ExtraHop August TL;DR

Welcome to the August edition of the ExtraHop TL;DR! This is your place to get the highlights on what we're talking about this month.

Live Attack Special Edition: Integrated Attack Response with ExtraHop + CrowdStrike

Check out this special edition of our live attack simulation series—featuring the ExtraHop and CrowdStrike integration. In this session, our experts will simulate attack techniques being used by modern intruders and demonstrate how defenders can use integrated network and endpoint intelligence to stop breaches in their tracks.

Scalable Packet Capture: Accelerate Compliance and Modernize Network Visibility

To be effectively used in cyber operations, network packet capture (PCAP) requires a daunting amount of time and effort to capture, analyze, and retain packet data. ExtraHop RevealX is an extensible PCAP repository that provides definitive packet data. This speeds root-cause analysis and helps fulfill mandated data retention and information sharing directives.

CyberRisk Alliance: Protect and Defend Against Ransomware Attacks

Ransomware gangs make every move they can to gain an edge, from utilizing widespread software vulnerabilities, common configuration errors and zero-day vulnerabilities to tricking end-users. Learn about the shift to turn encryption against defenders and the steps you can take to reclaim the advantage.

Customer Success: Multinational Retailer Combats Advanced Attacks with ExtraHop and CrowdStrike

Learn how this large retail company managed to secure their expanding attack surface—and a displaced remote workforce—with best-of-breed network visibility.

Threat of the Month: Malicious Port Scanning

Port scanning is a method attackers use to scope out their target environment by sending packets to specific ports on a host and using the responses to find vulnerabilities and understand which services, and service versions, are running on a host. The attacker is looking to ID specific services such as Active Directory, MSSQL, SMB/CIFS, SSH, etc. as well as what version of the software those hosts are running.

From the ExtraHop Blog

Take a look at some of our recent stories.

Integrate EDR and NDR for Comprehensive MITRE ATT&CK Coverage

Learn how network detection and response (NDR) and endpoint detection and response (EDR) compliment each other to provide broad, deep coverage of the MITRE ATT&CK framework.

What is a Cloud Workload Protection Platform (CWPP)?

Curious about what a cloud workload protection platform is and what it does? Get those answers and more, including a comparison to network detection and response (NDR).

In Other News

Read, watch, or listen to some interesting news from around the internet.

The Verge: Microsoft Catches Austrian Spyware Group Using Previously Unknown Windows Exploits

Microsoft's Threat Intelligence Center (MSTIC) recently disclosed that spyware developer DSIRF—under the codename KNOTWEED—was caught exploiting a zero-day vulnerability.

Dark Reading: New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

A recent wave of social media phishing schemes doubles down on aggressive scare tactics with phony account-abuse accusations to coerce victims into handing over their login details.