Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



ExtraHop is the leader in real-time IT analytics. Our platform makes data-driven IT a reality, applying advanced analytics and cloud-based machine learning to all digital interactions to deliver timely and accurate insight. IT leaders turn to ExtraHop first to help them make faster, better-informed decisions that improve performance, security, and digital experience. Just ask the hundreds of global ExtraHop customers, including Sony, Lockheed Martin, Microsoft, Adobe, and Google. To experience the power of ExtraHop, explore our interactive online demo:

Our Website:

Latest Content From ExtraHop

Whitepaper: 2019 Security Advisory: Phoning Home

by ExtraHopOct 03, 2019

Is your enterprise data being 'phoned home' by third-party vendors?

Enterprises rely on third-party vendors for everything from infrastructure and applications to security, but then they often don't know how those vendors are using their data. In this ExtraHop Security Advisor, we discuss four real-world examples of data being *phoned home* and share best practices for ensuring data security, privacy, and compliance.

Download your copy now to learn how you can recognize these instances and prevent vendors from misusing data.

Whitepaper: IDC Workbook: Cloud Security Roadmap

by ExtraHopOct 03, 2019

Over the past year, the percentage of organizations supporting their business via the public cloud has grown by almost 50 percent. The benefits are clear, but when it comes to cloud security, vendors, consumers, and threat actors alike have had to learn by doing.

Which security tools and workflows can easily adapt themselves to the cloud? Where are the new blind spots and threat vectors? What does cloud actually mean in terms of the breakdown of responsibility between a security vendor and a client?

In this report, IDC compiles learnings and best practices for cloud security under the Shared Responsibility Model, where a public cloud provider secures the underlying cloud infrastructure but users must secure their own operating systems, middleware, applications and data.

You'll learn:
• Which pieces of cloud security fall to service providers vs. users under the Shared Responsibility Model?
• What are the suggested security practices for cloud customers?
• Which technology solutions does IDC recommend for cloud security?

And finally, to help you strategize in real time, the report provides a checklist with questions to ask any cloud security technology solution vendor to help you narrow down which products and services are right for your business.

Whitepaper: SANS Review: Investigate Attacks on Critical Assets with Network Detection and Response

by ExtraHopOct 03, 2019

"By emphasizing ease of use, deep analytics capabilities, built-in intelligence and search tools and rapid event triage, many SOC teams could hit the ground running quickly with Reveal(x)."
- Dave Shackleford, SANS Institute Instructor

Learn how Reveal(x), cloud-native network detection and response for the hybrid enterprise, addresses the following core security areas as identified by the SANS Institute in this 12-page product review:

• Deployment model and flexibility
• Broad visibility and context
• Machine learning
• Depth and breadth of Layer 7 protocol analysis
• Decryption

The SANS team was provided with a review environment configured with a number of compromised systems exhibiting mock attack activity. The review details their experience with several security use cases, including Detection/Response, Proactive Threat Hunting, and Hygiene and Compliance.

Whitepaper: EMA 2019 Report: Bridging the Gap Between NetOps and SecOps

by ExtraHopAug 14, 2019

Security incidents often present themselves as performance problems, and IT teams that respond to security incidents as performance issues will miss opportunities to protect the business from attack.

Today's enterprises recognize that network operations and security operations teams should be partners, not adversaries--but especially in large, well-established organizations, that kind of cultural and process shift is much easier said than done.

In this whitepaper, Enterprise Management Associates draws from several industry research studies to synthesize a clear set of best practices and step-by-step instructions for how to bridge the gap between NetOps and SecOps.

Download your copy to learn how your organization can establish a cross-functional agenda, identify areas ripe for collaboration and tool-sharing, and move from siloed teams to NetSecOps.

Whitepaper: SANS 2019 Incident Response (IR) Survey: It's Time for a Change

by ExtraHopAug 14, 2019

Curious about the state of incident response worldwide? Interested in expert recommendations for improving your incident team's performance?

Download a copy of the SANS 2019 Incident Response Survey: It's Time for a Change.

