ExtraHop and Splunk SOAR have announced a new partnership that aims to provide greater visibility into encrypted traffic for security professionals.
The collaboration focuses on a new integration between ExtraHop’s network detection and response (NDR) platform Reveal(x) and Splunk SOAR.
Through this integration, Splunk SOAR users can leverage expanded visibility with packet-level insights ranging from IoT to the cloud - including unmanaged devices, legacy systems, as well as all network assets.
In an announcement, ExtraHop said users can correlate logs with network intelligence to gain a deeper understanding of threats and improve confidence in incident response automation.
“The network is a source of ground truth, difficult for an attacker to evade, and nearly impossible to turnoff,” said Jesse Rothstein, co-founder and CTO at ExtraHop. “As such, network traffic analysis offers an effective means to detect suspicious behaviours and potential threats with high signal and low noise.
“Our new integration with Splunk SOAR combines our rich, contextualized data with an advanced platform to enable defenders to prioritize alerts, accelerate investigation, and run trusted playbooks to ultimately stop threats faster.”
Powered by cloud-based machine learning, ExtraHop’s cyber defense platform Reveal(x) provides insights and full context analytics, equipping security operation centres (SOCs) with complete visibility of an incident before they begin investigating.
Solve cyber resilience challenges with storage solutions
Fundamental capabilities of cyber-resilient IT infrastructure
Its new integration with Splunk SOAR aims to help security teams bolster their SOAR playbooks with high-fidelity data about detections, devices, network artefacts, and full packet capture. Ultimately, it allows for quicker handling of low-level alerts, freeing up more time to investigate more demanding and complex incidents.
ExtraHop Reveal(x) claims to cover nearly 50% of network-detectable MITRE ATT&CK techniques including privilege escalation, lateral movement, data exfiltration, as well as command and control (C2).
Chris Kissel, research vice president, security, and trust at IDC, said the move will help security teams better manage their workflows.
“This integration between Splunk and ExtraHop helps overburdened SOC analysts streamline their workflow so they can leverage out-of-the-box playbooks to handle low level alerts and focus on orchestrating the response and forensics needed for the alerts that matter,” he explained.
“A key benefit of integrating with ExtraHop is visibility into encrypted traffic. Encryption is vital for security and privacy, but it can be a double-edged sword when attackers use it to hide their actions. ExtraHop decrypts traffic and provides near real-time insights that are vital for SOC analysts to make faster decisions.”
