English
Contact Us

The Platform

Solutions

Customers

Partners

Blog

More

Start the Democaret-right

Contact Uscaret-right
caret-left Back

Reveal(x)

The industry's only network detection
and
response platform that delivers the
360-degree
visibility needed to
uncover the cybertruth.

Deployment Model

SaaS-Based Solution >

On-Premises Solution >

Security

Network Detection and Response >

Intrusion Detection System >

Forensics >

Performance

Network Performance Monitoring >

Forensics >
caret-left Back

Solutions

Learn More

Use Cases

Explore By Industry Vertical
caret-left Back

Customers

Customer resources, training,
case studies, and more.

Learn More

Customer Community

Cybersecurity Services

ExtraHop Support
caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Learn More

Work With Us! Become a Partner

Integrations and Automations

Partners
caret-left Back

Blog

Learn More
caret-left Back

About Us

Events & Newsroom

Careers

Resources

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

Contact Us

caret-left Back

Events & Newsroom

Get the latest news and information.

Learn More

Sign Up for a Live Attack Simulation

Upcoming Webinars and Events

caret-left Back

Careers

We believe in what we're doing. Are you ready to join us?

Learn More

Careers at ExtraHop

Search Openings

Connect on LinkedIn

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories & Case Studies

Ransomware Attacks in 2021: A Retrospective

Cyberattack Glossary

Network Protocols Glossary

Documentation

Firmware

Training Videos

Integration Partner

Partner Logo

Automate action on cybersecurity threats with Check Point and Reveal(x) for AWS

Download the Datasheet

 

Overview

The Check Point® Identity Awareness and ExtraHop Reveal(x) for AWS integration provides immediate and automated remediation of cybersecurity threats in the cloud. Check Point and ExtraHop have partnered to streamline your automated security response to Reveal(x) detections.

Get the Bundle

Check Point® Identity Awareness + ExtraHop Reveal(x) for AWS

The new ExtraHop Reveal(x) for AWS integration with Check Point security gateways enables cloud-focused security teams to take automated action on suspect domains and IP addresses.

ExtraHop applies analytics and machine learning to all east-west and north-south traffic, providing broad visibility, detection, and investigation across the entire attack surface.

This integration enables the following investigative tasks and workflows in Check Point as an automated response to ExtraHop Reveal(x) detections:

  • Reveal(x) for AWS uses Amazon VPC Traffic Mirroring to bring agentless network detection and response (NDR) to the cloud.
  • ExtraHop captures copies of network traffic packets and analyzes the data with cloud-scale machine learning to detect successful attacks and power response automation.
  • When Reveal(x) detects security threats with a high risk score, it sends a message through the AWS Simple Notification Service (SNS) in JSON format to a subscribed Lambda function.
  • The Lambda function then sends an Identity Awareness command to all Check Point gateways.
  • The offending IP addresses are then added to firewall access control lists and quarantined.

By natively integrating with Check Point Identity Awareness gateways, Amazon SNS, and AWS Lambda, Reveal(x) for AWS eliminates the need to use direct API calls to target individual firewalls. Instead, AWS Lambda encodes the targets as a single environment variable, significantly reducing configuration.

ExtraHop Dashboard

Key Features

Real-time creation of investigations for Reveal(x) detections

Automated action on suspect domains and IP addresses in the cloud

Native integrations eliminate the need to use direct API calls to target individual firewall

Quote Icon

ExtraHop continues to bolster its usefulness through its very open integration ecosystem with partners in the SIEM, NGFW, ticketing and orchestration and automation categories. This open approach can significantly enhance the continuity of the security operations practice and facilitate improved automation and speed of detection to investigation.

DAVE SHACKLEFORD
Senior Instructor, SANS Institute

Demo Image

Start the Demo

Solve network latency, poor web app delivery, and more with the full product demo.

Start Demo