ExtraHop forging ahead in the NDR market

ExtraHop was founded in 2007 as a provider of network analysis and visibility, and network performance monitoring tools. It is still today seen as a market leader in these areas. Over time, it started to notice that its customers were increasingly using its products for security needs. A full 84% of customers say that they buy network monitoring to reduce time to detection. As a result, 64% were able to reduce time taken to investigate anomalies and incidents.

Almost six years ago, ExtraHop transitioned to being a security provider. In 2018, it brought out the first of its security products in the form of its Reveal(x) platform, first for on-premises implementation and then as a SaaS-based platform.

The Reveal(x) platform is at its core a network detection and response (NDR) platform to aid customers in threat detection and response. NDR is a top tool for visibility as it succeeds where some threat detection and response tools cannot. For example, endpoint detection and response can be circumvented by attackers, but networks cannot be turned off. The evidence is plain to see, but not for attackers who will not realise that their actions are being observed. Lateral movement across networks is a favoured tactic by attackers who are looking for highly sensitive information. NDR technologies will stop them in their tracks.

The platform also contains a number of complementary tools for extra visibility. When something abnormal is detected, the ExtraHop platform provides visibility into all the evidence collected from all the tools integrated into the platform.

One such capability is attack surface monitoring, which is essential as networks continue to expand with hybrid environments that often span multiple cloud providers now being the norm, rather than the exception. This includes additional attack vectors, such as looking for new attack tools. ExtraHop has added attack detectors for command and control frameworks, helping customers to avoid the scourge of data exfiltration.

A wealth of new capabilities

Recently, ExtraHop has made a number of significant additions to its platform, all of which are focused on greater customer enablement.

Intrusion detection (IDS) was added this year. Whilst some may believe that IDS is dead and buried, it is not. Yet. Many believe that IDS will eventually be replaced by NDR and ExtraHop IDS is a stepping stone for this. Machine learning combs through massive data sets for abnormal events, and behavioural analytics provides the context regarding how the event unfurled. IDS complements this approach with the immediate detection of known threats for which signatures have been developed.

ExtraHop also provides packet forensics, enabling entire network traffic flows to be played back from a particular point in time for forensic purposes.

On the basis that efficient remediation is a must, ExtraHop has brought out Smart Triage capabilities that enable customers to prioritise remediation decisions based on event criticality according to the risk score assigned to an activity uncovered. If an event is flagged as critical, it gets prioritised for immediate attention.

ExtraHop also unveiled Threat Briefings, which are educational regarding the latest threats and security posture readiness. They provide a wealth of information of new attacks seen, such as offering information on the types of attacks that foreign threat actors or ransomware groups may engage in. This service was introduced after the SolarWinds vulnerability came to light and covers high-profile attacks, attack methods and vulnerabilities encountered.

The bottom line

NDR has garnered significant interest recently and will continue to be an important tool in an organisation’s security arsenal. These recent developments have proved to be very popular with customers, catapulting ExtraHop into the number two position in the market in terms of market share. It continues to be a major player in a fast-growing market and is certainly one of the ones to watch.