Upload File

criteria to test for in a poc - extrahop

2
Reveal(x) An ExtraHop Reveal(x) proof of concept (POC) provides you with a unique opportunity to idenfy, invesgate, and respond to suspicious acvity that you currently cannot see, as well as uncover security hygiene issues such as insecure protocols, cryptographic compliance, or other policy violaons that increase your aack surface. In addion, the POC will allow you to evaluate how Reveal(x) can improve your organizaon’s security posture through faster detecon and reduced noise. You will have an opportunity to work with ExtraHop experts to understand how Reveal(x) can support your program’s unique asset and applicaon priories, workflows, and risk posture. ExtraHop engineers will install an appliance at an agreed point in your network—near the core switch for visibility into East-West communicaons, in the DMZ if you want heightened visibility into North-South traffic—giving you the ability to see for yourself how Reveal(x) can light up the darkspace in your environment. CRITERIA TO TEST FOR IN A POC CAPABILITY WHY IT MATTERS A network traffic analycs POC should test how well the product detects real anomalies and threats, not synthec test traffic, and performs within real-world traffic loads. For this reason, ExtraHop strongly recommends that you deploy Reveal(x) in your producon environment. Network traffic analycs should enable rapid invesgaons of threats once they are detected. The product should provide upfront context about the threats to assist analysts in priorizing invesgaons, and then provide the ability to quickly understand the scope. Analysts should have the ability to perform ad hoc search and query, and then obtain packets for forensic analysis. A POC will demonstrate what level of work is required to discover, classify, and priorize assets in your environment. Keep in mind that the product will need to dynamically keep up with changes and you will want to minimize the amount of ongoing work required. Without decrypon, analysis of network traffic is limited to packet headers and flow-type metrics. Aackers know this and use encrypon to hide their acvies. As encrypon rates inside the datacenter increase, the ability to decrypt transacon payloads will become more crical, making it a key criteria for your POC. Threat detecon and invesgaon are dramacally enhanced with data parsed from applicaon-level protocols (Layer 7 protocols). Your POC evaluaon should consider the breadth and depth of protocols analyzed as this will impact event detecon accuracy and correlaon. If a network traffic analycs product cannot scale well, that means you will have to purchase more appliances to support your environment. Consider what amount of throughput will be required in three to five years’ me and whether your network traffic analycs soluon will be able to scale economically. Real-world Anomalies and Threats Invesgave Workflow Asset Discovery, Classificaon, and Priorizaon Decrypon Protocol Support Throughput of Analysis Idenfy Threats in Your Producon Environment Your Reveal(x) POC will uncover suspicious, malicious, or just out-of-policy acvity that you didn't know about. These acvies can include acve reconnaissance, privilege escalaon, and sensive file access, as well as more mundane but important risks such as weak ciphers and insecure protocol usage. Automacally Discover and Classify New and Rogue Assets Reveal(x) automacally compiles a real-me inventory of devices communicang on your network, classifying them according to their observed roles, for example as a DNS server or VoIP client. Within 10 minutes of installaon, you can explore what devices are actually operang in your environment and what their dependencies are. Threat Assessments, Invesgaon Coaching, and Response Iniaon As part of the POC process, your sales team will deliver Threat Assessment reports in a working session, during which me you can invesgate the findings using Reveal(x). This process not only enables you to idenfy and resolve crical issues but also learn how Reveal(x) speeds up key security operaons workflows and facilitates threat scoping and threat hunng. PROOF OF CONCEPT

Upload: others

Post on 30-Apr-2022

9 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: CRITERIA TO TEST FOR IN A POC - ExtraHop

Reveal(x)

An ExtraHop Reveal(x) proof of concept (POC) provides you with a unique opportunity to identify, investigate, and respond to suspicious activity that you currently cannot see, as well as uncover security hygiene issues such as insecure protocols, cryptographic compliance, or other policy violations that increase your attack surface.

In addition, the POC will allow you to evaluate how Reveal(x) can improve your organization’s security posture through faster detection and reduced noise. You will have an opportunity to work with ExtraHop experts to understand how Reveal(x) can support your program’s unique asset and application priorities, workflows, and risk posture.

ExtraHop engineers will install an appliance at an agreed point in your network—near the core switch for visibility into East-West communications, in the DMZ if you want heightened visibility into North-South traffic—giving you the ability to see for yourself how Reveal(x) can light up the darkspace in your environment.

CRITERIA TO TEST FOR IN A POC

CAPABILITY WHY IT MATTERS

A network traffic analytics POC should test how well the product detects real anomalies and threats, not synthetic test traffic, and performs within real-world traffic loads. For this reason, ExtraHop strongly recommends that you deploy Reveal(x) in your production environment.

Network traffic analytics should enable rapid investigations of threats once they are detected. The product should provide upfront context about the threats to assist analysts in prioritizing investigations, and then provide the ability to quickly understand the scope. Analysts should have the ability to perform ad hoc search and query, and then obtain packets for forensic analysis.

