ExtraHop partners with Splunk SOAR to offer visibility into encrypted network traffic

Digital image of encryption codes and data
(Image credit: Shutterstock)

ExtraHop and Splunk SOAR have announced a new partnership that aims to provide greater visibility into encrypted traffic for security professionals.

The collaboration focuses on a new integration between ExtraHop’s network detection and response (NDR) platform Reveal(x) and Splunk SOAR.

Through this integration, Splunk SOAR users can leverage expanded visibility with packet-level insights ranging from IoT to the cloud - including unmanaged devices, legacy systems, as well as all network assets.

In an announcement, ExtraHop said users can correlate logs with network intelligence to gain a deeper understanding of threats and improve confidence in incident response automation.

“The network is a source of ground truth, difficult for an attacker to evade, and nearly impossible to turnoff,” said Jesse Rothstein, co-founder and CTO at ExtraHop. “As such, network traffic analysis offers an effective means to detect suspicious behaviours and potential threats with high signal and low noise.

“Our new integration with Splunk SOAR combines our rich, contextualized data with an advanced platform to enable defenders to prioritize alerts, accelerate investigation, and run trusted playbooks to ultimately stop threats faster.”

Powered by cloud-based machine learning, ExtraHop’s cyber defense platform Reveal(x) provides insights and full context analytics, equipping security operation centres (SOCs) with complete visibility of an incident before they begin investigating.


Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure


Its new integration with Splunk SOAR aims to help security teams bolster their SOAR playbooks with high-fidelity data about detections, devices, network artefacts, and full packet capture. Ultimately, it allows for quicker handling of low-level alerts, freeing up more time to investigate more demanding and complex incidents.

ExtraHop Reveal(x) claims to cover nearly 50% of network-detectable MITRE ATT&CK techniques including privilege escalation, lateral movement, data exfiltration, as well as command and control (C2).

Chris Kissel, research vice president, security, and trust at IDC, said the move will help security teams better manage their workflows.

“This integration between Splunk and ExtraHop helps overburdened SOC analysts streamline their workflow so they can leverage out-of-the-box playbooks to handle low level alerts and focus on orchestrating the response and forensics needed for the alerts that matter,” he explained.

“A key benefit of integrating with ExtraHop is visibility into encrypted traffic. Encryption is vital for security and privacy, but it can be a double-edged sword when attackers use it to hide their actions. ExtraHop decrypts traffic and provides near real-time insights that are vital for SOC analysts to make faster decisions.”

Daniel Todd

Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.

A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.

He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.