sb-eu logo
Story image

ExtraHop integrates with Google Cloud's new packet mirroring feature

26 Nov 2019

 Google Cloud has announced a new packet mirroring feature that integrates with ExtraHop’s ExtraHopReveal(x) to enable stronger threat detection, investigation, and response.

The packet mirroring feature enables Reveal(x) to analyse network traffic in a passive, agentless manner, in order to provide deeper visibility into security threats against workloads in Google Cloud.

Reveal(x) for Google Cloud Platform is able to automatically discover, classify, and map dependencies between workloads. It is also able to apply advanced machine learning to surface the most critical threats. Equipped with this information, GCP customers can rapidly identify, investigate, and respond to threats, fulfilling their obligations under the shared responsibility model.

ExtraHop CTO and cofounder Jesse Rothstein says that traditional security tools are falling short, which means new thinking is needed.

“Reveal(x) for GCP Packet Mirroring provides security teams with unparalleled network visibility and cloud-scale machine learning for detection and automated response across your business's complex attack surface.”

Through the integration with GCP packet mirroring, ExtraHop Reveal(x) provides full threat visibility, detection, and response across cloud and hybrid workloads.

Full Packet analysis: Reveal(x) leverages GCP Packet Mirroring to capture payloads and headers, enabling in-depth analysis and threat hunting. Machine learning at the application layer provides immediate detection of difficult-to-spot activity, including exfiltration.

Encrypted payload visibility: Reveal(x) decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.

Augmented investigation: Reveal(x) for GCP automates several early investigation steps to provide analysts with workflows that can be completed in clicks, enabling quick and confident response.

Google Cloud product manager Mahesh Narayanan says traffic visibility is an essential part of preventing security breaches and attacks, particularly as networks become more complex.

“With Packet Mirroring, our customers now have a way to proactively detect network intrusions, analyze, and diagnose application performance issues for both Compute Engine and Google Kubernetes Engine, across all regions and machine types."

Ulta Beauty is one organisation that sees benefits from the Google Cloud and Reveal(x) integration.

Ulta Beauty’s senior director of IT risk management and CISO Diane Brown explains, "Ulta Beauty is a company built on seeing possibilities. It's informed everything from our in-store shopping experience to how we build our business – including the technology that supports it.”

"In cloud computing, we see the ability to grow faster and deliver more 'wow' experiences to our customers. The new integration between ExtraHop Reveal(x) and Google Cloud's new packet mirroring accelerates our cloud adoption by giving us the visibility we need to secure our applications and protect our most precious asset, our customers."

ExtraHop Reveal(x) for GCP is now available in alpha.

Story image
WatchGuard expands partner ecosystem, enables partners to grow security services footprint
Combining WatchGuard's Total Security Suite and Passport bundle allows partners to provide complete security from network to endpoint for their customers.More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More