Blog
SANS Review: Taking on Modern Threats
Analyzing Malicious Behavior Effectively with ExtraHop Reveal(x)
Carol Caley
January 26, 2021
When SANS wrote their 2019 review of ExtraHop Reveal(x) network detection and response (NDR), malware-based espionage and targeted phishing were top-of-mind. Even then, SANS acknowledged that most security tools weren't keeping up with attacker's evolving tactics.
Meanwhile, security teams were under increasing pressure to detect and respond to threats faster. With the benefits of robust east-west visibility, expanded monitoring on inbound and outbound traffic, and machine learning to ensure the accuracy of alerts, the 2019 version of Reveal(x) was a stand-out solution to the challenges of 2019 and, as it turned out, what was to come in 2020.
Over one year or a lifetime later (depending on your perception of time), the challenges that SANS mentioned in their 2019 review still hold true, but the enormity of change seen in 2020 has piled on a mountain of extra hurdles. The rapid shift to a remote workforce, growing ransomware warnings (especially true for the healthcare sector), and headline-grabbing attacks such as SUNBURST have changed the state of IT security in an unfairly short amount of time. That's all on top of a persistent skills gap that can make security woes even harder to solve.
An Evolving Solution for An Evolving World
As the world has changed, so has Reveal(x). SANS reviewed Reveal(x) for the third time, releasing their findings in December of 2020. In their review, they point out improved detection and response features, saying "ExtraHop Reveal(x) features have significantly enhanced the product since our last review," building upon what SANS already called "a highly capable detection engine that can detect many types of threats that other security platforms may miss."
How does SANS say ExtraHop improved upon "highly capable?" By strengthening the user interface to streamline and add context, enabling users to more easily drill down into critical network insights. New features allow security teams to quickly visualize relevant data and streamline investigations with a spectrum of information on a single screen.
Standout Defense Against Advanced Threats
To see how Reveal(x) stands up to today's ransomware and advanced persistent threats, SANS looked at the tool's enhanced MITRE ATT&CK integration which supports an analyst's ability to drill down into known attacker techniques. SANS declared that the integrated use of MITRE "demonstrates the wide spectrum of detection Reveal(x) is capable of," then recognized the ease of use by saying, "mappings to the ATT&CK model are directly available from many places within the interface."
The MITRE grid integrated into the Reveal(x) user interface
Rising to the Usability Challenge
Notably, SANS' positive review of Reveal(x) was centered around the refinement of an already intuitive user interface. As SANS put it, "The product is well-suited for all experience levels of security operations analysts who need better visibility into network behavior and potential threats in their environment, with the added benefits of deep investigation and hunting tools."
For a sophisticated security solution, easy-to-use may sound downright trivial, like icing on a cake—but when you account for the fact that many organizations are clamoring for an ally to help bridge the skills gap, usability improvements solve major industry problems.
Matching Today's Threats is No Longer Enough
While SANS points out that most security solutions have failed to keep pace with evolving threats, the events of 2020 prove that merely keeping up doesn't cut it in a world that can shift rapidly and without warning.
Today's security teams need tools that are flexible and adaptive to help address the wide variety of unknowns that might be thrown at them in 2021 and beyond, and best-of-breed NDR fits that bill. At ExtraHop, we hope good things are coming in 2021, but just in case, we're going to keep on evolving so that our customers are ready for what's ahead.
Read the full SANS review for more.
Discover more