Blog
ExtraHop Demonstrates AI/ML Prowess in Latest RevealX Updates
ExtraHop
May 7, 2024
The latest release of RevealX™ harnesses the power of generative AI and cloud-scale machine learning to improve SOC analysts’ efficiency and expedite everything from detection to investigation to threat remediation and incident response.
RevealX 9.6 includes three major new capabilities for end users:
AI Search Assistant - A first among network detection and response (NDR) providers, AI Search Assistant democratizes threat hunting by allowing end users at any skill level to navigate the vast features of RevealX using natural language search queries.
Smart Investigations - An automated investigation workflow, Smart Investigations automates the cumbersome and time consuming process of correlating detections for high-risk attack patterns and creating incident case files for analysts.
BYO Threat Intelligence - Allows customers to import threat intelligence from ISACs and other free and paid services via STIX and TAXII integration.
AI Search Assistant, Smart Investigations, and other existing features like Smart Triage combine to form a powerful set of AI tools in the RevealX platform designed to automate SOC workflows and relieve analyst fatigue. Here’s a closer look at each of the new capabilities.
AI Search Assistant
AI Search Assistant uses a large language model (LLM) to help end users quickly ramp up on RevealX and gain immediate value from the platform. It allows users to enter natural language search queries, and in response, it delivers intuitive, actionable answers.
For example, an analyst can ask, “What devices are not running Crowdstrike?” or “Which devices that are not running CrowdStrike are generating Cobalt Strike detections?” and the AI Search Assistant will generate a list of anything that matches the criteria in the question.
This functionality helps organizations reduce risk and build resilience by allowing users to quickly discover the devices most at risk of being breached, with no ramp up or training required. It quickly closes domain and product proficiency gaps by enabling any security analyst–even someone who has no experience with RevealX–to log in, express themselves in natural language, and get useful, intelligent results. AI Search Assistant even gives end users suggestions on how to query the product.
AI Search Assistant
Smart Investigations
Alert fatigue: It’s the bane of every security analyst’s experience. The sheer volume of alerts, combined with the labor-intensive process of piecing them together into an investigation, leads to analyst burnout and causes threats to slip through the cracks. The longer investigations take, the longer threat actors can lurk undetected and the higher the risk of data theft. This is the problem Smart Investigations was built to solve.
Smart Investigations automatically generates investigations containing detections that match a high-risk attack pattern template, and quickly aggregates information that conveys the full story of an attack.
A risk-based incident response approach helps SOC teams streamline and prioritize incident and alert analysis. Smart Investigations detections are driven by our industry-leading machine learning architecture aggregated together based on timeframe and detection type, and the templates are curated to focus solely on high-risk metrics to reduce the “noise” of too many investigations.
Smart Investigations also benefits from the market-leading decryption capabilities in RevealX, allowing for enriched context in each detection and stronger pattern matching of aggregated detections, leading to a Smart Investigation. Analysts can export investigations from RevealX to their SIEM or SOAR using turnkey integrations for leading providers like Splunk.
BYO Threat Intelligence
With Bring Your Own (BYO) Threat Intelligence, RevealX will connect with an organization’s STIX and TAXII feeds to import threat intelligence for detection and enrichment to reduce mean time to detect (MTTD) and mean time to respond (MTTR).
BYO Threat Intelligence will configure a single TAXII service that discovers available data collections and updates detection cards to reflect collection matches. It gives organizations the ability to use premium, paid, or free threat intelligence sources, including threat intelligence platform (TIP) technology that collects, aggregates, and organizes threat intel data from multiple sources and formats, and Information Sharing and Analysis Centers (ISACs).
This feature also enhances the threat intelligence page to give users a single view of their configured TAXII collections, including last update and imported statistics. Within detection cards, it shows where the important indicators of compromise (IOCs) have been used.
Make sure to check out our full release notes for the most comprehensive view of our 9.6 release updates.