A POC will demonstrate what level of work is required to discover, classify, and prioritize assets in your environment. Keep in mind that the product will need to dynamically keep up with changes and you will want to minimize the amount of ongoing work required.

Without decryption, analysis of network traffic is limited to packet headers and flow-type metrics. Attackers know this and use encryption to hide their activities. As encryption rates inside the datacenter increase, the ability to decrypt transaction payloads will become more critical, making it a key criteria for your POC.

Threat detection and investigation are dramatically enhanced with data parsed from application-level protocols (Layer 7 protocols). Your POC evaluation should consider the breadth and depth of protocols analyzed as this will impact event detection accuracy and correlation.

If a network traffic analytics product cannot scale well, that means you will have to purchase more appliances to support your environment. Consider what amount of throughput will be required in three to five years’ time and whether your network traffic analytics solution will be able to scale economically.

Real-world Anomalies and Threats

Investigative Workflow

Asset Discovery, Classification, and Prioritization

Decryption

Protocol Support

Throughput of Analysis

Identify Threats in Your Production EnvironmentYour Reveal(x) POC will uncover suspicious, malicious, or just out-of-policy activity that you didn't know about. These activities can include active reconnaissance, privilege escalation, and sensitive file access, as well as more mundane but important risks such as weak ciphers and insecure protocol usage.

Automatically Discover and Classify New and Rogue AssetsReveal(x) automatically compiles a real-time inventory of devices communicating on your network, classifying them according to their observed roles, for example as a DNS server or VoIP client. Within 10 minutes of installation, you can explore what devices are actually operating in your environment and what their dependencies are.

Threat Assessments, Investigation Coaching, and Response InitiationAs part of the POC process, your sales team will deliver Threat Assessment reports in a working session, during which time you can investigate the findings using Reveal(x). This process not only enables you to identify and resolve critical issues but also learn how Reveal(x) speeds up key security operations workflows and facilitates threat scoping and threat hunting.

PROOF OF CONCEPT

Page 2: CRITERIA TO TEST FOR IN A POC - ExtraHop

© 2018 ExtraHop Networks, Inc. All rights reserved. ExtraHop is a registered trademark of ExtraHop Networks, Inc. in the United States and/or other countries. All other products are the trademarks of their respective owners.

520 Pike Street, Suite 1600 Seattle, WA 98101www.extrahop.com

PROOF OF CONCEPT TIMELINE

RESOURCES REQUIRED

TIMELINE STEPS TAKE-AWAYS

• Schedule installation• Discuss deployment

BEFORE Understanding of the passive Reveal(x) deployment model and technical architecture

• Install Reveal(x) appliance • Set up passive data feed through port mirror or network tap• Reveal(x) automatically discovers and classifies devices• Users have immediate access to interface and data analysis,

along with a Reviewers Guide

DAY 1 Auto-discovery and classification of all devices in the data feed and their dependencies

• Machine learning is enabled to build behavioral baselines for every device, network, and application

• SE sets up device groups (critical assets, workstations, etc.) and network localities (remote sites, web properties, etc.)

• First working session and data review focus on understanding the existing attack surface, learning time-saving workflows, and how to customize Reveal(x)

WEEK 1 Opportunities for reducing risk and optimizing key analyst workflows

• Second working session features threat hunting exercises and a data review to go through additional findings

WEEK 2 Proactive measures simplified by Reveal(x)

• Third working session can include forensic analysis and potential auto-response integrations, along with a data review to go through additional findings

• Present strategy and quote for production deployment

WEEK 3 Integrating Reveal(x) into your security toolset for orchestration and automation

• Presentation of Executive Summary, ROI Document, and Final Data Findings Report

WEEK 4 Business case for the project

Passive Data FeedThe Reveal(x) appliance requires a passive feed of network traffic. This is commonly provided through a port mirror (SPAN port), a network tap, or a network data broker.

Findings Reviews and Working SessionsWe recognize the value of your time. The Reveal(x) POC does require a commitment on your part—to run the POC in production and spend one day per week in working sessions. This is for the purpose of seeing how make the most of your time—detecting issues earlier, validating events faster, and investigating root cause in a matter of clicks.

Privacy & Legal ConsiderationsReveal(x) is a completely passive solution and will not interfere with your production network or applications. The product does include a cloud-based machine learning component, and information on the security and privacy of this connection available in our Security, Privacy, and Trust overview. If you do not wish to proceed beyond the POC, data is deleted in a secure manner.

Secure ConnectionFor the POC, the ExtraHop sales engineer and analysts will need to occasionally remotely access the POC appliance for the purposes of troubleshooting and management, as well as assessing findings for the working sessions.

