NIST INCIDENT RESPONSE FRAMEWORKMany SecOps teams base their capability requirements on the NIST framework for incident response, which lays out a set of capabilities necessary for success at each step of an investigation. Precise, high-fidelity data is the foundation of successful threat response and forensics.

PRECISE , HIGH-FIDEL IT Y DATA

INTEGR ATED DE TEC TION & INVESTIGATION FOR IMMEDIATE FORENSIC E VIDENCE

PROTOCOL DECODE & DECRYPTION WITH FULL PACKE T ACCESS

ROLE-BA SED ACCESS TO SESSION DECRYPTION KE YS

Forensic investigation of active or concluded threats has always been a time-consuming process comprising many manual, tedious tasks.

PREPARATION DETECTION ANALYSIS CONTAINMENT ERADICATION RECOVERY

ACCURATE DATA

PREDICTION

INTEGRATION

BEHAVIORAL ANALYSIS

INVESTIGATION

There is a better way.ExtraHop Reveal(x) auto-discovers and classifies every device on the network, then analyzes every transaction, decoding over 50 enterprise protocols and decrypting SSL/TLS traffic, even with PFS enabled, at up to 100Gbps to provide unprecedented visibility, definitive insights, and immediate answers for SecOps teams.

NETWORK FORENSICSWITH REVEAL(X)Network Traffic Analysis for the Hybrid Enterprise

NETWORK FORENSICSWITH EXTRAHOP REVEAL(X)

ABOUT EXTRAHOP NETWORKS

ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out. Whether you’re investigating threats, ensuring delivery of critical applications, or securing your cloud investment, ExtraHop’s breakthrough approach helps you rise above the noise so you can protect and accelerate your business.

© 2019 ExtraHop Networks, Inc. All rights reserved. ExtraHop is a registered trademark of ExtraHop Networks, Inc. in the United States and/or other countries. All other products are the trademarks of their respective owners.

520 Pike Street, Suite 1600 Seattle, WA 98101877-333-9872 (voice) 206-274-6393 (fax) info@extrahop.com www.extrahop.com

THE TRUTH IS ON THE NETWORKNetwork data is immutable. It can tell you what actually happened between any endpoints on a network, which is exactly what SecOps teams need when investigating active threats and past attacks. Reveal(x) provides the broadest and deepest network traffic analysis, enabling speedy access to pieces of data that are crucial for successful network forensics, including:

• Application layer transaction contents for 50+ enterprise protocols, decoded by Reveal(x) • DB queries, SMB/CIFS request details, and other application-layer (L7) details normally obscured by encryption or lack of visibility • Decrypted transaction contents, even with TLS 1.3 and PFS enable PRECISE , HIGH-FIDEL IT Y DATA

INTEGR ATED DE TEC TION & INVESTIGATION FOR IMMEDIATE FORENSIC E VIDENCE

PROTOCOL DECODE & DECRYPTION WITH FULL PACKE T ACCESS

ROLE-BA SED ACCESS TO SESSION DECRYPTION KE YS

PCAP OR IT DIDN'T HAPPENIn many forensic investigations, packet captures play a vital role in understanding what happened. Unfortunately, accessing and analyzing packet capture files can be a time consuming manual process.

With Reveal(x), analysts get instant access to the precise packets they need, pre-correlated with the transaction data and anomaly detections that triggered the investigation in the first place. By drilling into the exact, relevant packets using the seamless Reveal(x) UI, analysts can download far smaller PCAP files, which are easier to open and analyze in Wireshark if needed.

INTEGRATED DETECTION & FORENSICSTool bloat is a huge challenge for SecOps teams. Consulting multiple tools to piece together the puzzle of a forensic investigation costs time and energy that are in short supply for security teams, especially when a security breach is suspected.

Reveal(x) is the first security product to integrate behavioral analysis-driven threat detection with precision packet capture in a single, easy-to-use interface.

INSTANT, ROLE-BASED DECRYPTION ACCESSThe growing prevalence of encryption inside corporate networks has created a challenge for SecOps teams. When the majority of traffic is encrypted, it is hard to extract forensic evidence.

Reveal(x) provides instant, precise access to packets in just a click, along with a role-based capability for immediate, targeted decryption. Analysts with the highest privileges can download the session keys to decrypt only a particular set of packets, so they can access the forensic evidence they need instantly, and resolve investigations under short SLAs, with zero risk of compromising any other data.

Launch Our Live and Interactive DemoE X T R A H O P . C O M / D E M O

Lorem ipsum