Threat detection and investigation across cloud infrastructure is a challenge for any enterprise-grade security operations centre.
With the recent announcement that ExtraHop Reveal(x) is now available in Microsoft Azure Marketplace, visibility can be extended from the data centre to the branch office to the cloud, and across all remote site deployments.
Corr-Serve, authorised distributor of ExtraHop Reveal(x), will be showcasing the product at the forthcoming ITWeb Cloud Summit, showing South African clients an enterprise-grade network traffic analysis (NTA) solution that delivers threat detection and investigation purpose-built for the cloud.
"By integrating with Azure, customers can finally extend the visibility and response capabilities of their enterprise security operations centre to encompass cloud infrastructure," said Graeme Allcock, CEO of Corr-Serve. "Because Reveal(x) automatically discovers and classifies everything traversing the Azure environment, including rogue compute instances, it can deliver complete real-time visibility at cloud scale."
That data, Allcock explains, is correlated with event data from Azure Security Centre to create a unified analytics and investigation source for SOC teams that provides "always-on, always-everywhere visibility" across the hybrid attack surface.
The Reveal(x) NTA platform integrates with the Microsoft Azure Virtual Network Tap to analyse cloud-based application payloads at scale. ExtraHop has partnered with Microsoft Azure to natively integrate Reveal(x) with the Azure Virtual Network Tap to deliver a completely passive, agentless approach to network traffic analysis in the cloud.
With the introduction of Reveal(x) for Microsoft Azure, enterprises can effectively address shared responsibility models and prioritise use of security resources based on critical assets and risk, delivering complete visibility across each dimension of enterprise responsibility, including:
Applications and content: Integration with Azure Security Centre events enriches network-based threat detection with system-level activity (disabled logging, suspicious processes, suspect file execution), while real-time TLS 1.3 decode and transaction payload analysis spots threats and evaluates risk, even within PFS deployments.
Inventory and configuration: Automatic discovery and classification of all cloud assets gives cloud and security teams up-to-the-second understanding of the attack surface, including the ability to track rogue instances, even when logging is disabled, and instantly flag exposed resources.
Data access: Full support for Azure SQL Database and Azure Blob Storage protocols means visibility into behaviour, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity.
Identity and access management: Integration with Azure Activity Monitoring allows granular tracking of privilege manipulation, while analysis and machine learning performed on Microsoft Active Directory payloads surfaces and flags suspicious behaviour, like credential harvesting and brute force login attempts.
ITWeb Cloud Summit has become SA's top annual cloud event, providing a platform for business decision-makers, cloud experts, researchers and industry practitioners to exchange ideas, discuss new advances in the strategy and practice of cloud computing. For more information, go to https://v2.itweb.co.za/event/itweb/cloud-summit-2019/.
Share