Subscribe

Corr-Serve salutes Azure inclusion of ExtraHop Reveal(x)


Johannesburg, 15 Nov 2018

Threat detection and investigation across cloud infrastructure is a challenge for any enterprise-grade security operations centre (SOC).

With the recent announcement that ExtraHop Reveal(x) is now available in Microsoft Azure Marketplace, visibility SOC teams can be extended from the data centre to the branch office to the cloud, and across all remote site deployments.

Corr-Serve, authorised distributor of ExtraHop Reveal(x), welcomed the addition for South African clients of an enterprise-grade network traffic analysis (NTA) solution that delivers threat detection and investigation purpose-built for the cloud.

"By integrating with Azure, customers can finally extend the visibility and response capabilities of their enterprise security operations centre to encompass cloud infrastructure," said Graeme Allcock, CEO of Corr-Serve. "Because Reveal(x) automatically discovers and classifies everything traversing the Azure environment, including rogue compute instances, it can deliver complete real-time visibility at cloud scale."

That data, Allcock explains, is correlated with event data from Azure Security Centre to create a unified analytics and investigation source for SOC teams that provides "always-on, always-everywhere visibility" across the hybrid attack surface.

The Reveal(x) NTA platform integrates with the Microsoft Azure Virtual Network Tap to analyse cloud-based application payloads at scale. ExtraHop has partnered with Microsoft Azure to natively integrate Reveal(x) with the Azure Virtual Network Tap to deliver a completely passive, agentless approach to network traffic analysis in the cloud.

With the introduction of Reveal(x) for Microsoft Azure, enterprises can effectively address shared responsibility models and prioritise use of security resources based on critical assets and risk, delivering complete visibility across each dimension of enterprise responsibility, including:

Applications and content: Integration with Azure Security Centre events enriches network-based threat detection with system-level activity (disabled logging, suspicious processes, suspect file execution), while real-time TLS 1.3 decode and transaction payload analysis spots threats and evaluates risk, even within PFS deployments.

Inventory and configuration: Automatic discovery and classification of all cloud assets gives cloud and security teams up-to-the-second understanding of the attack surface, including the ability to track rogue instances, even when logging is disabled, and instantly flag exposed resources.

Data access: Full support for Azure SQL Database and Azure Blob Storage protocols means visibility into behaviour, not just activity, while machine learning at the application layer provides immediate detection of exfiltration activity.

Identity and access management: Integration with Azure Activity Monitoring allows granular tracking of privilege manipulation, while analysis and machine learning performed on Microsoft Active Directory payloads surfaces and flags suspicious behaviour like credential harvesting and brute force login attempts.

Share

Corr-Serve

Corr-Serve is an authorised distributor of select IT performance monitoring and operations management products in southern Africa. The company provides partners and end-users with solutions to solve modern business challenges with tangible business benefits. Corr-Serve's portfolio of products reduces ICT spend and empowers informed decisions for operational excellence. Corr-Serve actively contributes to empowerment and transformation and is a level one contributor to the B-BBEE Code of Good Practice. Learn more at www.corrserve.co.za

ExtraHop

ExtraHop is the leader in analytics and investigation for the hybrid enterprise. It applies real-time analytics and advanced machine learning to every business transaction to deliver unprecedented visibility, definitive insights, and immediate answers that enable security and IT teams to act with confidence. The world's leading organisations trust ExtraHop to support core digital business initiatives like security, IT modernisation, and application service delivery. Hundreds of global ExtraHop customers, including Sony, Microsoft, Adobe, and DIRECTV, already use ExtraHop to accelerate their digital businesses. To experience the power of ExtraHop, explore our interactive online demo: www.extrahop.com/demo/

Editorial contacts