Organizations today are faced with growing challenges, when it comes to defending against increasingly sophisticated cyber-attacks. Ransomware, software supply chain attacks, denial of service, malware, botnets, social engineering – a seemingly infinite list of attack techniques are upping the ante and driving security teams to burnout.
Attackers have at their disposal a plethora of known Common Vulnerabilities and Exposures (CVEs), as well as unknown zero-day techniques.
complexity of enterprise IT environment
At the same time, the complexity of the enterprise IT environment is increasing and the attack surface is growing rapidly, due to continued trends of remote work, work from home, cloud services, and bring your own device (BYOD) policies.
The rapid evolution of the threat landscape drives a need to provide broad visibility and security in increasingly complex hybrid architectures. Keysight and ExtraHop have partnered to deliver the data, the analysis, and the detection and response capabilities necessary to stop advanced threats.
Securing the hybrid enterprise with network intelligence
Cloud native security mechanisms exist, and are valuable for security triage and alerting
Hybrid architectures include traditional on-premises data centers, virtualized resources, remote and home offices, and public cloud hosted applications. Cloud native security mechanisms exist, and are valuable for security triage and alerting, but tend to rely on data sources such as logs, APIs and metrics. Such data sources are vulnerable to evasion techniques increasingly being used by attackers.
Furthermore, less granular data is unable to expose the full details of a sophisticated attack. On the other hand, having copies of all the network packets ensures access to all data potentially being exploited by hackers and propagating around the organization’s hybrid cloud.
Packets offer Complete source of network intelligence
Logging can be turned off by attackers, metrics don’t have as much granularity, and APIs are most suited to querying well known variables – but the packets provide a complete source of network intelligence.
Packets must be delivered to security tools for inspection and analysis. In traditional on-premises data centers, collection and delivery of packets has been accomplished using well known means such as switch mirrors, taps, and network packet brokers (Keysight refers to this as network visibility, and has delivered leading solutions in this area for many years).
However, the advent of hybrid cloud architectures has necessitated expanding visibility to the broader attack surface.
Virtualized taps and packet brokers
Keysight accomplishes this with the help of virtualized taps and packet brokers
Keysight accomplishes this with the help of virtualized taps and packet brokers, and a cloud network data collection solution we call CloudLens. This new visibility architecture can deliver copies of packets regardless of limits of access to the underlying network caused by obfuscation of infrastructure by cloud service providers.
Whether applications are hosted on VMWare, KVM, AWS, Azure or other CSPs, Keysight Visibility ensures consistent visibility, enabling network intelligence-based security analysis.
Furthermore, Keysight Visibility features such as de-duplication, masking of personal identification information, load balancing, and traffic sharing enable reliable, compliant data collection at the scale demanded by modern hybrid enterprises.
Keysight and ExtraHop detect advanced threats
Keysight and ExtraHop have partnered to offer a joint solution combining best of breed Keysight Visibility and ExtraHop Reveal(x) Network Detection and Response. Armed with data delivered by Keysight, ExtraHop can detect MITRE ATT&CK Tactics and techniques across every phase of the attack chain.
The ubiquitous hybrid coverage enabled by Keysight Visibility fuels ExtraHop’s detection capabilities inside the target enterprise, enabling rapid detection of intruder post compromise activity, including lateral movement, command & control, and data ex-filtration.
Rapid mitigation of ransomware, supply chain attacks
Early detection of these attack tactics allows rapid mitigation of ransomware, supply chain attacks, and other advanced threats. For example, recently, at a leading home improvement company, ExtraHop quickly identified a ransomware attack by observing its network behavior, including target enumeration and lateral movement inside the target environment.
The early detection by ExtraHop enabled quick security team response, resulting in zero downtime for the business, and $0 ransomware payment. Without such network-intelligence-driven detection and response capabilities, other organizations have not been so fortunate.
Keysight Network Visibility solution
Keysight delivers complete packet data from anywhere in the enterprise"
Chase Snyder, the Senior Product Marketing Manager at ExtraHop, said “Keysight Network Visibility solution is a vital enabler of ExtraHop’s ability to detect MITRE ATT&CK techniques and threats moving laterally throughout the hybrid cloud enterprise.”
Chase Snyder adds, “Keysight delivers complete packet data from anywhere in the enterprise, which is analyzed by ExtraHop Reveal(x) Network Detection and Response to catch even the stealthiest attackers. With the joint solution, our customers have the most complete coverage in Network Intelligence and Advanced Threat Detection.”
Exhibiting at RSA Security Conference 2022
ExtraHop and Keysight will be presenting about their joint Visibility and Network Intelligence solution, at the upcoming RSA Security Conference 2022, in San Francisco, California, USA.
Please join at 3:30 p.m. PST, on Wednesday, June 8, 2022, for the presentation, located at Keysight’s theater in the North expo hall booth #5873. Feel free to stay after the presentation, in order to talk to experts from ExtraHop and Keysight.
