www.extrahop.com
Open in
urlscan Pro
52.40.156.168
Public Scan
Submitted URL: https://o.ehlinks.com/api/mailings/click/PMRGSZBCHI4TANBZGMZSYITVOJWCEORCNB2HI4DTHIXS653XO4XGK6DUOJQWQ33QFZRW63JPMNXW2...
Effective URL: https://www.extrahop.com/company/blog/2019/ndr-and-the-soc-visibility-triad/
Submission: On November 26 via manual from US — Scanned from DE
Effective URL: https://www.extrahop.com/company/blog/2019/ndr-and-the-soc-visibility-triad/
Submission: On November 26 via manual from US — Scanned from DE
Form analysis
2 forms found in the DOMName: untitledForm-1367515949663 — POST https://s1701.t.eloqua.com/e/f2
<form method="POST" id="form107" name="untitledForm-1367515949663" role="form" action="https://s1701.t.eloqua.com/e/f2" class="reset-disabled" data-parsley-validate="" data-parsley-trigger="focusout" data-onload="extrahop.undisableForm"
novalidate="">
<input type="hidden" name="elqFormName" value="untitledForm-1367515949663">
<input type="hidden" name="elqSiteId" value="1701">
<input type="hidden" name="elqCampaignId">
<input type="hidden" name="campaignId" value="70180000001EqjnAAC">
<input type="hidden" name="elqCustomerGUID">
<input type="hidden" name="elqCookieWrite" value="0">
<input type="hidden" name="GA_Medium" value="">
<input type="hidden" name="GA_Source" value="">
<input type="hidden" name="GA_Campaign" value="">
<input type="hidden" name="GA_Content" value="">
<input type="hidden" name="GA_Term" value="">
<input type="hidden" name="GA_Product" value="">
<input type="hidden" name="GA_Region" value="">
<input type="hidden" name="GA_Funnelstage" value="">
<input type="hidden" name="GA_Version" value="">
<input type="hidden" name="gclid" value="">
<input type="hidden" name="FormURL" value="">
<input type="hidden" name="uniqueid" value="">
<input type="hidden" name="adgroupname" value="">
<input type="hidden" name="redirectUrl" value="https://www.extrahop.com/company/newsletter-signup-success/" data-sync-host="www">
<div class="inline-input">
<div class="form-group email">
<input id="email" class="form-control garlic-auto-save" name="email" type="email" required="" placeholder="Email Address">
</div>
<div class="form-group">
<input type="submit" class="btn btn-basic" value="Subscribe" data-track-newsletter-subscribe="">
</div>
</div>
</form>
<form>
<input class="st-default-search-input st-search-set-focus" type="text" value="" placeholder="Search this site" aria-label="Search this site" id="st-overlay-search-input" autocomplete="off" autocorrect="off" autocapitalize="off">
</form>
Text Content
* The Platform EXTRAHOP REVEAL(X) 360 CLOUD-NATIVE VISIBILITY, DETECTION, AND RESPONSE FOR THE HYBRID ENTERPRISE. Learn More Explore Reveal(x) How It Works Competitive Comparison Why Decryption Matters Integrations and Automations Cybersecurity Services What is Network Detection and Response (NDR)? Cloud-Native Security Solutions Reveal(x) Enterprise: Self-Managed NDR * Solutions -------------------------------------------------------------------------------- SOLUTIONS With the power of machine learning, gain the insight you need to solve pressing challenges. FOR SECURITY Stand up to threats with real-time detection and fast response. Learn More > FOR CLOUD Gain complete visibility for cloud, multi-cloud, or hybrid environments. Learn More > FOR IT OPS Share information, boost collaboration without sacrificing security. Learn More > BY INITIATIVE * Advanced Threats * Security Operations Transformation * Enterprise IoT Security * Integrate NDR and SIEM * Implement Zero Trust * Multicloud & Hybrid Cloud Security BY VERTICAL * Financial Services * Healthcare * e-Commerce and Retail * U.S. Public Sector Featured Customer Story WIZARDS OF THE COAST Wizards of the Coast Delivers Frictionless Security for Agile Game Development with ExtraHop Read More See All Customer Stories > * Customers -------------------------------------------------------------------------------- CUSTOMERS Our customers stop cybercriminals in their tracks while streamlining workflows. Learn how or get support. COMMUNITY * Customer Portal Login * Solution Bundles Gallery * Community Forums * Customer Stories SERVICES * Services Overview * Reveal(x) Advisor * Deployment TRAINING * Training Overview * Training Sessions SUPPORT * Support Overview * Documentation * Hardware Policies Featured Customer Story WIZARDS OF THE COAST Wizards of the Coast Delivers Frictionless Security for Agile Game Development with ExtraHop Read More See All Customer Stories > * Partners -------------------------------------------------------------------------------- PARTNERS Our partners help extend the upper hand to more teams, across more platforms. CHANNEL PARTNERS * Channel Overview * Managed Services Providers * Overwatch Managed NDR INTEGRATION PARTNERS * CrowdStrike * Amazon Web Services * Security for Google Cloud * All Technology Partners PANORAMA PROGRAM * Partner Program Information * Partner Portal Login * Become a Partner Featured Integration Partner CROWDSTRIKE Detect network attacks. Correlate threat intelligence and forensics. Auto-contain impacted endpoints. Inventory unmanaged devices and IoT. Read More See All Integration Partners > * Blog * More * About Us * News & Events * Careers * Resources * About Us * The ExtraHop Advantage * What Is Cloud-Native? * Leadership * Board of Directors * Contact Us * Explore the Interactive Online Demo * Take the Hunter Challenge * Upcoming Webinars and Events * Newsroom HUNTER CHALLENGE Get hands-on with ExtraHop's cloud-native NDR platform in a capture the flag style event. Read More * Careers at ExtraHop * Search Openings * Connect on LinkedIn * All Resources * Customer Stories * Remote Access Resource Hub * White Papers * Datasheets * Industry Reports * Webinars * Network Attack Library * Protocol Library * Documentation * Firmware * Training Videos Login Logout Start Demo THE PLATFORM SOLUTIONS CUSTOMERS PARTNERS BLOG MORE START THE DEMO CONTACT US Back EXTRAHOP REVEAL(X) 360 Cloud-native visibility, detection, and response for the hybrid enterprise. Learn More HOW IT WORKS COMPETITIVE COMPARISON WHY DECRYPTION MATTERS INTEGRATIONS AND AUTOMATIONS CYBERSECURITY SERVICES WHAT IS NETWORK DETECTION AND RESPONSE (NDR)? CLOUD-NATIVE SECURITY SOLUTIONS REVEAL(X) ENTERPRISE: SELF-MANAGED NDR Back SOLUTIONS Learn More SECURITY CLOUD IT OPS USE CASES EXPLORE BY INDUSTRY VERTICAL Back CUSTOMERS Customer resources, training, case studies, and more. Learn More CUSTOMER PORTAL LOGIN CYBERSECURITY SERVICES TRAINING EXTRAHOP SUPPORT Back PARTNERS Partner resources and information about our channel and technology partners. Learn More CHANNEL PARTNERS INTEGRATIONS AND AUTOMATIONS PARTNERS Back BLOG Learn More Back ABOUT US NEWS & EVENTS CAREERS RESOURCES Back ABOUT US See what sets ExtraHop apart, from our innovative approach to our corporate culture. Learn More THE EXTRAHOP ADVANTAGE WHAT IS CLOUD-NATIVE? CONTACT US Back NEWS & EVENTS Get the latest news and information. Learn More TAKE THE HUNTER CHALLENGE UPCOMING WEBINARS AND EVENTS Back CAREERS We believe in what we're doing. Are you ready to join us? Learn More CAREERS AT EXTRAHOP SEARCH OPENINGS CONNECT ON LINKEDIN Back RESOURCES Find white papers, reports, datasheets, and more by exploring our full resource archive. All Resources CUSTOMER STORIES REMOTE ACCESS RESOURCE HUB NETWORK ATTACK LIBRARY PROTOCOL LIBRARY DOCUMENTATION FIRMWARE TRAINING VIDEOS BLOG NDR AND THE SOC VISIBILITY TRIAD HOW NETWORK DETECTION & RESPONSE COMPLEMENTS EDR & SIEM FOR STRONG CYBERSECURITY * Dale Norris * Updated September 10, 2021 If you've spent any time hunkered down in front of a monitor writing or reading, at some point you've either used or seen The Rule of Three. It's the foundational structure for presenting information in a format that's easy to process and memorable. Three is the magic number in more ways than one. Pilots use three different categories of instrumentation to ensure they can "see" what's happening to safely fly. Your middle ear contains three bones that allow you to hear when danger approaches. And stools are comprised of three legs, providing a strong support structure. Similar to the examples above, the Gartner Security Operations Center (SOC) Visibility Triad supports stronger enterprise security in three ways: providing visibility across complex attack surfaces, detecting threats in real time, and enabling rapid response to incidents. WHAT IS THE SOC VISIBILITY TRIAD? First coined by then-Gartner security expert Anton Chuvakin in 2015, the SOC nuclear (now visibility) triad "seeks to significantly reduce the chance that the attacker will operate on your network long enough to accomplish their goals." Traditionally, Security Operations Centers relied heavily on endpoint detection and response (EDR) and security information and event management (SIEM) tools for incident management and response. But those tools couldn't provide the real-time visibility into east-west, or internal, traffic that's essential for protecting the enterprise. Network detection and response (NDR) solutions were the missing piece of the triad. When true NDR became technologically possible, the triad became the go-to structure for providing visibility across complex IT environments. But how does NDR complete the triad? By providing complete visibility inside the network, where SIEM and EDR lack visibility, and where adversaries expand their reach, exploit internal resources, and ultimately do the most damage. Webinar: The case for leading with NDR. HOW DOES NDR COMPLEMENT EDR? EDR products are like cameras pointed at the entrance door. They collect, record, and store data from the activities of devices connected to a network. This visibility into endpoints is essential for creating a layered cyber defense in three key areas: * Providing insight into user and software activities on devices * Detecting threats that antivirus software misses * Helping monitor against advanced persistent threats (APT) While a valuable piece of the SOC toolset, EDR products rely on agents, which limits their visibility and increases the effort required for management and maintenance. Attackers can hide their tools from EDR products, and those products can't see threats inside the network. NDR solutions see those attackers as soon as they communicate with any device on the network. NDR solutions also bolster EDR tools by providing real-time behavioral detections that complement an EDR product's signature-based