ExtraHop, a leader in cloud-native network intelligence, announced an integration with CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, that takes security analysts from detection to threat containment to investigation with a single click.
The push-button response integration expands the extended detection and response (XDR) partnership between the two companies, enabling users to quarantine individual assets from a detection directly within Reveal(x) and then pivot into an investigation workflow. Armed with this capability, defenders can act with speed and precision, accelerating response times and minimizing the impact to the business.
The native push-button response feature within ExtraHop Reveal(x) gives defenders the tools they need to accelerate containment while minimizing disruption to the organization. Unlike automated response offerings, push-button response gives security analysts the ability to control how and when assets are quarantined based on high-fidelity detections and enriched intelligence that extends from the network to the endpoint.
“Over the past five years, the security pendulum has started to swing more meaningfully towards a detect-and-respond model that assumes even the best perimeter defenses will eventually be breached,” said Jesse Rothstein, co-founder and CTO, ExtraHop. “But many organizations remain reluctant to invest more in this approach due to the complexity of playbook-driven response. With our new native push-button response, we’re continuing to build on our partnership with CrowdStrike and existing response integration capabilities to give defenders the ability to rapidly and precisely quarantine compromised devices without causing massive disruption to the organization.”
The push-button response integration builds on ExtraHop’s existing partnership with CrowdStrike which offers integrations throughout the CrowdStrike Falcon platform, including Falcon X, Threat Graph, Falcon Insight (with Real Time Response integration), Humio, and Falcon XDR, to deliver best-of-breed XDR to their joint customers around the world.
- Unified Threat Intelligence – Reveal(x) 360 correlates indicators of compromise (IOCs) from CrowdStrike Falcon X and security telemetry from the CrowdStrike Falcon platform with network details and behavioral insights to deliver complete coverage. The data is correlated and contextualized in the Reveal(x) console.
- Real-time Detection – With the integration of Reveal(x) 360 and the CrowdStrike Falcon platform, security teams can detect threats observed on the network such as network privilege escalation, lateral movement, suspicious remote access connections and data exfiltration. They also can thwart attack techniques occurring on the endpoint, including ransomware, local file enumeration, process spawning, and code execution. This provides complete coverage across the entire attack surface.
- Instant Response – With the push-button response offering, security analysts can use the network containment capability of the CrowdStrike Falcon platform to quarantine a device with a single click within the Reveal(x) platform. This approach cuts off attacker access to network resources and endpoints, stopping an attack in progress without disrupting business or slowing an analyst’s investigation workflow.
- Continuous Endpoint Visibility – With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats, even on devices where the CrowdStrike Falcon agent is not present. This alerts CrowdStrike customers to connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents.