Cloud-native security provider ExtraHop has added heat-mapping capabilities to its Amazon Web Service (AWS) flagship product.
The new tier of service, called ExtraHop Reveal(x) 360, uses artificial intelligence (AI) and machine learning to give security teams a visual means for identifying, investigating, and mitigating hotspots of malicious activity in their cloud environments without interfering with developer activity.
"We're able to passively analyse network traffic data within a virtual private cloud and provide broad visibility and core detection capabilities across all AWS environments," Bryan Lares, vice president of product management at ExtraHop, told CSO.
"Unlike monitoring cloud workloads or agent-based approaches, our passive network monitoring does not slow down DevOps activity and development of cloud-based workloads," Lares said.
"Developers are deploying assets at a breakneck pace, so as adversaries continue to evolve their attacks on mission-critical applications and workloads, organisations need this kind of high fidelity, low friction approach to defend against these attacks, post-compromise."
ExtraHop's new offering uses real-time analysis of VPC flow logs, packets and protocols to create a unified interface that allows security teams to rapidly get to the root of security threats. The approach, according to ExtraHop, reduces false positives and keeps security teams focused on the highest-priority threats, maximising and scaling scarce analyst resources.
"Most organisations are already gathering VPC flow logs and moving them into their SIEMs for compliance purposes, so this is taking something they're already doing and providing extra value with it," Lares added.
Security versus application performance
ExtraHop claims its new offering is easier to deploy than solutions that use agents and provides broader coverage than those products. Reveal(x) 360 collects and analyses flow log and packet metrics to create a real-time view of all cloud workloads, while AI behavioural detection surfaces the highest priority threats for investigation and remediation in a single management pane.
"Agents consume resources on workloads and can produce false positives that can prevent some workload activity from going on in the environment," Lares said. "Every security solution produces false positives, but since we're not an inline protection solution, we're not going to interfere with workload activity."
"Cloud application developers have zero tolerance for security measures that impinge [on] application performance or slow code development velocity," Frank Dickson, program vice president for security and trust at IDC, said in a statement. "Pair this with the complexity of microservices-based applications that are easily accessed via APIs and you start to understand the challenges of securing the cloud.
"ExtraHop's ability to ingest both VPC flow logs and packets in a single UI for cloud security coverage is a no-brainer. Security teams can illuminate and investigate malicious activity in near real-time without requiring developers to make adjustments to code development."