threat detectors. NDR solutions use cloud-scale machine learning capabilities to offload resource-intensive modeling while providing continuous, automated updates to detection models, so security analysts needn't spend their time applying manual updates. Some NDR products can also provide endpoint information to analysts or share those detections with EDR products for automatic quarantining of infected devices in real time. CrowdStrike and ExtraHop: Integrated EDR and NDR for stronger security. HOW DOES NDR COMPLEMENT SIEM? SIEM products are at the center of many SOC approaches to security, and with good reason. They're great at collecting logs from other systems and generating reports. SIEM products can also be effective at early detection if threats violate their pre-configured sets of rules. However, SIEM tools do have blind spots that can be filled by NDR solutions that leverage network traffic analysis (NTA). SIEMs analyze log data, which limits visibility into east-west corridor attacks, and they have a propensity for firing false positives, which can lead to alert fatigue and weaken security. Logging is also routinely turned off, and logs are modified or destroyed by adversaries to impede detection/investigation. NDR solutions collect and analyze wire data from network traffic, providing an unalterable source of data to SIEM products and enhancing their ability to create complete, comprehensive, and actionable reports. Want more information about how NDR products compare to SIEM tools? Read this blog post. WHAT PROBLEMS DOES THE TRIAD SOLVE FOR SECOPS? You can learn how the SOC Visibility Triad makes cloud security significantly easier in this post, but it's worth noting that the triad provides SOCs with benefits that extend beyond the cloud to edge and on-premises environments. Visibility: By combining visibility into network communications, endpoints, and events, the triad allows analysts to see and understand what's happening in the east-west traffic corridor and at the edges of a network. Detection: The triad combines rules and signature-based detections from SIEM and EDR products with real-time behavioral detections powered by machine learning from NDR solutions. The result is the ability to rapidly detect anomalous behaviors and threats at endpoints and in internal traffic. Investigation: With NDR products continuously capturing packets and reassembling them into structured wire data, access to logs from SIEM tools, and data from EDR agents, analysts have a full range of information to use in investigations. They can see interactions at endpoints and in internal traffic, as well as investigate which protocols have been used in an attack. Automation: With the ability to conduct or support automated or augmented investigation and response, the combined pieces of the triad can help relieve the stress felt by overworked and understaffed security teams. Integration: With NDR products forming the foundation of the triad, SOCs can integrate wire data from network traffic into SIEM and EDR products, as well as across IT and security teams, reducing complexity and tool sprawl. Watch the 4-minute video for an introduction to NDR with live examples of an NDR product's features and capabilities as they relate to the SOC Visibility Triad: * Posted in Security, Industry Trends, Tech, NDR, Decryption, Reveal(x) * See other posts by Dale Norris HUNT THREATS WITH REVEAL(X) Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detecion and response for the hybrid enterprise. Start Demo RELATED BLOGS 8.26.19 HOW ORGS SHOULD APPROACH SHADOW IT (& HOW NDR CAN HELP) Shadow IT is inevitable, but zero tolerance policies aren't the answer. Learn the smart, secure, and scalable approach to dealing with shadow IT. Chase Snyder 7.11.19 2019 SANS SOC SURVEY RESULTS Learn how your SecOps peers are approaching threat-detection and response in the hybrid enterprise, and more! Chase Snyder 8.25.21 HOW TRAFFIC MIRRORING IN THE CLOUD WORKS Learn how the availability of traffic mirroring in the public cloud fills critical network visibility gaps for enterprise security teams using AWS or Azure. Tyson Supasatit SIGN UP TO STAY INFORMED Javascript is required to submit this form + ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More Global Headquarters 520 Pike St Suite 1600 Seattle, WA 98101 United States EMEA Headquarters WeWork 8 Devonshire Square London EC2M 4PL United Kingdom APAC Headquarters 3 Temasek Avenue Centennial Tower Level 18 Singapore 039190 PLATFORM * Reveal(x) 360 * How It Works * Competitive Comparison * Why Decryption Matters * Integrations and Automations * Cybersecurity Services * What is Network Detection and Response (NDR)? * Cloud-Native Security Solutions * Reveal(x) Enterprise: Self-Managed NDR SOLUTIONS * Security * Cloud * IT Ops * Use Cases * Industries CUSTOMERS * Customer Portal Login * Services Overview * Training Overview * Support Overview PARTNERS * Channel Overview * Technology Integration Partners * Partner Program Information BLOG MORE * About Us * News & Events * Careers * Resources * Copyright ExtraHop Networks 2021 * Terms of Use * Privacy Policy * Facebook * Twitter * LinkedIn * Instagram * YouTube 3:59 Close suggested results