ExtraHop and CrowdStrike have announced a new integration between ExtraHop Reveal(x) and CrowdStrike Falcon. One target of this move is the security of the remote workforce. As employees moved to work from home rather than the office, it exposed weak points in how organisations were protecting their remote workers.
Those weak points have become targets for cybercriminals over the last three months. There has been a significant rise in phishing attacks and malware loaded spam and an increase in exploits against web app vulnerabilities. Additionally, many of the devices used are unmanaged. It means IT security teams have little to no visibility of their patch state or the risk they pose.
ExtraHop and CrowdStrike are targeting those unmanaged devices with this announcement. They claim that it will increase the ability to detect devices, threats and vulnerabilities. Once identified, they say it will enable instant remediation.
Announcing the integration Raja Mukerji, ExtraHop co-founder and Chief Customer Officer said: “Over the past five years, the security industry has undergone a seismic shift from a model of purely ‘prevention and protection’ to one that additionally delivers detection and response.
“CrowdStrike and ExtraHop have been at the forefront of that shift, arming security organizations with the situational awareness and control they need to protect businesses and consumers in a perimeterless world. With this partnership and integration, our customers can now detect and respond to every threat from the core to the edge and everywhere in between.”
What will the integration enable?
ExtraHop and CrowdStrike have named three areas where they believe the integration will help IT security. They are:
- Real-time Detection: The integration allows security teams to rapidly detect threats observed on the network such as network privilege escalation, lateral movement, suspicious VPN connections, data exfiltration and more. It also helps thwart those occurring on the endpoint, including ransomware, local file enumeration, directory traversal, and code execution. This provides complete coverage across the entire attack surface.
- Instant Response: When Reveal(x) detects urgent threats, it notifies the Falcon platform to contain the impacted devices ensuring analysts can rapidly investigate and resolve threats. This cuts off access to network resources and endpoints before a security incident can turn into a breach.
- Continuous Endpoint Visibility: With automatic device discovery and classification, Reveal(x) continuously updates and maintains a list of devices impacted by threats, even on devices where the CrowdStrike agent is not yet present. This alerts CrowdStrike customers to newly connected and potentially compromised devices that need instrumentation for device-level visibility. It also extends edge visibility to include IoT, bring your own device (BYOD), and devices incompatible with agents.
Enterprise Times: What does this mean?
For two decades, enterprises have talked about a more mobile workforce. When the pandemic lockdown hit, most were left fumbling in the dark. Compounding that problem has been the almost decade long shift to Bring Your Own Device (BYOD). Companies no longer want to pay for technology. They want employees to do the CAPEX on devices.
It has created an environment where the number of unmanaged devices in use inside enterprises outnumbers the managed devices. With work from home, that problem got worse and was exacerbated by people who would not normally work remotely. On work devices, they would have protection against malware and other attacks. At home, they often don’t have that same level of protection.
This deal seeks to extend that protection and is one of several that is starting to happen. Security vendors realise that there is a large market in helping enterprise customers extend support to all the devices connecting to their network.
It raises two immediate questions for employers. Will employees allow IT to install security software on their devices? Are they happy for IT to manage those devices applying patches and updates to deal with vulnerabilities?
ExtraHop and CrowdStrike are hosting a webinar on June 24 (registration required) to explain more about this integration.