ExtraHop partners with Splunk SOAR to offer visibility into encrypted network traffic

Shutterstock

ExtraHop and Splunk SOAR have announced a new partnership that aims to present greater visibility into encrypted targeted visitors for security gurus. 

The collaboration focuses on a new integration amongst ExtraHop’s network detection and response (NDR) platform Reveal(x) and Splunk SOAR.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

Via this integration, Splunk SOAR customers can leverage expanded visibility with packet-level insights ranging from IoT to the cloud – which includes unmanaged gadgets, legacy programs, as well as all network assets. 

In an announcement, ExtraHop reported customers can correlate logs with network intelligence to obtain a deeper comprehending of threats and boost self confidence in incident reaction automation.

“The network is a resource of floor real truth, challenging for an attacker to evade, and just about unattainable to turnoff,” mentioned Jesse Rothstein, co-founder and CTO at ExtraHop. “As these, network visitors evaluation features an effective means to detect suspicious behaviours and probable threats with significant sign and reduced noise.

“Our new integration with Splunk SOAR brings together our rich, contextualized knowledge with an highly developed system to help defenders to prioritize alerts, accelerate investigation, and operate dependable playbooks to in the long run cease threats speedier.”

Run by cloud-centered equipment learning, ExtraHop’s cyber defense platform Reveal(x) offers insights and entire context analytics, equipping security operation centres (SOCs) with full visibility of an incident just before they begin investigating. 

Its new integration with Splunk SOAR aims to help security teams bolster their SOAR playbooks with superior-fidelity knowledge about detections, units, network artefacts, and total packet seize. In the long run, it lets for quicker handling of minimal-stage alerts, freeing up a lot more time to investigate more demanding and advanced incidents.

ExtraHop Reveal(x) claims to cover nearly 50% of network-detectable MITRE ATT&CK approaches together with privilege escalation, lateral movement, details exfiltration, as properly as command and handle (C2).

Chris Kissel, analysis vice president, security, and have confidence in at IDC, mentioned the transfer will aid security teams better take care of their workflows. 

“This integration involving Splunk and ExtraHop aids overburdened SOC analysts streamline their workflow so they can leverage out-of-the-box playbooks to manage very low amount alerts and focus on orchestrating the reaction and forensics desired for the alerts that make any difference,” he defined.

“A important gain of integrating with ExtraHop is visibility into encrypted targeted visitors. Encryption is important for security and privacy, but it can be a double-edged sword when attackers use it to conceal their actions. ExtraHop decrypts targeted traffic and delivers in close proximity to authentic-time insights that are crucial for SOC analysts to make a lot quicker choices.”