exploiting misconfigured remote desktop protocol vulnerabilities and ramping up phishing scams. With cloud adoption surging and a major spike in the use of personal computing devices for work, it is more critical than ever for organizations to maintain a clear picture of managed and unmanaged devices on their network, as well as determine which are being adequately monitored and secured.
The integration between ExtraHop Reveal(x) and CrowdStrike Falcon merges complete network visibility, machine learning behavioral threat detection and real-time decryption of SSL/TLS sessions to extract de-identified metadata for analysis. This approach provides joint customers powerful endpoint security and instant remediation of threats.
? Real-time Detection: The integration allows security teams to rapidly detect threats observed on the network such as network privilege escalation, lateral movement, suspicious VPN connections, data exfiltration and more. It also helps thwart those occurring on the endpoint, including ransomware, local file enumeration, directory traversal, and code execution. This provides complete coverage across the entire attack surface.
? Instant Response: When Reveal(x) detects urgent threats it notifies the Falcon platform to contain the impacted devices ensuring analysts can rapidly investigate and resolve threats. This cuts off access to network resources and endpoints before a security incident can turn into a breach.
? Continuous Endpoint Visibility: With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats, even on devices where the CrowdStrike agent is not yet present. This alerts CrowdStrike customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents.