In this report, you'll dive deeper into survey results and get suggestions on how to boost breach detection, investigation and remediation by focusing on:

• Eliminating gaps in visibility
• Automating responses to security threats
• Improving communication between SecOps and NetOps teams

Whitepaper: EMA 2019 Report: Network Detection and Response in the Cloud Comes of Age

by ExtraHopJul 24, 2019

Until recently, many IT security practitioners turned to legacy tools as a means of securing the growing amount of east-west network traffic in cloud environments. With the introduction of traffic mirroring and virtual network taps, cloud-native network detection and response (NDR) solutions such as ExtraHop Reveal(x) Cloud can help security teams overcome the challenges of visibility at a cloud scale:

"ExtraHop's new Reveal(x) Clous SaaS offering for AWS takes the deployment burden away from AWS customers, enabling fast service provisioning and instant asset discovery, and providing threat detection, investigation, and response."

Download your copy of the full report from Enterprise Management Associates to learn more about:

• The key benefits of virtual network taps provided by Microsoft Azure and Amazon Web Services
• ExtraHop's new Reveal(x) Cloud SaaS-based network detection and response solution

Whitepaper: Best Practices for Security Operations Centers: Results of the 2019 SOC Survey

by ExtraHopJul 24, 2019

The SANS 2019 Security Operations Survey focuses on how organizations worldwide are adapting to technical shifts and keeping their businesses safe against constantly innovating attacks.

Download your copy to learn about these key findings and more:

• Network-based detection tools had the highest levels of satisfaction for identifying security events
• The number of organizations planning to move to cloud-based SOCs over the next 12 months more than doubled year-over-year
• The top three barriers to SOC success are a lack of skilled staff, lack of automation and orchestration, and a lack of tool integration

You'll also gain valuable insights into SOC best practices from principal SANS Senior Instructor Christoper Crowley and SANS Director of Emerging Technologies John Pestacore. Enjoy!

Whitepaper: Network Traffic Analysis for MITRE ATT&CK

by ExtraHopJun 12, 2019

The MITRE ATT&CK Framework has rapidly become popular among security teams looking to take a structured and proactive approach to improving threat detection.

For many security professionals, using the ATT&CK Framework means taking a close look at each of the hundreds of tactics, techniques, and procedures (TTPs) and trying to figure out which tool in their patchwork of solutions is most likely to detect or block any given threat. MITRE provides an evaluation framework for Endpoint Detection and Response (EDR) platforms to test their standard deployments against a subset (56) of the TTPs listed. However, no such evaluation yet exists for network traffic analysis (NTA) products.

Read the white paper for a high-level view of how enterprise NTA with ExtraHop Reveal(x) detects and enables investigation of a broad range of the TTPs catalogued by MITRE ATT&CK!

Whitepaper: Executive's Guide to Integrating NetOps and SecOps

by ExtraHopJun 04, 2019

"Integrated NetOps and SecOps delivers tangible results: 38% OPEX reduction, 37% risk reduction, and much more."

Security operations (SecOps) and network teams (NetOps) have traditionally acted separately but increasing IT complexity and scale means that aligning these two groups is a critical step towards delivering a fast and secure user experience.

A recent global SANS Institute survey found that only 30 percent of SecOps teams already work closely with NetOps, so how can you convince your organization to combine forces in order to reduce waste, speed up threat detection and response, and improve your business agility?

Read this whitepaper for the five key value drivers of an integrated SOC and NOC, as well as clear strategies to help you move forward.

Whitepaper: Embracing the Looming Challenge of 100% Encryption

by ExtraHopMay 13, 2019

Encryption is skyrocketing both inside corporate networks and on the public internet--and studies show that more and more attackers are utilizing numerous trends to hide their activities from your SOC. Luckily, there are methods you can use to embrace encryption in the enterprise without sacrificing your ability to see, hunt, and stop attackers.

Read the report for a deep dive into:

• Why decryption capabilities are crucial for the modern SOC
• The two primary methods for accessing and decrypting data for security analytics
• How ExtraHop Reveal(x), Network Traffic Analytics for the enterprise, gives you access to critical data with need-to-know decryption and no performance impacts