IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ExtraHop partners with Splunk SOAR to offer visibility into encrypted network traffic

The new platform integration aims to reduce the amount of time security professionals spend on low-level analysis tasks

ExtraHop and Splunk SOAR have announced a new partnership that aims to provide greater visibility into encrypted traffic for security professionals. 

The collaboration focuses on a new integration between ExtraHop’s network detection and response (NDR) platform Reveal(x) and Splunk SOAR.

Through this integration, Splunk SOAR users can leverage expanded visibility with packet-level insights ranging from IoT to the cloud - including unmanaged devices, legacy systems, as well as all network assets. 

In an announcement, ExtraHop said users can correlate logs with network intelligence to gain a deeper understanding of threats and improve confidence in incident response automation.

“The network is a source of ground truth, difficult for an attacker to evade, and nearly impossible to turnoff,” said Jesse Rothstein, co-founder and CTO at ExtraHop. “As such, network traffic analysis offers an effective means to detect suspicious behaviours and potential threats with high signal and low noise.

“Our new integration with Splunk SOAR combines our rich, contextualized data with an advanced platform to enable defenders to prioritize alerts, accelerate investigation, and run trusted playbooks to ultimately stop threats faster.”

Powered by cloud-based machine learning, ExtraHop’s cyber defense platform Reveal(x) provides insights and full context analytics, equipping security operation centres (SOCs) with complete visibility of an incident before they begin investigating. 

Related Resource

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Whitepaper cover with title on grey rectangle with top header banner and ESG logoFree Download

Its new integration with Splunk SOAR aims to help security teams bolster their SOAR playbooks with high-fidelity data about detections, devices, network artefacts, and full packet capture. Ultimately, it allows for quicker handling of low-level alerts, freeing up more time to investigate more demanding and complex incidents.

ExtraHop Reveal(x) claims to cover nearly 50% of network-detectable MITRE ATT&CK techniques including privilege escalation, lateral movement, data exfiltration, as well as command and control (C2).

Chris Kissel, research vice president, security, and trust at IDC, said the move will help security teams better manage their workflows. 

“This integration between Splunk and ExtraHop helps overburdened SOC analysts streamline their workflow so they can leverage out-of-the-box playbooks to handle low level alerts and focus on orchestrating the response and forensics needed for the alerts that matter,” he explained.

“A key benefit of integrating with ExtraHop is visibility into encrypted traffic. Encryption is vital for security and privacy, but it can be a double-edged sword when attackers use it to hide their actions. ExtraHop decrypts traffic and provides near real-time insights that are vital for SOC analysts to make faster decisions.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

UK updates NIS regulations bringing stricter rules for MSPs
IT regulation

UK updates NIS regulations bringing stricter rules for MSPs

2 Dec 2022
Ivanti makes double appointment in channel leadership shakeup
Business strategy

Ivanti makes double appointment in channel leadership shakeup

1 Dec 2022
Dropbox adds end-to-end, zero-knowledge encryption with acquisition of Boxcryptor assets
mergers and acquisitions

Dropbox adds end-to-end, zero-knowledge encryption with acquisition of Boxcryptor assets

30 Nov 2022
Q&A: Fred Voccola, Kaseya
channel

Q&A: Fred Voccola, Kaseya

30 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Q&A: Fred Voccola, Kaseya
channel

Q&A: Fred Voccola, Kaseya

30 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022