Content + Strategy

Blog

Here are some articles I’ve written for various clients.

Introducing ExtraHop IDS: Next-Gen Intrusion Detection

ExtraHop today announced the next evolution of intrusion detection technology with ExtraHop IDS. This new solution, combined with the Reveal(x) network detection and response (NDR) platform, provides companies with expanded detection coverage through tens of thousands of reputable network signatures.

When deployed with Reveal(x) or Reveal(x) 360, ExtraHop IDS provides security teams with high-fidelity, real-time detection of known and unknown malware and exploits, including detection of known threats hiding in encrypted network traffic. It also facilitates advanced triage and investigation through risk scoring and correlation capabilities, as well as native and turn-key integrations with CrowdStrike, Splunk, and other leading security providers.

The Problem ExtraHop IDS Solves

Many organizations are finding that the legacy IDS tools they deployed to meet regulatory compliance and cyber insurance requirements don’t provide quality alerts: they produce numerous alerts, but with little to no context for investigation and response, and even as an increasing number of threats slip past them. Moreover, most IDS solutions can’t detect threats in encrypted network traffic, which creates a huge blindspot for organizations at a time when roughly 85% of network traffic is encrypted. This blindspot puts internet-facing assets like email and web servers at greater risk for being exploited as an entry point for bad actors.

While IDS was designed to detect and secure the network perimeter from attacks like port scanning, SQL injections, and buffer overflows, new adversary tactics, techniques and procedures have exposed the limitations of IDS tools. As attackers have become more strategic and malicious, organizations need to pivot to a comprehensive defense solution.

ExtraHop IDS Capabilities and Benefits

ExtraHop IDS offers critical capabilities to streamline workflows and more effectively stop threats:

  • Automated, high-fidelity signature-based detections curated by the ExtraHop Threat Research team, based on feedback from thousands of real-world networks.

  • Rapid CVE detection with tens of thousands of signatures from reputable sources such as the Emerging Threats Pro (ET Pro) rule set.

  • Automated cloud updates to sensors within minutes of rules being published.

  • Integrated security technologies to reduce overhead, simplify management, and improve response time.

  • Out-of-band sensor eliminates the impact on network performance.

The combination of Reveal(x) with ExtraHop IDS allows customers to deploy and manage their cloud-enabled IDS sensors from the same console as their NDR sensors, which helps to streamline detection, investigation and response, and gives security leaders the opportunity to consolidate security technologies without compromising functionality. Customers also gain unrivaled network-based detection logic to identify malware command and control communications, known bad landing pages, botnets, communication with drive-by download sites, and other advanced threats. Our comprehensive rule set includes:

  • Major malware families covered by command and control channel and protocol.

  • Detection across all network-based threat vectors, from SCADA protocols and web servers to the latest client-side attacks served by exploit kits.

  • The most accurate malware call-back, dropper, command-and-control, obfuscation, exploit kit related, and exfiltration signatures the industry can offer.

  • Coverage for in-the-wild CVE vulnerabilities, including Microsoft MAPP and Patch Tuesday updates.

CISOs and security teams can no longer support operationally intensive technologies like legacy IDS. They need a more comprehensive security posture that can unmask modern adversaries, reduce dwell time, improve operational efficiencies, and support compliance requirements. To learn more about ExtraHop IDS and how it can take your network security to the next level, read the solution brief.

Paul Ditty