Network detection and response (NDR) solutions can assist government agencies by keeping their IT systems operating while they hunt for cyberthreats and investigate breaches, according to Raja Mukerji, Chief Customer Officer and Co-Founder of ExtraHop.
In many cases, organizations have to shut down IT assets when running a forensic investigation, but NDR tools allow them to look for incidents while their networks are still operating, Mukerji said in an interview with Scoop News Group at the CrowdStrike Government Summit in April.
CrowdStrike is an ExtraHop technology partner. The two companies released a new integration enabling customers to ingest network data from Reveal(x) 360 into CrowdStrike Falcon LogScale in March.
“One of the biggest conundrums that threat hunters and incident response teams face today is that in order to determine whether a breach has occurred, they have to disable certain IT systems to maintain the forensic chain of custody,” he said.
NDR platforms present government agencies with a tremendous opportunity to defend their IT assets, because they work without requiring site downtime, he said. The ExtraHop Reveal(x) NDR platform searches for possible data breaches by looking for unusual and malicious behavior across a customer’s network.
Many attacks leave detectable signals on the network before they do major damage. Reveal(x) detects these early signals of previously unknown threat activity in real time across the cloud and hybrid environments often used by government agencies.
Mukerji also spoke to Scoop News Group about the benefits that AI and machine learning can bring to government agencies. Both technologies will have a significant impact on cyberdefense at government organizations, he predicted.
“The problem that we see in cybersecurity today is there’s a tremendous asymmetry between the effort to successfully attack vs. successfully defend,” he said. “Today, one can launch millions of attacks per second, and the attackers only have to be successful once.”
However, the use of AI and ML in cybersecurity tools will change the “balance of power” to be more friendly to the defenders, he said. Security teams can use AI and ML to monitor agency networks, putting them in a better position to stop attacks, he added.
Reveal(x) uses AI and ML to look for unusual behavior and to identify potential breaches on customers’ networks. Reveal(x) uses cloud-scale ML to provide scalable insights to agencies with global coverage across their network boundaries. ExtraHop processes over 1 petabyte of wire data each day, training its ML on the most comprehensive data available.