Insights > Network Visibility + Security

Keysight and Extrahop join forces providing complete Visibility and Network Intelligence

2022-05-20  |  6 min read 

Organizations today are faced with growing challenges when it comes to defending against increasingly sophisticated cyber attacks. Ransomware, software supply chain attacks, denial of service, malware, botnets, social engineering – a seemingly infinite list of attack techniques are upping the ante and driving security teams to burnout. Attackers have at their disposal a plethora of known Common Vulnerabilities and Exposures (CVEs), as well as unknown zero-day techniques. At the same time, the complexity of the enterprise IT environment is increasing, and the attack surface is growing rapidly due to continued trends of remote work, work from home, cloud services, and bring your own device (BYOD) policies. The rapid evolution of the threat landscape drives a need to provide broad visibility and security in increasingly complex hybrid architectures. Keysight and ExtraHop have partnered to deliver the data, the analysis, and the detection and response capabilities necessary to stop advanced threats.

Securing the Hybrid Enterprise with Network Intelligence

Hybrid architectures include traditional on-premises data centers, virtualized resources, remote and home offices, and public cloud hosted applications. Cloud native security mechanisms exist, and are valuable for security triage and alerting, but tend to rely on data sources such as logs, APIs and metrics. Such data sources are vulnerable to evasion techniques increasingly being used by attackers. Furthermore, less granular data is unable to expose the full details of a sophisticated attack. On the other hand, having copies of all the network packets ensures access to all data potentially being exploited by hackers and propagating around the organization’s hybrid cloud. Logging can be turned off by attackers, metrics don’t have as much granularity, and APIs are most suited to querying well known variables – but the packets provide a complete source of network intelligence.

Packets must be delivered to security tools for inspection and analysis. In traditional on-premises data centers, collection and delivery of packets has been accomplished using well known means such as switch mirrors, taps, and network packet brokers (Keysight refers to this as Network Visibility, and we have delivered leading solutions in this area for many years). However, the advent of hybrid cloud architectures has necessitated expanding visibility to the broader attack surface. Keysight accomplishes this with the help of virtualized taps and packet brokers, and a cloud network data collection solution we call CloudLens. This new visibility architecture can deliver copies of packets regardless of limits of access to the underlying network caused by obfuscation of infrastructure by cloud service providers. Whether applications are hosted on VMWare, KVM, AWS, Azure or other CSPs, Keysight Visibility ensures consistent visibility, enabling network intelligence-based security analysis. Furthermore, Keysight Visibility features such as de-duplication, masking of personal identification information, load balancing, and traffic sharing enable reliable, compliant data collection at the scale demanded by modern hybrid enterprises.

How Keysight and ExtraHop Detect Advanced Threats in Hybrid Environments

Keysight and Extrahop have partnered to offer a joint solution combining best of breed Keysight Visibility and ExtraHop Reveal(x) Network Detection and Response. Armed with data delivered by Keysight, Extrahop can detect MITRE ATT&CK Tactics and techniques across every phase of the attack chain. The ubiquitous hybrid coverage enabled by Keysight Visibility fuels ExtraHop’s detection capabilities inside the target enterprise, enabling rapid detection of intruder post compromise activity, including lateral movement, command & control, and data exfiltration. Early detection of these attack tactics allows rapid mitigation of ransomware, supply chain attacks, and other advanced threats. For example, recently, at a leading home improvement company, Extrahop quickly identified a ransomware attack by observing its network behavior, including target enumeration and lateral movement inside the target environment. The early detection by ExtraHop enabled quick security team response, resulting in zero downtime for the business, and $0 ransomware payment. Without such network-intelligence-driven detection and response capabilities, other organizations have not been so fortunate.

Says Chase Snyder, Senior Product Marketing Manager at Extrahop “Keysight Network Visibility solution is a vital enabler of Extrahop’s ability to detect MITRE ATT&CK techniques and threats moving laterally throughout the hybrid cloud enterprise. Keysight delivers complete packet data from anywhere in the enterprise, which is analyzed by ExtraHop Reveal(x) Network Detection and Response to catch even the stealthiest attackers. With the joint solution, our customers have the most complete coverage in Network Intelligence and Advanced Threat Detection.”

Extrahop and Keysight will be presenting about our joint Visibility and Network Intelligence solution at the upcoming RSA Security Conference in San Francisco. Please join at us at 3:30 p.m. PST Wednesday June 8th for the presentation, located at Keysight’s theater in the North expo hall booth #5873. Feel free to stay after the presentation to talk to experts from Extrahop and Keysight.