ExtraHop helps SOCs connect the dots with identity-driven detection

ExtraHop unveiled new innovations to accelerate incident response, offering an understanding of cyberattacks by linking disparate detections to compromised identities.

As threat actors increasingly weaponize user identities to carry out their attacks, exploiting identity directory services like Active Directory and leveraging stolen credentials, security analysts struggle to understand their movements. Without knowing who is behind a suspicious action, they cannot connect the dots of an attack’s progression or accurately assess the full scope of a compromise.

To overcome this challenge, ExtraHop is putting identity at the forefront of NDR investigations, giving SOC analysts a complete picture of an attack based on user identities, quickly seeing which devices they’ve accessed, what protocols they’ve used, and any detections they’ve triggered. This capability provides unprecedented power to pinpoint lateral movement, prioritize high-risk detections, and scope out the blast radius for faster, more confident outcomes.

Additionally, ExtraHop offers best-in-class visibility into Active Directory environments to protect customer networks from identity-based threats, including brute force attacks, credential harvesting, and forged credentials. ExtraHop sets itself apart as the only NDR vendor to provide decryption for Active Directory protocols, meaning customers can eliminate critical blind spots and catch sophisticated adversaries leveraging these often hidden communication channels.

“Compromised credentials have emerged as the dominant initial attack vector in ransomware campaigns, and traditional security solutions have proven to be ineffective,” said Kanaiya Vasani, Chief Product Officer, ExtraHop. “ExtraHop is committed to ensuring that every network event is attributable to an identity, transforming scattered observations into a clear, actionable narrative for identity based threats. This focus on the ‘who’ provides the comprehensive understanding needed to expose even the stealthiest adversaries, shining a light on the blind spots that attackers exploit.”

With these identity insights, customers can:

• Take away the attacker’s advantage: Leverage user behavior insights for quicker and more effective incident response.
• Improve alert efficacy: Filter and tune detections based on specific usernames, allowing for efficient triage and quick confirmation of user-based incidents.
• Streamline operations with a single platform: Gain immediate insights into user behaviors – eliminating the need to pivot between tools.

“Pairing network and identity-centric data empowers organizations with a profound understanding of their operational environment,” said Chris Kissel, Research VP, Security & Trust, IDC. “ExtraHop’s well-established network expertise helps customers see the entire story unfolding on the network, from initial compromise to exfiltration, giving them the clarity they need to get ahead. By integrating identity insights directly into platform workflows, ExtraHop equips analysts with a streamlined, all-in-one solution, cutting down on tool sprawl and reclaiming valuable analyst time – all while maintaining robust organizational security.”