Since Dr. Anton Chuvakin first shared the idea of a SOC nuclear triad of SIEM, endpoint data, and network intelligence for security visibility, organizations of all sizes have strived to execute on that concept. But for various reasons—including challenges with security maturity, finding and retaining skilled analysts, and the exponential growth of cybersecurity vendors—executing on that vision of a three-pronged solution to threat defense has been easier said than done.
The security skills gap has been a constant challenge for organizations over the last few years. Whether because of burnout or looking for new opportunities, when experienced analysts leave, it's difficult to find replacements that can pick up where they left off. It's not just a person walking out of the door; when analysts move on, they carry institutional knowledge with them.
To answer these challenges, a growing number of organizations are turning to managed detection and response (MDR), which can combine leading SIEM, endpoint visibility, and network data in a single, software-based platform. Managed detection and response providers are part of a large, growing market, and the leading vendors are adding network intelligence solutions to their suite of tools.
That's why ExtraHop is excited about Red Canary's choice to integrate ExtraHop network intelligence into their managed detection and response offering. ExtraHop will be added into the existing industry-leading MDR solution to provide network-based context. ExtraHop's device and detection data acts as a force multiplier for Red Canary. Organizations can now leverage a super suite of capabilities and get 24/7 service from Red Canary's experts, who quickly investigate and triage high-fidelity data from ExtraHop to surface the threats that matter and help to speed incident response.
Read Red Canary's Announcement of the ExtraHop Integration
Why Network Intelligence Is Essential for Managed Security Services
Network intelligence powered by network packets is a must-have component for visibility and threat detection. While logs from a SIEM are popular data sources, and with good reason, logs lack the depth of context available in network packets. A log can tell you that two devices talked and for how long; network packets tell you what those devices said.
Network intelligence also provides coverage in areas where endpoint tools have gaps. This is especially important because it's impossible to add an agent to every asset that needs to be monitored. With an agentless deployment model, ExtraHop is able to scale with your environment and your needs.
Integrating ExtraHop's network intelligence strengthens Red Canary's managed service in several ways, including:
- Accurate inventory: Automatically discovers, classifies, and maps devices communicating on the network.
- Complete east-west visibility: Monitors and analyzes all traffic flowing into and across the network.
- Packet-level context: Provides deeper insight than what's available in logs. Logs tell you when two devices communicate, but packets tell you what they said.
- Real-time threat detection: Uses cloud-scale AI and rules-based detections created by the ExtraHop Threat Research team to detect threats as they occur.
What the ExtraHop + Red Canary Integration Means for Security Teams
By leveraging detections and device data from ExtraHop combined into a broader holistic managed security strategy, Red Canary security experts are able to upscale the capabilities of security teams and significantly reduce alert fatigue, mean time to detect (MTTD), and mean time to respond (MTTR). Below are a few examples of the benefits this new integration provides.
Optimize threat detection across the enterprise
Security teams can outsource threat detection and response to Red Canary and receive premium detection capabilities and expert security resources, leveraging the full security triad of endpoint, SIEM, and network.
Consolidate threat detection for better outcomes and visibility
Red Canary aggregates, correlates, and analyzes all threat detections from NDR, EDR, and other tools into one console to reduce overhead costs, staff fatigue, and false alerts.
Automate detection and incident response (IR)
Red Canary includes a highly scalable, integrated SOAR platform for notification and threat containment that begins remediation automatically when confirmed threats are found.
Reduce dwell time and preempt breaches
Red Canary investigates suspicious activity and confirms threats before alerting security teams. Vetted detections from ExtraHop in one Red Canary customer environment also trigger investigations across all Red Canary customer environments.
Learn More About ExtraHop + Red Canary MDR
Interested in learning more about how to leverage the power of ExtraHop network intelligence with Red Canary's MDR? Contact your ExtraHop sales representative.
To try Reveal(x) for yourself, our online demo has guided scenarios for several hybrid and cloud security use cases. You can also start a free 30-day trial of Reveal(x) 360 Standard, our VPC Flow Logs-based subscription for security in AWS.