WIXLIB

EBOOKUSE CASES FOR A SECUREHYBRID ENTERPRISEReveal(x) 360Cloud-Native Network Detectionand Response Delivered as a SaaS1

TA B L E O F C O N T E N T SIntroduction3Reveal(x) 360 Overview46Cloud Threat DefenseUse CasesHybrid SecurityCloud SecurityIT OLUTION99%FASTERTROUBLESHOOTING

INTRODUCTIONClosing Coverage GapsAcross the Hybrid Attack SurfaceThe attack surface stretches from the on-prem data center to the cloud toremote deployments and the device edge. But tools that only secure theperimeter, rely exclusively on logs, or require agents only show part of thepicture and can be difficult to scale. Legacy tools also struggle to providevisibility and monitoring for containerized environments.As a result, 62% of IT and cybersecurity professionals say theyhave gaps in their coverage.Security teams need the ability to see every device, every workload,every user, everywhere—and detect and confidently respond to advancedthreats anywhere. What they’re missing is unified coverage, available in asingle interface and powered by the richest data source in hybrid security:network packets.ExtraHop Reveal(x) 360 brings the power of network traffic packetsto hybrid security, helping organizations manage the attack surface,decrease risk, and stop breaches up to 84% faster.3With SaaS-based Reveal(x) 360, you can detect, investigate, and respondto advanced threats like ransomware and software supply chain attacksin a single management pane. This unified approach eliminates thecomplexity of deploying separate tools in each environment. It alsoremoves the friction caused by data silos between security and IT teamswho need to collaborate closely in order to provide a safe, reliable digitalexperience.For cloud security, Reveal(x) 360 integrates with packet mirroringfeatures from Amazon Web Services (AWS) and Google Cloud, as well asthe announced Microsoft Azure vTAP to eliminate the need for agents.

OVERVIEWReveal(x) 360 at a GlanceUnified Security Across DeploymentsAs the first and only SaaS-based NDR solution on the market,Reveal(x) 360 extends cloud-native security across hybrid andmulticloud environments by providing full visibility, real-time threatdetection, forensic investigation, and intelligent response at enterprisescale. Integrated workflows accelerate threat hunting and amplifyorganizational resources.ExtraHop sensors deployed in data centers, clouds, andremote sites decrypt and process network data, extracting recordsand de-identified metadata which are sent securely to Reveal(x) 360for behavioral analysis, real-time threat detection, and investigation.ExtraHop offers two models for sensor purchases: reserved priced anda consumption-based model for on-demand sensors billed by the hourand available through the Reveal(x) 360 cloud console.A cloud-based record store with 90-day lookback provides fullyhosted and managed search for streamlined incident investigation. Acloud-hosted control plane—accessible from anywhere via the secureweb-based Reveal(x) 360 user interface—gives you a unified view ofthe environments where sensors are deployed.4

Reveal(x) 360Fill Security Monitoring GapsDetect Threats in Real TimeSecure Hybrid Environments Without FrictionRespond Quickly and ConfidentlyUSER BENEFITSWith Reveal(x) 360, SecOps teams can detect,investigate, and respond to threats from thedata center to the cloud to the user and deviceedge in a single management pane. Continuousmonitoring and L2–L7 analysis ensure end usersare always up to date and in the know.Stronger Security withAgentless NetworkDetection and ResponseELIMINATE BLIND SPOTSwith Complete CoverageDETECT THREATSup to 50% FasterSTOP BREACHESup to 84% Faster5Secure Hybrid EnvironmentsWithout FrictionBy combining advanced AI analysis withrules-based detection, peer group analysis,and deep learning, Reveal(x) 360 quicklyidentifies known and unknown threats andprovides holistic coverage of attacker tactics,techniques, and procedures.Respond Quickly and ConfidentlyBy integrating with Amazon VPC TrafficMirroring, Google Cloud Packet Mirroring, andthe announced Azure Virtual TAP, Reveal(x) 360eliminates friction caused by deploying agents,making it highly elastic and easier to scale.Reveal(x) 360 also integrates with third-partypacket brokers on-premises and in the cloud.Reveal(x) 360 automates the first stepsof investigations to streamline workflows,enabling you to go from alert to response inclicks, not days. For deeper context, you candig into a cloud-based record store with90-day lookback.Reduce Time to Deploy and Management BurdenReduce Time to DeployGain Complete Visibilityand Rich InsightReveal(x) 360 deploys without agents inpublic cloud and on-premises environments.For AWS environments, you can deploy ondemand sensors directly from the Reveal(x)360 management pane.Reveal(x) 360 passively monitors networktraffic and starts learning complex relationshipsthrough continuous asset discovery,classification, and mapping. It also provideseast-west and north-south visibility and outof-band decryption of SSL/TLS 1.3 encryptedtraffic at line rate.See Value ImmediatelyManaged ServicesReveal(x) Advisor offers threat-free networkassurance for the hybrid enterprise. ExtraHopexperts will augment lean security teams byidentifying vulnerabilities, detecting incidents,and stopping adversaries.

