ExtraHop accelerates security operations with Splunk SOAR
ExtraHop has announced a new integration between Reveal(x), its network detection and response (NDR) platform, and Splunk SOAR.
Using the Reveal(x) integration, Splunk SOAR users have expanded visibility with insights from IoT to the cloud, including unmanaged devices, legacy systems, and all network assets.
In addition, users can correlate logs with network intelligence to gain a greater understanding of threats and more confidence in the automation of tier 1 and tier 2 incident response.
Analysts and IT security managers receive thousands of alerts daily, many of which are ignored due to bandwidth.
In fact, according to a research study by ESG, 27% of cybersecurity teams surveyed said they spend most of their time addressing cybersecurity emergencies, not top-tier priorities, leaving them little time to work on strategy or process improvement. Even more alarming, 23% said being unable to keep up with the workload contributed to security events in the past two years. Most security teams don’t have enough staff to stay on top of their workload and be effective.
SOAR platforms excel at streamlining data-gathering from multiple security tools into a single interface. Still, logs alone are not always reliable and can be inaccurate, disabled, or destroyed by adversaries.
ExtraHop for Splunk SOAR enables security teams to improve any SOAR playbook with high-fidelity data about detections, devices, network artifacts, or even full packet capture.
In addition, Reveal(x) covers more network-detectable MITRE ATT&CK techniques than any other NDR product, covering nearly 90%, including privilege escalation, lateral movement, exfiltration, and command and control.
“The network is a source of ground truth, difficult for an attacker to evade, and nearly impossible to turn off. As such, network traffic analysis offers an effective means to detect suspicious behaviours and potential threats with high signal and low noise,” says Jesse Rothstein, Co-Founder and CTO, ExtraHop.
“Our new integration with Splunk SOAR combines our rich, contextualised data with an advanced platform to enable defenders to prioritise alerts, accelerate investigation, and run trusted playbooks to ultimately stop threats faster.”
With expertise in attack detection, unusual behaviour, and risk analysis, ExtraHop provides insights and full context analytics powered by its cloud-based machine learning. As a result, security analysts can respond to alerts that matter and automatically gather everything they need to know about an incident before they start investigating.
“This integration between Splunk and ExtraHop helps overburdened SOC analysts streamline their workflow so they can leverage out-of-the-box playbooks to handle low level alerts and focus on orchestrating the response and forensics needed for the alerts that matter,” says Chris Kissel, Research Vice President, Security and Trust, IDC.
“A key benefit of integrating with ExtraHop is visibility into encrypted traffic. Encryption is vital for security and privacy, but it can be a double-edged sword when attackers use it to hide their actions. ExtraHop decrypts traffic and provides near real-time insights that are vital for SOC analysts to make faster decisions," he says.
“Together, ExtraHop and Splunk significantly increase the visibility we have into our environment, and the integration between products reduces the amount of time it takes our analysts to address security threats,” says Dan White, Network Engineering Manager, Ketchikan Public Utilities.