DataCenterNews Asia Pacific - Specialist news for cloud & data center decision-makers
Story image
ExtraHop integrates with Google Cloud's new packet mirroring feature
Tue, 26th Nov 2019
FYI, this story is more than a year old

 Google Cloud has announced a new packet mirroring feature that integrates with ExtraHop's ExtraHopReveal(x) to enable stronger threat detection, investigation, and response.

The packet mirroring feature enables Reveal(x) to analyse network traffic in a passive, agentless manner, in order to provide deeper visibility into security threats against workloads in Google Cloud.

Reveal(x) for Google Cloud Platform is able to automatically discover, classify, and map dependencies between workloads. It is also able to apply advanced machine learning to surface the most critical threats. Equipped with this information, GCP customers can rapidly identify, investigate, and respond to threats, fulfilling their obligations under the shared responsibility model.

ExtraHop CTO and cofounder Jesse Rothstein says that traditional security tools are falling short, which means new thinking is needed.

“Reveal(x) for GCP Packet Mirroring provides security teams with unparalleled network visibility and cloud-scale machine learning for detection and automated response across your business's complex attack surface.

Through the integration with GCP packet mirroring, ExtraHop Reveal(x) provides full threat visibility, detection, and response across cloud and hybrid workloads.

Full Packet analysis: Reveal(x) leverages GCP Packet Mirroring to capture payloads and headers, enabling in-depth analysis and threat hunting. Machine learning at the application layer provides immediate detection of difficult-to-spot activity, including exfiltration.

Encrypted payload visibility: Reveal(x) decrypts SSL/TLS-encrypted traffic at line rate, including cipher suites supporting perfect forward secrecy, providing complete visibility into all communications, including encrypted malicious traffic.

Augmented investigation: Reveal(x) for GCP automates several early investigation steps to provide analysts with workflows that can be completed in clicks, enabling quick and confident response.

Google Cloud product manager Mahesh Narayanan says traffic visibility is an essential part of preventing security breaches and attacks, particularly as networks become more complex.

“With Packet Mirroring, our customers now have a way to proactively detect network intrusions, analyze, and diagnose application performance issues for both Compute Engine and Google Kubernetes Engine, across all regions and machine types."

Ulta Beauty is one organisation that sees benefits from the Google Cloud and Reveal(x) integration.

Ulta Beauty's senior director of IT risk management and CISO Diane Brown explains, "Ulta Beauty is a company built on seeing possibilities. It's informed everything from our in-store shopping experience to how we build our business – including the technology that supports it.

"In cloud computing, we see the ability to grow faster and deliver more 'wow' experiences to our customers. The new integration between ExtraHop Reveal(x) and Google Cloud's new packet mirroring accelerates our cloud adoption by giving us the visibility we need to secure our applications and protect our most precious asset, our customers."

ExtraHop Reveal(x) for GCP is now available in alpha.