Content + Strategy

Blog

Here are some articles I’ve written for various clients.

ExtraHop, Binary Defense Deliver Managed Network Detection and Response

Over the last two decades, cybersecurity has evolved from a perimeter-centric model to one that acknowledges a largely dissolved perimeter. This evolution has largely been driven by three issues that weren’t factors twenty years ago: technology complexity, stemming from employee mobility, cloud computing, and other trends; obscured visibility as networks grew, transformed, and accrued technical debt; and massive increases in the volume of data and alerts security teams must analyze.

As complexity rose, visibility dropped, resulting in very few network operators having a reasonable level of confidence in their understanding of their own infrastructure. Meanwhile, increases in operational technology, combined with various business trends and cycles of expansion and contraction, compounded these complexity and visibility challenges and led security practitioners to a place where we’re not certain what’s on our networks, where those things reside, or what risk they pose to our organization.

To make matters worse, as network complexity ratcheted up, security teams have attempted to keep pace by placing more security devices throughout their networks. The increase in security devices has led to a surge in low-fidelity alerts and false positives, which in turn have driven the need to perform more manual investigations and build larger and larger SOC teams at a time when demand for cybersecurity practitioners vastly outpaces supply.

Enter Network Detection and Response (NDR)

Against this backdrop of technology change and security challenges, NDR has emerged over the past several years as a remedy for the triple hurdles of complexity, visibility and volume. It delivers high-confidence visibility into managed and unmanaged devices, higher fidelity data for threat detection, and integrated response capabilities. The net result is a decrease in complexity, an increase in visibility, and a manageable alert volume.

In order to make it even easier for organizations to use Reveal(x) 360, our industry-leading NDR solution, ExtraHop is excited to announce a strategic partnership with Binary Defense, the industry’s premier managed detection and response (MDR) provider. By delivering ExtraHop Reveal(x) 360 as a managed service, ExtraHop bundles technology with security expertise to deliver the power of NDR to organizations who don’t want to implement and manage it themselves. Managed NDR delivers mission-critical technology without increasing any potential operational burden on security teams.

Delivering Managed Network Detection and Response (mNDR)

ExtraHop’s powerful mNDR solution is designed to reduce operational burden while providing unparalleled security value to the SOC. Complete packet-level visibility, even into encrypted traffic and at the protocol level, at the speed of the world’s fastest networks, provides rapid value to security organizations. Our solution helps eliminate blind spots and gives threat hunters the ability to detect lateral movement and respond to threats faster without deploying any more agents. Integrating this service and platform into an organization’s existing security stack ensures operational benefits without the traditional drawbacks.

For SOC teams, alert triage and response is always going to be part of the job, but with advanced behavioral analytics and context-rich investigative workflows, ExtraHop technology reduces the number of false positives SOC teams will have to waste their time on.

For organizations that recognize the critical value of NDR in threat detection, response and network forensics, an mNDR service is an easy choice. ExtraHop mNDR delivered by Binary Defense helps organizations rapidly realize the value of ExtraHop NDR with a world-class SOC that lowers security operations overhead, lets customers’ security teams focus on prioritized incident response and remediation, and helps guide meaningful remediation and incident resolution. Incidents will happen, but catastrophic breaches don’t have to.

Paul Ditty