Reveal(x) PROOF OF CONCEPT


POC-155 Manual ed1 - Advantechdownloadt.advantech.com/.../1-22N6AS/POC-155...Ed1.pdf · Ł POC-155 series Point of Care Terminal Ł User manual Ł Accessories for POC-155 Œ Y-shaped

Trigger API Reference - Extrahop Networks · ExtraHop 7.1 Trigger API Reference 3 Contents Overview 6 ExtraHop data types 7 Global functions 8 General purpose ... to syslog consumers

IT2202 poc

ExtraHop Product Overview Datasheet

ExtraHop Open Data Stream for ELK · This guide shows how to configure both the ExtraHop system and the ELK stack ... The examples in this guide show how to get a ... ExtraHop Open

OpenSpan POC

ExtraHop Platform Overview: Gain Control With Real-Time IT … Overview... · 2017-02-23 · ExtraHop Platform Overview: Gain Control With Real-Time IT Analytics ! Abstract To overcome

ExtraHop IT Operational Intelligence White Paper · The ExtraHop IT Operational Intelligence Platform: How It Works and Real-World Results Table of Contents Introduction !! ! ! !

Published: 2020-06-08 VMware Deploy the ExtraHop Discover ...VMware Published: 2020-06-08 Published: 2020-06-08 The ExtraHop virtual appliance can help you to monitor the performance

PoC Introduction

Reveal(x) Azure solution datasheet web - Extrahop Networksx) for Azure Solution Brief.pdfAZURE Secures the infrastructure of the cloud. ABOUT EXTRAHOP NETWORKS ExtraHop is the first

Addy datasheet WEB - Microsoft Azure · ExtraHop makes data-driven IT a reality. By applying real-time analytics and machine learning to all digital interactions, ExtraHop delivers

Automation POC

ExtraHop Keysight SolutionBrief

Reveal(x) datasheet web 4pg 7 - Extrahop Networksx)-Product-Datasheet.pdfREAL-TIME ANALYTICS BUSINESS RESULTS ABOUT EXTRAHOP NETWORKS ExtraHop provides enterprise cyber analytics that

2020 THREAT HUNTING REPORT - ExtraHop

Transitional Stage – Palliative Care POC LIGHT VERSIONhealthcareathome.ca/serviceproviders/en/Documents/... · Transitional Stage – Palliative Care POC LIGHT VERSION POC LIGHT

DIGIT.B4 Big Data PoC - Joinup.eu...DIGIT.B4 – Big Data PoC DIGIT 01 – Social Media everis Spain S.L.U D02.01 PoC Requirements 2 DIGIT.B2 D02.01 PoC Requirements everis Spain S.L.U

POC Proposal

EXTRAHOP DISCOVER APPLIANCES - dakoServ

Gamification poc

POC Evaluation Guide - RFPMonkey.com · About The POC Guide ..... 4 First Things First ..... 4 Your POC Credentials ..... 5 I received my Credentials

ExtraHop Discover Sensors Datasheet nopacket

New POC technology in blood counting - UK NEQAS … D Souza_New POC techno… · New POC technology in blood counting Carol D’Souza University of Westminster ... New POC devices

POC - Heska · Element POC Blood Gas & Electrolyte Analyzer B Preface Element POC [epoc ®] Blood Gas & Electrolyte Analyzer The Element POC® portable device consists of the blood

GET MORE FROM SAAS BY GETTING DOWN TO THE WIRE - Extrahop … · 2018-02-15 · AppDynamics and ExtraHop often partner in engagements when the customer wants visibility into custom-built

ExtraHop Reveal(x) vs. Cisco Stealthwatch...ExtraHop Reveal(x) vs. Cisco Stealthwatch NetFlow Is Not Enough ExtraHop Reveal(x) and Cisco Stealthwatch both use the network as a data

ExtraHop Reveal(x) + Cisco Identity Services Engine …ExtraHop® Reveal(x) Integration with Cisco® ISE Use Cases The Reveal(x) integration with the Cisco Identity Services Engine

eForms POC

Admin UI Guide - Extrahop Networks · ExtraHop Cloud Services 18 Atlas Services 18 Connect to Atlas services 18 Disconnect from Atlas services 18 ... Configure the SSL decryption

ExtraHop Trace Admin UI Guide...ExtraHop 8.1 ExtraHop Trace Admin UI Guide 3 Contents Introduction to the ExtraHop Trace Admin UI 6 Supported browsers 6 Status and Diagnostics 7 Health

POC-624 24 Point-of-Care Terminal with Intel 8th ...€¦ · POC-IPSM90PS2 POC- Power System w/ 2 batteries, VESA, cables POC-IPSM90PS3 POC- Power System w/ 3 batteries, VESA, cables

ExtraHop Explore Admin UI GuideThe ExtraHop Admin UI provides an interface to view and modify the code that specifies the default system configuration. In addition to making changes

ExtraHop Cloud Platform - Amazon Web Services...data to answer the most important questions coming from the Security and Operational teams. In the cloud, clarity is key. The ExtraHop

Analyzing Malicious Behavior Effectively with ExtraHop