Share this article on:
ExtraHop Reveal(x) and CrowdStrike Falcon platform have improved with capabilities built on existing detection, investigation and response integrations.
ExtraHop announced an integration with CrowdStrike, providing a new push-button response integration designed to extend the detection and response (XDR) partnership between the two companies.
The new offering enables users to quarantine individual assets from a detection directly within Reveal(x) and then pivot easily into an investigation workflow. With this capability, users can act quickly and precisely, accelerating response times to minimise the impact to the business.
The native push-button response feature within ExtraHop Reveal(x) is designed to accelerate containment while minimising disruption to the organisation. Designed to give security analysts the ability to control how and when assets are quarantined, the push-button response acts based on high-fidelity detections and enriched intelligence that extends from the network to the endpoint.
According to Jesse Rothstein, co-founder and CTO at ExtraHop, the security pendulum has started to swing more meaningfully towards a detect-and-respond model over the past five years, which assumes even the best perimeter defenses will eventually be breached.
"But many organisations remain reluctant to invest more in this approach due to the complexity of playbook-driven response.
"With our new native push-button response, we're continuing to build on our partnership with CrowdStrike and existing response integration capabilities to give defenders the ability to rapidly and precisely quarantine compromised devices without causing massive disruption to the organisation," Rothstein said.
This new capability offered in the ExtraHop platform helps deepen our integration, enabling security teams to quickly and precisely take action for more effective threat detection, investigation, and response across IT environments.”
The push-button response integration builds upon ExtraHop's existing partnership with CrowdStrike which offers integrations throughout the CrowdStrike Falcon platform, including Falcon X, Threat Graph, Falcon Insight (with real-time response integration), Humio and Falcon XDR, to deliver XDR to their customers worldwide.
This new capability enables faster remediation and faster time to respond, according to Chris Kissel, research director, security and trust, IDC. The new developments enable teams to focus on critical assets and resources.
"The focus on streamlining the work of the overburdened SOC analyst adds real value for defenders," Kissel said.
With new advanced and evolving threats challenging organisations daily, Geoff Swaine, vice president of global programs, store and alliances at CrowdStrike added that security teams must act with impeccable speed and accuracy to safeguard the business from a breach.
"Our tight partnership and breadth of integration with ExtraHop helps to unify security telemetry across network and endpoints, providing customers with enhanced detection and response capabilities to stop advanced threats faster," Swaine said.