CrowdStrike and ExtraHop partner up to bolster cloud threat detection
ExtraHop has partnered with CrowdStrike, combining cloud-native detection and response with network-to-endpoint protection.
It comes as adoption of cloud services sees an unprecedented boom largely in response to its increased necessity throughout the COVID-19 era – but as ever, cyber attackers are loath to turn down an opportunity, and subsequently this rise in cloud adoption has exposed gaps in its security.
Threat actors have exploited misconfigured desktop protocol vulnerabilities and doubled down on phishing campaigns as millions work from home – and the integration announced by ExtraHop and CrowdStrike today is one of many attempts to prevent further breaches.
The partnership has culminated in an integration between ExtraHop Reveal(x) and CrowdStrike Falcon, which the companies say will marry network visibility, machine learning (ML) behavioural threat detection and decryption of SSL/TLS sessions.
Joint customers of the two companies can leverage the ‘best of both worlds’ – endpoint security and remediation of threats.
“Over the past five years, the security industry has undergone a seismic shift from a model of purely ‘prevention and protection’ to one that additionally delivers detection and response,” says ExtraHop co-founder and chief customer officer Raja Mukerji.
“CrowdStrike and ExtraHop have been at the forefront of that shift, arming security organisations with the situational awareness and control they need to protect businesses and consumers in a perimeter-less world.
“With this partnership and integration, our customers can now detect and respond to every threat from the core to the edge and everywhere in between.”
Here are the primary features of the new integration:
Security teams can detect threats observed on the network such as network privilege escalation, lateral movement, suspicious VPN connections and data exfiltration.
Greater visibility of threats occurring on the endpoint can also be leveraged, which can range from ransomware, local file enumeration, directory traversal, and code execution.
The Falcon platform is notified immediately if Reveal(x) detects urgent threats, where it can contain impacted devices.
This action severs access to network resources, ensuring the incident does not turn into a more serious breach.
Continuous endpoint visibility
With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats – even on devices where the CrowdStrike agent is not yet present.
This alerts CrowdStrike customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents.
“The threat environment continues to grow in complexity as sophisticated cyber adversaries advance their attack techniques, evading security controls and gaining access to corporate networks,” says CrowdStrike vice president of worldwide business development and channels Matthew Polly.
“Comprehensive visibility and real-time threat detection that allow for fast investigation and response at scale are imperative for organisations to spot and stop threats quickly.
“Through this partnership, CrowdStrike and ExtraHop are providing customers the ability to identify and respond to malicious activity across the entire attack surface with a fully cloud-native integration that allows them to adapt with speed and agility.”