ExtraHop, Splunk Deliver New Compliance and Security Offering

ExtraHop teams with Splunk to deliver a new compliance and security product for tracking wire data and using the Splunk operational intelligence platform.

security analytics

LAS VEGAS—ExtraHop Networks, a provider of analytics for wire data or data in motion, joined forces with Splunk to deliver a new compliance and security offering.

The product provides pervasive, context-aware monitoring that imparts intelligent compliance and security, ExtraHop officials said. The ExtraHop compliance and security offering provides correlated, cross-tier visibility and anomaly detection that complements intrusion prevention systems (IPS), intrusion detection systems (IDS) and Security Information and Event Management (SIEM) systems.

Moreover, the new product is extensible and demonstrates the programmability and ease of ExtraHop integration with security platforms. In addition, ExtraHop’s integration with Splunk Enterprise transforms real-time security-related wire data into machine data for in-depth visualization, enabling IT, compliance, and security teams to easily pinpoint the system, application or infrastructure element in which a security event is occurring without using agents or offline packet capture.

ExtraHop demonstrated the compliance and security offering at Splunk .conf2013, Splunk’s annual user conference here.

“As security threats, including zero-day attacks that exploit previously unknown vulnerabilities, become increasingly varied and sophisticated, real-time monitoring across all components of the application delivery chain is becoming a crucial first line of defense,” said Jesse Rothstein, CEO of ExtraHop, in a statement. “With the ExtraHop compliance and security solution and our integration with Splunk Enterprise, enterprise security teams are armed with a highly scalable solution designed to detect potential security events as they happen. With Splunk Enterprise, these anomalies can be easily visualized, enabling organizations to pinpoint the source before a serious breach occurs and prove that they have had adequate controls in place.”

The ExtraHop compliance and security solution delivers continuous, real-time auditing and anomaly detection across the entire application delivery chain, analyzing all wire data, including encrypted traffic, to deliver visibility and intelligence that mitigates risk and helps ensure compliance with both internal policies and regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS) and Sarbanes-Oxley (SOX).

“Part of the answer to the seemingly insurmountable problem of how to identify attacks without signature-based mechanisms lies in pervasive monitoring to identify meaningful deviations from normal behavior to infer malicious intent,” wrote Neil MacDonald, vice president and Gartner Fellow, in his May 2013 report titled Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence. “If you assume systems will be compromised with advanced targeted threats, then information security efforts need to shift to detailed, pervasive and context-aware monitoring to detect these threats.”

The ExtraHop compliance and security offering provides encryption auditing, which identifies all Secure Sockets Layer (SSL) transactions and certificates used by servers and clients, including those using weak keys and cipher suites, and tracks certificates that are about to expire for proactive remediation. Encryption auditing makes it easier to prove that all sensitive data is actually being encrypted in flight and that keys and ciphers are the correct strength.

Also, monitoring for locked-down virtual desktop environments enables users to track all ICA communications and provides continuous monitoring of any data passing over protected channels, with per-user and per-client details so that IT teams can identify users violating policy. For example, ExtraHop continuously monitors VDI channels such as print and USB, and it sends an alert if any of these channels become active on unauthorized machines.