ExtraHop, a leader in cloud-native network intelligence, announced an integration between Reveal(x), its network detection and response (NDR) platform, and Splunk SOAR. Using the Reveal(x) integration, Splunk SOAR users have expanded visibility with packet-level insights from IoT to the cloud including unmanaged devices, legacy systems and all network assets. Users can correlate logs with network intelligence to gain a greater understanding of threats and more confidence in the automation of tier 1 and tier 2 incident response.
Analysts and IT security managers receive thousands of alerts every day, many of which are ignored due to bandwidth. According to a research study by ESG, 27 percent of cybersecurity teams surveyed said they spend most of their time addressing cybersecurity emergencies, not top-tier priorities, leaving them little time to work on strategy or process improvement.
Even more alarming, 23 percent said not being able to keep up with the workload contributed to security events in the past two years. Most security teams simply don’t have enough people staffed to stay on top of their workload and be effective.
SOAR platforms excel at streamlining data-gathering from multiple security tools into a single interface but logs alone are not always reliable and can be inaccurate, disabled or destroyed by adversaries. ExtraHop for Splunk SOAR enables security teams to enrich any SOAR playbook with high-fidelity data about detections, devices, network artifacts or even full packet capture. In addition, Reveal(x) covers more network-detectable MITRE ATT&CK techniques than any other NDR product, covering nearly 90 percent — including privilege escalation, lateral movement, exfiltration, and command & control.
With strong expertise in attack detection, unusual behavior and risk analysis, ExtraHop provides reliable insights and full context analytics, powered by its cloud-based machine learning. Security analysts can respond to alerts that matter and have everything they need to know about an incident automatically gathered before they start investigating.
Register Now: Extract Value From Your SOAR Faster with NDR
To learn more about how to detect unknown threats and accelerate response times with integrated Reveal(x) and Splunk, visit extrahop.com/splunk. The on-prem and cloud versions of Splunk SOAR will be available soon on Splunkbase.