In his report “Network Security Trends in the Era of Cloud and Mobile Computing,” Enterprise Strategy Group’s Jon Oltsik notes that “61% of enterprises now divide their network security equally between perimeter and internal networks.” As this new emphasis on securing the internal network grows, IT and security teams are looking to next-generation network monitoring products to stay ahead of threats.
The integration of wire data from ExtraHop into the FireEye TAP delivers this next-generation visibility, arming IT security teams with an enriched security dataset, including the events and metrics needed to detect advanced persistent threats. ExtraHop wire data adds a new dimension of context to event streams being fed into TAP, which can then leverage rich insights from FireEye into threat actor profiles and behavior. This critical new data set cannot be sourced from machine or log data, but when combined and correlated together, ushers in a new era of near real-time threat analytics.
The integration sends the following crucial events and metrics to the FireEye TAP:
· DNS activity, including domain look-ups and possible command-and-control communications
Inbound and outbound HTTP payload data, including MD5 sums and threat signatures
Session tracking, such as unexpected SSH connections, from external or internal clients
Reconnaissance activity as attackers probe internal networks from compromised systems
Real-time data consumption to instantly recognise and alert on abnormal data rates indicating exfiltration from any system at any time
“Phishing attacks are one of the most pervasive ways that threat actors use to compromise endpoints," said Steve Pataky, vice president of worldwide channels and alliances at FireEye. “FireEye TAP significantly improves an organisation’s capabilities to detect advanced attacks, and when combined with wire data from ExtraHop, TAP gives incident responders and security teams near real-time, actionable intelligence in a central dashboard where they can quickly identify and respond to the most critical events.”
“In less than a year, we’ve witnessed two of the most significant zero day events in history, Heartbleed and Shellshock. The rapid exploitation of these vulnerabilities, along with a number of high-profile data breaches, underscores the need for a more proactive, pervasive approach to IT security monitoring and forensics,” said Erik Giesa, Senior Vice President of Worldwide Marketing and Business Development, ExtraHop. “This integration between ExtraHop and FireEye merges the critical next-gen network intelligence provided by wire data with the industry-leading threat analysis offered by the TAP solution, equipping IT security teams with the most complete visibility and threat detection on the market.”