ExtraHop looks to create a best-of breed integration of its network detection and response solution with CrowdStrike’s endpoint detection and response.
Seattle-based network detection and response vendor ExtraHop has formed their first partnership with an endpoint vendor. Their new relationship with CrowdStrike is aimed at providing a best-of-breed- melding of network and endpoint detection and response, and is particularly aimed at increasing protection against the new vulnerabilities created in the transition to Work From Home environments.
“This is our first strategic endpoint relationship,” said Phil Shigo, ExtraHop’s VP of Business Development. “We have many integrations with security and incident response vendors – SIEMs and SOARs – but this is the first of this type.”
“We have invested heavily in our APIs, and to share and integrate them between tools and platforms,” said Chase Snyder, Product Marketing Manager, Security at ExtraHop. “We are committed to building a highly integratable product.”
The timing of the partnership was impacted by the pandemic, as the move to a Work From Home environment has left many users more vulnerable to issues ranging from exploiting misconfigured remote desktop protocol vulnerabilities to a new wave of phishing scams.
“We can help customers see where they have gaps and remediate them, which are even more exposed in the current environment,” Shigo said. “We want to provide complete coverage across the entire attack surface. We all live now in a perimeterless world and we need to do everything in our power to provide the best security posture that we can.”
Shigo noted the importance of being able to support what Gartner has termed the SOC Visibility Triad, by providing visibility across complex attack surfaces, detecting threats in real time, and enabling rapid response to incidents.
“We believe we can best deliver on this by bringing together best-of-breed capabilities,” he said. “Working with CrowdStrike, we can do containment of things we see in anomalous ways. We think this will help address some of the gaps in seeing when third parties get on the network. We as a network player want to meet customers where they are, always, and we know that their solution works a lot better when it’s integrated with network detection. We have seen a lot of our customers using CrowdStrike, and it’s a best in class solution.”
“ExtraHop observes all the network traffic, and pulls information out of passively observed network traffic,” Synder said. “With Work From Home, these may not be going through proper channels, with an agent on them. We can tell if traffic has a CrowdStrike agent on it, to determine if it is still subject to risky behavior. When we detect a threat, we let CrowdStrike know and stop the threat from communicating on the network. The analyst has all the information to know exactly what the transaction was. They have the whole corpus of evidence that they need.”
The Go-to-Market strategy for the joint offering will involve both companies, with ExtraHop taking the lead.
“We will be very involved since we are the smaller of the two players, which will see us taking the lead in many cases,” Shigo said. “We will definitely show up together at events where we can speak with channel partners and customers abut the joint value we provide.”