Date: 01/31/2024
Vendor: ExtraHop
Technology/Topic: Reveal(x) Network Detection and Response (NDR) Platform
TEM Video (milTube): https://www.milsuite.mil/video/watch/video/67393
Welcome to the Technical Exchange Meeting (TEM)!
ExtraHop is on a mission to stop advanced threats with security that can’t be undermined, outsmarted, or compromised. Our network detection and response (NDR) platform, Reveal(x), helps DoD detect and respond to advanced threats, before they compromise the mission. ExtraHop transforms DISA’s wire data into something usable and valuable. ExtraHop does deep packet inspection (layers 2 – 7) on the network traffic and converts the binary data into a structured and enriched format. We then apply advanced AI/ML to bubble up high fidelity and actionable detections. ExtraHop provides ML derived detections relevant to both the SOC and the NOC. With complete visibility from ExtraHop, DISA and its mission partners can detect malicious behavior, hunt advanced threats, find root cause of network performance issues, monitor workloads in the cloud and at the edge, and forensically investigate incidents with confidence.
According to Gartner and IDC, NDR is the second-fastest growing segment of the cybersecurity market, and for good reason. NDR provides critical visibility across infrastructure, workloads, and data-in-flight, allowing security teams to proactively identify, investigate, and respond to post-compromise activity. NDR paired with Endpoint Detection & Response (EDR) and SIEM/SOAR capabilities forms what Gartner dubs the “SOC Triad”. This SOC Triad provides the complete 360 visibility DISA is in pursuit of today. ExtraHop is a top vendor in the NDR category with growth that outpaces the segment. The difference is in both our technology and our approach.
Let’s start with technology. ExtraHop Reveal(x) Enterprise applies cloud-scale machine learning and AI to petabytes of traffic per day and performs line-rate decryption of SSL/TLS 1.3 encrypted traffic and behavioral analysis across all infrastructure, workloads, and data-in-flight. If an incident does occur, security teams have access to an unparalleled 90 days of historical packet lookback for forensic investigation. According to an independent study conducted by Forrester, ExtraHop customers reported being able to stop breaches 84 percent faster than before using Reveal(x).
ExtraHop works with customers, partners, and industry organizations like MITRE to propel the industry forward. ExtraHop partners with cloud providers and has made its solution available through the AWS Marketplace and with Google Cloud Platform. The virtual sensor can also run on Azure cloud. We are the first to provide either SaaS-delivered NDR or an on-premise solution, Reveal(x) provides one platform for network data that can exist across on-premises, hybrid, and multi-cloud enterprise environments. ExtraHop also supports edge use cases with ability to sync when network connectivity is available down range. ExtraHop integrates with other best-of-breed SOC and NOC solutions, such as ServiceNow, CrowdStrike, Palo Alto, Microsoft, and Splunk.
To join the DISA TEM mailing list, please contact: disa.tem@mail.mil
Disclaimer:
— TEMs do not serve as a marketing venue or request for proposal actions.
— TEMs shall not be interpreted as a commitment by the Government to issue a solicitation or ultimately award a contract.
— TEMs do not serve as an endorsement of any presented technologies or capabilities
— Presentations will not be considered as proposals nor will any awards be made as a result of a TEM session.
— TEMs are public open forums – no proprietary or sensitive information should be presented during TEM sessions. Only publicly facing content is permissible in DISA TEM sessions.