ExtraHop, Splunk Deliver New Compliance and Security Offering

By Darryl K. Taft  |  Posted 2013-10-04 Print this article Print
security analytics

Storage access monitoring analyzes networked storage activity, enabling users to continuously monitor SAN or NAS environments and break out client IP, username, file path, filename, and frequency to proactively identify unauthorized users attempting to gain access to secured systems. This capability provides context to ensure sensitive customer or patient protections are being enforced and a means to prove it.

The new offering also provides brute-force authentication alerting, which detects both high-intensity and low-intensity attacks by tracking and alerting on the frequency of failed attempts per user and historical counts in real time using Lightweight Directory Access Protocol (LDAP) analysis. Also, surreptitious tunneling over Domain Name Systems (DNSes) is a common method that infected or compromised machines use to communicate to external controllers. With ExtraHop acting as a sentinel, this activity is continuously monitored and detected by breaking out DNS records by type and tracking irregular TXT-records and normal A-records specifically, raising a red flag to mitigate potential data leakage, the company said.

And super-user account tracking enables users to monitor all super-user log-ins with per-client and per-server IP details, providing alerts and visibility into who is accessing an application or database so that security administrators can quickly take action.

“As the volume of data continues to grow and the sophistication of malicious activity increases, the ability to monitor and proactively identify potential threats has become mission-critical for enterprises,” Bill Gaylord, senior vice president of business development at Splunk, said in a statement. “Given the complexity in today’s IT environment, all data is security-relevant. Splunk is at the forefront of this approach with a security intelligence platform that collects, monitors, analyzes and visualizes machine data at enterprise scale. Adding wire data from ExtraHop as a critical new data source delivers real-time intelligence and a deeper, data-driven view of security events.”



Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel