ExtraHop Expands XDR Partnership with CrowdStrike and Introduces Native Push-Button Response for Precise Threat Quarantine

New capabilities build on existing detection, investigation and response integrations between ExtraHop Reveal(x) and the CrowdStrike Falcon platform, adding highly targeted, intelligence-driven response to the CrowdXDR alliance

SEATTLE, July 12, 2022–(BUSINESS WIRE)–ExtraHop, the leader in cloud-native network intelligence, today announced an integration with CrowdStrike, a leader in endpoint, workload, identity and data protection in the cloud, which allows security analysts to move from detection to threat containment and investigation. with a single click. The new push-button response integration extends the best-in-class Extended Detection and Response (XDR) partnership between the two companies, allowing users to quarantine individual assets from detection directly in Reveal(x), then pivot seamlessly into a survey workflow. Armed with this capability, defenders can act with speed and precision, speeding up response times and minimizing business impact.

The new native push-button response functionality in ExtraHop Reveal(x) gives defenders the tools they need to dramatically speed up containment while minimizing disruption to the organization. Unlike automated response offerings, push-button response gives security analysts the ability to control how and when assets are quarantined based on high-fidelity detections and rich intelligence that spans from network to the terminal.

“Over the past five years, the security pendulum has begun to swing more significantly toward a detect-and-response model that assumes that even the best perimeter defenses will eventually be breached,” said Jesse Rothstein, co-founder and technical director of ExtraHop. “But many organizations remain reluctant to further invest in this approach due to the complexity of playbook-based response. With our new native push-button response, we continue to build on our partnership with CrowdStrike and the capabilities of integration of existing responses to give defenders the ability to quickly and accurately quarantine compromised devices without massive disruption to the organization.”

“This new capability enables faster resolution and faster response time, allowing teams to focus on critical assets and resources,” said Chris Kissel, research director, security and trust, IDC. “The focus on streamlining the work of the overworked SOC analyst adds real value for defenders.”

The Push Button Response integration builds on ExtraHop’s existing partnership with CrowdStrike which offers integrations across the entire CrowdStrike Falcon platform, including Falcon X, Threat Graph, Falcon Insight (with real-time response), Humio and Falcon XDR, to bring the best of -breed XDR to their joint customers around the world.

  • Unified Threat Intelligence: Reveal(x) 360 correlates CrowdStrike Falcon X Indicators of Compromise (IOC) and CrowdStrike Falcon platform security telemetry with network details and behavioral information to provide comprehensive coverage. The data is correlated and contextualized in the Reveal(x) console.

  • Real-time detection: Through the integration of Reveal(x) 360 and the CrowdStrike Falcon platform, security teams can quickly detect threats observed on the network such as network elevation of privileges, lateral movements, access connections to suspicious distance and data exfiltration. They can also thwart attack techniques occurring on the endpoint, including ransomware, local file enumeration, process spawning, and code execution. This provides full coverage across the entire attack surface.

  • Instant response: With the new push-button response offering, security analysts can use the network containment capability of the CrowdStrike Falcon platform to instantly quarantine a device with a single click in the Reveal(x) platform . This approach cuts off attackers’ access to network resources and endpoints, stopping an attack in progress without disrupting business or slowing down an analyst’s investigative workflow.

  • Continuous Endpoint Visibility: With automatic device detection and classification, Reveal(x) continuously updates and maintains a list of threat-affected devices, even on devices where the CrowdStrike Falcon agent is not yet present. This alerts CrowdStrike customers to newly connected and potentially compromised devices that require instrumentation for device-level visibility. It also expands edge visibility to include IoT, bring your own device (BYOD), and agent-incompatible devices.

Learn more about the power of ExtraHop + CrowdStrike

“With new, advanced and evolving threats challenging organizations daily, security teams must act with impeccable speed and precision to protect the business from a breach,” said Geoff Swaine, vice president of global programs, stores and alliances at CrowdStrike. “Our close partnership and breadth of integration with ExtraHop helps unify security telemetry across the network and endpoints, providing customers with enhanced detection and response capabilities to stop advanced threats faster. This new capability offered in the ExtraHop platform helps deepen our integration, enabling security teams to take quick and accurate action for more effective detection, investigation and response to threats across all IT environments.”

ExtraHop is also a launch partner of the CrowdXDR Alliance, joining forces to establish a common XDR language for sharing data between security tools and processes to enrich threat detection and hunting capabilities. A recent join online seminar explains how to make XDR a reality.

Additional Resources

About ExtraHop

Cyber ​​attackers have the advantage. ExtraHop is on a mission to help you get it back with security that cannot be undermined, foiled or compromised. Our dynamic cyber defense platform, Reveal(x) 360, helps organizations detect and respond to advanced threats, before they compromise your business. We apply cloud-scale AI to petabytes of traffic per day, performing in-line decryption and behavioral analysis across all infrastructure, workloads, and data in progress. With the full visibility of ExtraHop, organizations can detect malicious behavior, hunt advanced threats, and forensically investigate any incident with confidence. ExtraHop has been recognized as a market leader in network detection and response by IDC, Gartner, Forbes, SC Media and many others. Learn more about www.extrahop.com.

© 2022 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise and ExtraHop are registered trademarks or trademarks of ExtraHop Networks, Inc.

See the source version on businesswire.com: https://www.businesswire.com/news/home/20220712005018/en/


Ashley Stewart
[email protected]