With the latest release of RevealX, ExtraHop is reinventing Network Detection and Response and setting the standard for modern NDR with a range of new features and enhancements designed to accelerate security investigations. Here’s what’s new and how these features deliver greater value to security teams.

Premium Investigation: Extensible Network Intelligence

Premium Investigation is a new option in RevealX 360 for securely storing and analyzing network records in the cloud to enhance threat hunting, incident response, and regulatory compliance requirements.

It addresses the challenges of managing increasing alert volumes, detecting threats hidden in encrypted traffic, and automating security workflows to reduce manual effort and improve response times by allowing users to programmatically access and share network records (network history), going back as much as 365 days.

Premium Investigation also provides security analysts, incident responders, and threat hunters extended coverage for Automated Retrospective Detections (ARD), to automatically query network records as far back as 30 days for indicators of emerging and zero day threats.

Additionally, access to Premium Investigation via REST API allows users to share network records from RevealX 360 with SIEM, SOAR, and other security tools. REST API access lets analysts include network records in existing automated workflows and dashboards, streamlining investigation and reducing Mean-Time-To-Respond (MTTR). It also enables users to query records directly from other tools, facilitating workflow consolidation and reducing the amount of swivelling analysts need to do between disparate security tools.

Ultimately, Premium Investigation enhances detection of emerging threats, streamlines investigations through controlled automation, reduces MTTR, enables proactive threat hunting, and supports compliance with tailored record storage options ranging from 30-, 60-, 90-, 180-, and up to 365 days.

Native SIEM Integrations: Enhanced Ecosystem Connectivity

Organizations using IBM QRadar, Microsoft Sentinel, and Google Security Operations SIEM can now seamlessly export RevealX detection data and network intelligence to those platforms through native integrations. ExtraHop previously announced native integrations with CrowdStrike Falcon Next-Gen SIEM and Splunk Enterprise Security SIEM.

By exporting RevealX detections into their SIEM, security teams vastly expand their threat visibility. They can also can more efficiently and effectively investigate high-risk incidents. By decrypting, monitoring, and analyzing network traffic, RevealX can detect threats that other SIEM data sources (e.g., logs, firewalls, agent-based tools) can miss.

These integrations empower security teams by:

• Unifying Data: Enrich SIEM logs with RevealX network insights, providing a more comprehensive picture of activity across environments.
• Improving Detection Accuracy: Advanced threat detections from RevealX can be directly exported to SIEMs, augmenting their analysis capabilities.
• Simplifying Operations: Streamline workflows with ExtraHop Smart Triage, customizable dashboards and correlation rules, and custom detection field and payloads.

With these new native integrations, organizations can maximize the value of their existing SIEM investments while leveraging the unparalleled visibility of RevealX.

User Identity Detections: Bringing User Context to Network Detections

RevealX now associates user identities with detections and enables analysts to filter detections by username. This feature addresses the widespread exploitation of legitimate user credentials by threat actors and helps security analysts identify potential insider threats or compromised users by giving analysts the ability to correlate detections based on user identity.

Searching detections by username offers several valuable benefits:

User-Centric Threat Analysis: Directly targeting detections by username allows you to assess security events specific to an individual user, identifying patterns that might indicate compromised credentials, suspicious activity, or anomalous behavior linked to that user.

Incident Correlation: Searching by username enables you to correlate various detections tied to the same user, helping to uncover wider attack patterns or connections to other security incidents, especially if they involve lateral movement or privilege escalation.

Investigation Efficiency: This ability streamlines incident response, as analysts can focus on a specific user rather than filtering through unrelated detections. This is particularly useful in large environments where multiple detections can quickly become overwhelming.

Compliance and Auditability: Certain compliance regulations require detailed tracking of individual users’ activities. Searching by username helps meet audit requirements by providing a clear, user-specific history of detections and actions taken.

Risk Assessment and Prioritization: Knowing which users are repeatedly involved in detections allows you to prioritize monitoring and defenses, especially for high-risk users or those with access to sensitive resources.

Simplified Reporting: It provides straightforward data for compiling reports, especially for stakeholders interested in understanding user-specific security postures or recurring issues tied to particular roles or departments.

This functionality essentially makes threat hunting, incident response, and compliance audits more effective and streamlined.

A Unified Platform for Tomorrow’s Challenges

RevealX is designed with one goal in mind: to empower security teams to do more with less. By integrating these new features into a single, cohesive platform, we’re helping organizations:

• Accelerate threat detection and response.
• Streamline workflows and improve efficiency.
• Reduce operational costs while increasing security effectiveness.

With Premium Investigation, advanced SIEM integrations, and user identity detections, RevealX provides the tools security teams need to stay ahead in a rapidly evolving threat landscape.

Ready to see RevealX in action? Get a demo today and discover how these new capabilities can transform your security operations.