Stop Breaches with Network Visibility

One of the biggest challenges facing security teams is that attackers know defenders can’t watch everything, particularly if defenders lack network visibility. Without network visibility, not only are organizations blind to how attackers are moving through their environment, they also have extremely limited visibility into the systems and data bad actors are accessing.

Zeppos Galanos, IT Security Officer at KONKAT ATE, an ITOps, SecOps, and DevOps service provider that is part of a large conglomerate based in Greece with businesses across the maritime shipping, oil and gas, media, and sports industries, is acutely aware of the value of network visibility.

KONKAT ATE has been an ExtraHop customer since 2022. Before implementing the RevealX network detection and response (NDR) platform from ExtraHop, KONKAT ATE relied primarily on EDR and SIEM for early threat detection. The company sought a network detection and response solution to complement its EDR and SIEM investments by providing real-time traffic analysis across its large network of hosts, applications, and services.

Zeppos recently joined Raja Mukerji, Co-Founder and Chief Scientist at ExtraHop, and Heath Mullins, Senior Principal of Product Marketing at ExtraHop (and former Forrester analyst), to discuss his team’s use of RevealX, the value of its integration with CrowdStrike Falcon EDR, and the significant difference RevealX has made in accelerating threat detection, investigation, response, and containment. View a recording of their conversation and read on for highlights.

How RevealX Provides KONKAT ATE With Unparalleled Visibility

The Konkat Information Technology Division of KONKAT ATE provides IT and security services for a variety of internal customers, from professional sports teams, luxury brands, and media conglomerates to maritime shipping companies and oil and gas companies. Zeppos leads a small, dedicated security department that is responsible for the security of each of these subsidiaries.

When Zeppos began looking for a network detection and response solution in 2022, he had several specific requirements: he wanted an NDR solution that combined network performance monitoring and metrics (for the NetOps team), real time, security-oriented traffic analysis (for the SecOps team), tactical cyber threat intelligence, and response automation.

KONKAT began an extensive proof of concept evaluation process with several NDR vendors, including ExtraHop, testing each solution for three months. In the end, KONKAT chose ExtraHop. The following factors set RevealX apart from competitors:

• Combines security and performance in a single platform. Network performance monitoring (NPM) enables KONKAT to troubleshoot network bottlenecks and gain a 360-degree perspective on the network.
• Provides powerful network traffic analysis and lookback capabilities. Full packet capture and flexible record storage grant security teams the power to “go back in time” to hunt for threats and analyze past incidents.
• Offers unmatched breadth of detection types. RevealX natively decrypts TLS 1.3 and SSL traffic; is fluent in over 90 network, database, and application protocols; and provides visibility across more network layers than competitors.
• Delivers AI and machine learning capabilities that augment analysts’ skills. Machine learning and AI provide insights that were impossible to get before. “It’s one thing to know host x is doing y,” says Zeppos. “It’s another to know it hasn’t done that in three months.”
• Straightforward user interface. A “thoughtfully designed, clear-as-can-be” interface makes life easier for analysts at KONKAT, with fewer clicks from alert to detection.
• Easy to deploy and integrate. RevealX integrated easily with pre-existing security solutions.

Faster Threat Detection, Investigation, and Automated Response

RevealX is the first tool the security team looks at in the morning. “Network performance and security monitoring has become very important to us. It’s at least as important to us as traditional host security monitoring,” says Zeppos, adding, “We enjoy coming into work in the morning and seeing what RevealX blocked overnight while the team was sleeping.”

With RevealX, KONKAT can see exactly what’s happening on the network in real time, which means the security team can make better decisions, faster. “You’re being helped, tremendously, by seeing the attack paths—exactly what was hit, and how—and from this, the SOC can better understand what type of malware you’re dealing with and how large the blast radius is,” says Zeppos.

Network Visibility Means You Don’t Need to Choose Between Security and Availability

Another significant benefit for Zeppos and his team is that with RevealX, they don’t need to choose between security and availability when they uncover an incident. That’s because RevealX automatically orchestrates responses to malicious activity across security tools, so the security team can respond without having to shut down the entire network and disrupt business operations.

Tight integrations between solutions mean that telemetry from EDR and SIEM solutions is cross-referenced against network telemetry from RevealX. The integration between RevealX and CrowdStrike Falcon EDR allows security analysts to isolate potentially compromised endpoints with a single click directly from the RevealX user interface, among other things. Similarly, RevealX can give a command to a firewall to block an IP address. These integrations enable security teams to lock attackers out of their environment with targeted actions.

Packets Don’t Lie

Network telemetry is a powerful resource for security and IT teams because threat actors can’t avoid or disable the network. The network is where attackers land, where they establish command and control and persistence, and where they move laterally. The network packets captured by an out-of-band network detection and response solution contain a wealth of information about threat actors’ activity. With a single data feed, organizations gain visibility beyond the endpoint, to see everything happening on the network. Says Zeppos, “When you can see suspicious activity on the wire, you can respond much faster than if you just have EDR or SIEM.”

Watch Zeppos Galanos, Raja Mukerji, and Health Mullins in conversation.