One part of our mission at ExtraHop is to help reduce the amount of time, effort, and expertise required to pull actionable insights from network data. As such, we are always working with our customers to improve the platform and their experience—and importantly, soliciting new feature requests.

That's why we're particularly excited to announce a new user-driven feature being rolled out with the latest RevealX release, Peer-to-Peer Traffic Visualizations, made possible by a new dynamic IP filter option in the platform.

This new functionality lets users isolate and visualize the communications between any given device on the network and a single IP address or network segment, to help support use cases ranging from troubleshooting and policy validation to threat hunting and root cause analysis. The new filters will automatically appear within any existing dashboard that supports drilldown by IP address, and it can be used for any new reporting moving forward.

New dynamic IP filter in RevealX platform

Let's take a look at why we're so excited to deliver peer-to-peer visualization.

What Is Peer-to-Peer Visualization?

Within RevealX, Device Pages offer a detailed view of all of the information RevealX can discover about a device–like its role, what software it’s running, what traffic it handles, and associated IP addresses. Importantly, those pages also provide visualizations for that data, which itself is invaluable for network troubleshooting.

However, until now, isolating information between a given device and a single IP address or CIDR block required users to pivot multiple datasets or charts to uncover information, often switching back and forth multiple times for certain use cases. The new dynamic filtering option streamlines this workflow by automatically pivoting entire datasets and dashboards by a given IP or CIDR block, enabling more efficient investigations and reducing unnecessary effort.

How to Use Dynamic Filters RevealX

Dynamic filters are a capability that can be used on any dashboard or set of charts within RevealX where IP drill-down metrics are available, including those based on custom user-defined metrics. The new filter will be automatically available once customers upgrade to the latest RevealX firmware.

To begin comparing segments, users simply enter the IP address or CIDR block in the filter box, then all of the charts and associated datasets will dynamically reflect the selected target.

Before the IP is filtered in RevealX

After the IP is filtered in RevealX

Use Cases for Dynamic IP Filtering

Long-time customers reading this blog may already be able to imagine several workflows where this new filtering would be useful. To add to that, here are some example use cases where we expect this feature could make a big initial impact:

Networking/DevOps/IT Ops

1. Root Cause Analysis: Isolate communications between device pairs or groups, such as app servers and databases, to rapidly pinpoint issues in an outage.
2. Change Impact Assessment: Compare network health between segments to assess how new deployments or configuration changes are performing.
3. Proactive Monitoring: Watch traffic between critical device groups, like load balancers and web servers, to detect and address emerging issues before they escalate.
4. Dependency Mapping: Visualize dependencies between systems or device groups, such as dev environments and CI/CD pipelines, for infrastructure planning or disaster recovery efforts.
5. Performance Troubleshooting: Precisely identify bottlenecks or latency between devices with debugging down to the protocol level.

Security

1. Threat Hunting: Focus on traffic between compromised devices or groups to isolate and track lateral movement.
2. Targeted Investigation: Drill down into interactions between device groups like administrator workstations and critical servers to uncover suspicious activity.
3. Policy Validation: Quickly and easily validate security policies by confirming only the intended permitted devices communicate.
4. Compliance Auditing: Effortlessly demonstrate compliance with audit requirements like PCI by showing that devices are communicating as intended—or not at all.
5. Malware Tracking: Inspect communication chains from device to device to track or retrace the spread of malware.

Dashboard in RevealX filtered by network segment

Get Started with Peer-to-Peer Visualization

Customers can learn more about peer-to-peer visualizations and dynamic filtering in RevealX by reaching out to their account representatives, or just by logging in and using the latest RevealX firmware.

For those who aren't customers yet, we encourage you to see all of the new features released in our launch blog, and then check out the self-guided demo on our site.