ExtraHop adds heat map to its AWS cloud-native security solution

A cloud-native security provider announced Wednesday that it has added heat-mapping capabilities to its Amazon Web Service (AWS) flagship product. The new tier of service for ExtraHop Reveal(x) 360 uses artificial intelligence (AI) and machine learning to give security teams a visual means for identifying, investigating, and mitigating hotspots of malicious activity in their cloud environments without interfering with developer activity.

“We’re able to passively analyze network traffic data within a virtual private cloud and provide broad visibility and core detection capabilities across all AWS environments,” Bryan Lares, vice president of product management at ExtraHop, tells CSO.

“Unlike monitoring cloud workloads or agent-based approaches, our passive network monitoring does not slow down DevOps activity and development of cloud-based workloads,” Lares says. “Developers are deploying assets at a breakneck pace, so as adversaries continue to evolve their attacks on mission-critical applications and workloads, organizations need this kind of high fidelity, low friction approach to defend against these attacks, post-compromise.”

ExtraHop’s new offering uses real-time analysis of VPC flow logs, packets and protocols to create a unified interface that allows security teams to rapidly get to the root of security threats. The approach, according to ExtraHop, reduces false positives and keeps security teams focused on the highest-priority threats, maximizing and scaling scarce analyst resources. “Most organizations are already gathering VPC flow logs and moving them into their SIEMs for compliance purposes, so this is taking something they’re already doing and providing extra value with it,” Lares says.

Security versus application performance

ExtraHop claims its new offering is easier to deploy than solutions that use agents and provides broader coverage than those products. Reveal(x) 360 collects and analyzes flow log and packet metrics to create a real-time view of all cloud workloads, while AI behavioral detection surfaces the highest priority threats for investigation and remediation in a single management pane.

“Agents consume resources on workloads and can produce false positives that can prevent some workload activity from going on in the environment,” Lares says. “Every security solution produces false positives, but since we’re not an inline protection solution, we’re not going to interfere with workload activity.”

“Cloud application developers have zero tolerance for security measures that impinge [on] application performance or slow code development velocity,” Frank Dickson, program vice president for security and trust at IDC, said in a statement. “Pair this with the complexity of microservices-based applications that are easily

accessed via APIs and you start to understand the challenges of securing the cloud. ExtraHop’s ability to ingest both VPC flow logs and packets in a single UI for cloud security coverage is a no-brainer. Security teams can illuminate and investigate malicious activity in near real-time without requiring developers to make adjustments to code development.”