Reveal(x) 360CLOUD THREAT DEFENSEMulti-Layered Security Against Advanced Threats for AWSReveal(x) 360 cloud threat defense for AWS enables security teams to stopthreats from the inside with complete visibility, post-compromise detections,proactive threat hunting, and deep forensic investigation.Reveal(x) 360 deploys without adding friction to DevOps processes, freeingsecurity teams to defend critical workloads and applications withoutslowing down innovation, digital transformation, or business. With Reveal(x)360, you can visualize your entire attack surface in real time from a singlemanagement pane.By combining the breadth of VPC Flow Logs with the depth of networkpackets, Reveal(x) 360 provides a multi-layered approach to defendingagainst advanced threats like ransomware, software supply chain attacks,and more. Security teams can use flow logs for broad visibility and packets toconduct deep forensic investigations.ExtraHop analyzes all layers of network telemetry with advanced AI to createaccurate detections, high-fidelity alerts with context, and a threat heatmap.Armed with this advanced threat visibility, security teams can zero in on,investigate, and remediate hotspots of malicious activity in real time.6Reveal(x) 360 offers several subscriptions for multi-layeredcloud threat defense in AWS. Every Reveal(x) 360 subscriptionleverages ExtraHop’s cloud-hosted AI service and record store.To view Reveal(x) 360 pricing, visit our AWS Marketplace listing.

Reveal(x) 360HYBRID SECURITY USE CASESGain Complete Coverage. Detect Threats Faster. Act Quickly.Organizations with hybrid deployments need security that evolveswith their digital transformation. With agentless visibility deliveredas a SaaS, Reveal(x) 360 provides the elastic, highly scalable threatdetection and response capabilities that meet organizations whereverthey are in their hybrid cloud journey.7

HYB R ID S EC U R I T YReveal(x) 360 Use CasesRANSOMWARE MITIGATIONRansomware is becoming more sophisticated, and traditionalprevention tactics can’t keep up with the latest advances.Ransomware gangs now take advantage of east-west visibility gapsand encrypted traffic to stay hidden just long enough to reach theendgame of their attacks and expand their blast radius. Reveal(x) 360provides the visibility and investigation capabilities needed to detectand mitigate ransomware with speed and confidence. Gain complete east-west visibility to light up the darkspace whereransomware hides after it slips past perimeter defenses. Detect the subtle post-compromise activities used in the midgame ofevery successful attack with AI-powered behavioral analysis. Quickly investigate high-fidelity detections to take a targetedapproach to response that only quarantines compromised devicesor workloads.Reveal(x) 360 detects ransomware in every stage ofthe attack killchain and creates high-fidelity alerts.8How do you prevent ransomware fromcompromising perimeter defenses?What are your current ransomwaremitigation strategies?How do you detect post-compromiseactivities in the ransomware kill chain?

HYB R ID S EC U R I T YReveal(x) 360 Use CasesMONITOR SENSITIVE DATAAttackers can’t steal data without moving it across the network.But data protection products, zero trust architecture, and loggingwith manual post-hoc analysis create large blind spots, slow downinvestigation and response, and create significant implementationand administration burdens. Reveal(x) 360 data monitoring providesrich context into the “who,” “what,” “when,” and “where” of everydata transfer—even with perfect forward secrecy enabled—for fasterinvestigation, deeper understanding, and more rapid response. See all data movement from a network perspective toautomatically identify data sensitivity. Trace internal data transfers as well as movement to externalendpoints, APIs, and cloud services. Gain instant access to packet-level forensics for data leakageas well as access to decryption keys.Monitor data exfiltration in hybrid environmentsthrough the Reveal(x) 360 user interface.9How do you currently monitoraccess to sensitive data?How do you detect unauthorized movementof large quantities of sensitive data?How do you get context to knowif a data transfer is malicious?

HYB R ID S EC U R I T YReveal(x) 360 Use CasesDETECT POST-COMPROMISE RECONAND LATERAL MOVEMENTOnce attackers compromise a workstation and steal credentials,it’s extremely difficult to detect them. The limitations of perimeterfocused tools, logging, and endpoint tools create significant blindspots in the east-west traffic corridor where attackers pivot tocritical assets and expand their foothold. Reveal(x) 360 detects postcompromise activities to help you protect your “crown jewels” fromlate-stage attacks and probing activities in hybrid environments. Gain a comprehensive view of activity across hybridenvironments. Detect behaviors such as unusual login time andsuspicious interactive traffic. Speed up time to detect and respond.Gain up-to-the-moment insight into unusual activitiesthat indicate post-compromise behaviors.10What percentage of your hybrid environmentis covered by log and endpoint data?What network controls do you have in placeto discover and limit device activity?How do you track normal and abnormalaccount activity?

HYB R ID S EC U R I T YReveal(x) 360 Use CasesSTREAMLINE THREAT HUNTINGThreat hunting helps reduce organizational risk and provides valuableintelligence to augment detection capabilities and strengthen securityposture. But existing threat hunting tools that rely on host-reporteddata can be evaded or tampered with by attackers, creating blindspots and causing security teams to miss more sophisticated threats.Reveal(x) 360 provides guided workflows for threat hunting, a completedataset to develop and test hypotheses, and mechanisms to automatehunting techniques, made simple and accessible for analysts of anyexperience level. Zero in on transactions of interest to threat hunters. Quickly test granular and wide-ranging threat huntinghypotheses. Rapidly research and validate a wide variety ofindicators of compromise (IOCs).Reveal(x) 360 provides dashboard and query-basedstarting points for threat hunting.11What is your organization’s currentapproach to threat hunting?What are the barriers to expanding yourthreat hunting capabilities?How do you use network data in yourthreat hunting activities?