Content + Strategy

Blog

Here are some articles I’ve written for various clients.

Reveal(x) NDR with Native CrowdStrike LogScale Integration

As part of the 9.3 release of the Reveal(x) network detection and response (NDR) module, ExtraHop customers can now use a native integration with CrowdStrike Falcon® LogScale to integrate NDR telemetry with their XDR data. This enhanced functionality allows joint customers to send network logs from ExtraHop for long-term storage and analysis in Falcon LogScale to achieve broader, deeper visibility when identifying and responding to threats.

Get Even More Value from Reveal(x) NDR

ExtraHop empowers security analysts to act fast with the right tools and the features most useful to their role. The NDR module offers users a more streamlined experience with personalized dashboards and customized workflows to improve analysts’ productivity. The modularization also allows customers to easily add additional components—for IDS or packet forensics, for example—to their Reveal(x) deployment as their needs change.

With the 9.3 release, Reveal(x) NDR has expanded its detector coverage for lateral movement and post-compromise techniques. In addition, Reveal(x) NDR now features customizable enrichment links that make it easier for analysts to access even more threat intelligence from providers such as CrowdStrike Recorded Future, and CMDB. The NDR module also features new threat briefings that monitor for employee misuse of generative AI tools, MOVEit vulnerabilities, and other issues.

Integrations continue to play a key factor in maximizing customization. The Reveal(x) NDR module offers improved detection filtering, with SIEM and SOAR integrations, to reduce SOC alert noise. Meanwhile, Windows Agent Updates allow for a smoother installation and greater ability to run EDR agents alongside Reveal(x) sensors.

CrowdStrike LogScale is Now Native to Reveal(x)

Reveal(x) 9.3 also includes a newly-built native integration with the CrowdStrike Falcon LogScale observability and log management solution. This functionality will help customers using both Reveal(x) and Falcon integrate rich network telemetry with other security logs, increasing accuracy and reliability for threat hunters and analysts. The out-of-the-box integration gives customers a quick, simple way to gain visibility across the network and enrich SOC workflows.

With Reveal(x) NDR and Falcon Insight XDR, joint customers can continuously inventory all managed and unmanaged devices, rapidly detect attack behaviors, correlate available threat intelligence, and automatically quarantine impacted devices to stop breaches in progress.

The native integration brings together the power of two industry-leading cybersecurity solutions. CrowdStrike was named a Leader for the third consecutive time in the December 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. In June, ExtraHop was named a Leader in the inaugural Forrester Wave™: Network Analysis and Visibility, Q2 2023, earning the highest possible scores in 20 out of 29 criteria.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022.

Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from CrowdStrike. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Paul Ditty