Featured
Technology Partner
Netskope
Security
Performance
Unprecedented visibility into your Security Service Edge (SSE) environment
Overview
Expand global visibility into all traffic
Feed traffic packets between users, offices, and the Netskope One platform to RevealX for network analysis and visibility
Gain real-time visibility into network traffic crossing your Netskope Intelligent SSE environment. RevealX captures packet data on every interaction in near real-time to clearly identify where problems lie, speed resolution, and improve the user experience.
Challenges
Lamenting the loss of visibility with SSE?
Maintaining zero trust and regulatory compliance requires visibility into all network traffic
SSE and Secure Access Service Edge (SASE) solutions are well-suited to address the dynamic anywhere, anytime needs of a modern digital business and its hybrid digital workforce. But they do have limitations.
Historically, SSE environments have created blind spots. SSE providers create secure tunnels for data to traverse between users, branch offices, and their cloud-based security service. They accomplish this by blocking access to the data flowing through those tunnels.
But to maintain zero trust, security and IT teams need visibility into all network traffic, across each security domain, including cloud, hybrid, and on-premises environments. But with SSE, they may create workarounds to get this visibility, like using less reliable, recreated models of the traffic or deploying heavy-handed endpoint solutions that may degrade network performance, and have negative effects on SLAs and productivity. Or worse, they entirely forgo visibility into this traffic.
Gaps in an organization’s zero trust architecture due to lack of visibility can lead to hefty fines for non-compliance in highly-regulated industries. Threats can go undetected in encrypted traffic that’s otherwise authenticated, giving attackers longer dwell times to orchestrate more sophisticated campaigns, like ransomware.
In an era when cyberattacks are becoming harder to detect, outages can come from unexpected culprits, and operational resilience is becoming a regulatory imperative – gaps in visibility are unacceptable.
Solution
RevealX and Netskope
Built-in integration for ubiquitous visibility
Every interaction between users, applications, shared services, and backend systems is underpinned by traffic on the network.
ExtraHop receives a copy of network traffic from Netskope Cloud TAP, and analyzes it alongside other data feeds to clearly identify where problems lie, speed resolution, and improve the user experience.
Key Benefit:
Zero Trust End-to-End
ExtraHop uncovers threats hiding in encrypted traffic by decrypting traffic out-of-band. Data-in-transit stays encrypted and protected with TLS 1.3 and Perfect Forward Secrecy (PFS) until it reaches its final destination. Because it analyzes a copy of network traffic, the original communication is never impacted or slowed.
Use Case
Detect advanced threats, even in encrypted traffic
Solution
RevealX automatically discovers all assets communicating on an organization’s network, immediately identifying unmanaged assets, and mapping dependencies related to business applications. If there’s a device on your network that is unknown or lacking policy enforcement, ExtraHop will identify it.
Benefits
Detect high-risk attack patterns including lateral movement, privilege escalation, and living-off-the-land attacks, as well as attacks exploiting proprietary protocols used to gain privileged access to Microsoft Active Directory, such as Kerberoasting.
Use Case
Identify the root cause of performance issues
Solution
RevealX captures packet data on every interaction on the network in near real-time to help you ensure availability across your enterprise.
Benefits
Anticipate network disruptions, clearly identify where problems lie, speed resolution, and improve the user experience.
Use Case
Preserve evidence for forensics and compliance
Solution
ExtraHop offers a range of options to store records, including 30-, 90-, or 180 days of storage and access with Standard Investigation. Working with the scalable PCAP repository, responders can perform forensic investigation with a deep level of network visibility.
Benefits
Speed up intruder eradication and strengthen operational resilience.
Use Case
Automatically reduce attack surface and prevent further infection
Solution
When ExtraHop Reveal uncovers previously undetected attacks, the Netskope Cloud Threat Exchange extracts the attacks’ indicators of compromise and shares those with the customer’s Netskope tenant for use in matching policies. Those indicators can also be shared with multiple connected partner systems via Netskope Cloud Threat Exchange for a broader protection update.
Benefits
Automatically reduce the attack surface and stop attacks in their tracks.
“The integration between ExtraHop and Netskope enhances our customers’ visibility into network traffic and security events. This collaboration allows for near real-time threat detection and response, ensuring that our clients can proactively address potential security issues before they escalate.”
John Martin Chief Product Officer, Netskope