sb-eu logo
Story image

ExtraHop integrates with Google Cloud's new packet mirroring feature

26 Nov 2019

 Google Cloud has announced a new packet mirroring feature that integrates with ExtraHop’s ExtraHopReveal(x) to enable stronger threat detection, investigation, and response.

The packet mirroring feature enables Reveal(x) to analyse network traffic in a passive, agentless manner, in order to provide deeper visibility into security threats against workloads in Google Cloud.

Reveal(x) for Google Cloud Platform is able to automatically discover, classify, and map dependencies between workloads. It is also able to apply advanced machine learning to surface the most critical threats. Equipped with this information, GCP customers can rapidly identify, investigate, and respond to threats, fulfilling their obligations under the shared responsibility model.

ExtraHop CTO and cofounder Jesse Rothstein says that traditional security tools are falling short, which means new thinking is needed.

“Reveal(x) for GCP Packet Mirroring provides security teams with unparalleled network visibility and cloud-scale machine learning for detection and automated response across your business's complex attack surface.”

Through the integration with GCP packet mirroring, ExtraHop Reveal(x) provides full threat visibility, detection, and response across cloud and hybrid workloads.

Full Packet analysis: Reveal(x) leverages GCP Packet Mirroring to capture payloads and headers, enabling in-depth analysis and threat hunting. Machine learning at the application layer provides immediate detection of difficult-to-spot activity, including exfiltration.

Encrypted payload visibility: Reveal(x) decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.

Augmented investigation: Reveal(x) for GCP automates several early investigation steps to provide analysts with workflows that can be completed in clicks, enabling quick and confident response.

Google Cloud product manager Mahesh Narayanan says traffic visibility is an essential part of preventing security breaches and attacks, particularly as networks become more complex.

“With Packet Mirroring, our customers now have a way to proactively detect network intrusions, analyze, and diagnose application performance issues for both Compute Engine and Google Kubernetes Engine, across all regions and machine types."

Ulta Beauty is one organisation that sees benefits from the Google Cloud and Reveal(x) integration.

Ulta Beauty’s senior director of IT risk management and CISO Diane Brown explains, "Ulta Beauty is a company built on seeing possibilities. It's informed everything from our in-store shopping experience to how we build our business – including the technology that supports it.”

"In cloud computing, we see the ability to grow faster and deliver more 'wow' experiences to our customers. The new integration between ExtraHop Reveal(x) and Google Cloud's new packet mirroring accelerates our cloud adoption by giving us the visibility we need to secure our applications and protect our most precious asset, our customers."

ExtraHop Reveal(x) for GCP is now available in alpha.

Story image
Ministry of Defence reports 546 potential data breaches over the year
In total there were 546 reported incidents of potential data breaches in the most recent financial year, up from 463 in the previous year (2018/19).More
Story image
How Bitcoin could impact the cyber-threat landscape
Bitcoin's escalating valuation has made some criminal organisations and malicious individuals very wealthy. The impact of this growth in wealth may have a severe impact on the future threat landscape.More
Story image
One Identity reaches out to SolarWinds customers following breach
According to the company, this free assessment seeks to help organisations navigate through times of uncertainty as attacks continue to grow in sophistication and complexity across the broad range of identity-centric risks.More
Story image
LogRhythm buys out MistNet to bolster analytics capabilities
LogRhythm says its aim is to bring stronger levels of machine learning-based detection and response.More
Story image
App security not keeping up with rapid development — Radware
“With more than 70% of respondents reporting that their production apps have already left the data centre, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.”More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More