Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



ExtraHop is the leader in real-time IT analytics. Our platform makes data-driven IT a reality, applying advanced analytics and cloud-based machine learning to all digital interactions to deliver timely and accurate insight. IT leaders turn to ExtraHop first to help them make faster, better-informed decisions that improve performance, security, and digital experience. Just ask the hundreds of global ExtraHop customers, including Sony, Lockheed Martin, Microsoft, Adobe, and Google. To experience the power of ExtraHop, explore our interactive online demo:

Our Website:

Latest Content From ExtraHop

Research Report: The Definition of SOC-cess: SANS 2018 SOC Survey Results

by ExtraHopAug 17, 2018

This report collects and analyzes the results of the SANS 2018 SOC Survey. It provides a detailed look at how Security Operations Centers work today, their biggest dissatisfactions with security products, and areas of low hanging fruit for SecOps improvement, based on a survey of a large, global subset of SecOps professionals.

Whitepaper: The Critical Asset Filter for the SOC

by ExtraHopAug 01, 2018

This white paper discusses methods for prioritizing critical assets so that security analysts and technologies focus on protecting the most important things, while leveraging automation to handle less urgent monitoring & response tasks.

Whitepaper: Situational Intelligence for Cyber Threat Hunters

by ExtraHopAug 01, 2018

This white paper details proactive techniques used by real-world professional threat hunters to detect advanced threats and malicious behaviors like reconnaissance, lateral movement, and data exfiltration in some of the world's most sensitive environments.

Whitepaper: SANS Review: Investigate Attacks on Critical Assets with Network Traffic Analysis

by ExtraHopApr 10, 2019

Internal threat activities (priilege escalation, lateral movement, etc.) are difficult if not impossible to detect using endpoint and perimeter protection alone. ExtraHop Reveal(x) provides network traffic analysis that helps security analysts efficiently detect and investigate these late-stage threats, as well as proactively improve security hygiene.

SANS Institute put the product through its paces to evaluate the following:

• Intuitiveness of the user interface
• Breach detection and response capabilities
• Proactive hunting of internal threats
• Ability to support hygiene and compliance initiatives

Read the report to learn why SANS Instructor Dave Shackleford says Reveal(x) "does [detecting and investigating threats in east-west traffic] well, and so much more."

Whitepaper: SANS Review: Investigate Attacks on Critical Assets with Network Detection and Response

by ExtraHopOct 03, 2019

"By emphasizing ease of use, deep analytics capabilities, built-in intelligence and search tools and rapid event triage, many SOC teams could hit the ground running quickly with Reveal(x)."
- Dave Shackleford, SANS Institute Instructor

Learn how Reveal(x), cloud-native network detection and response for the hybrid enterprise, addresses the following core security areas as identified by the SANS Institute in this 12-page product review:

• Deployment model and flexibility
• Broad visibility and context
• Machine learning
• Depth and breadth of Layer 7 protocol analysis
• Decryption

The SANS team was provided with a review environment configured with a number of compromised systems exhibiting mock attack activity. The review details their experience with several security use cases, including Detection/Response, Proactive Threat Hunting, and Hygiene and Compliance.

Whitepaper: SANS Report: Cloud Security Survey 2019

by ExtraHopMay 06, 2019

Complex configurations don't mix well with rapidly spun-up components, and when your company uses multiple cloud providers to host your critical assets, the odds of a major security event get that much higher.

So how do you close visibility gaps and integrate conflicting datasets from different providers, and how do you adjust your current incident response strategies to respond to cloud-specific threats?

Read the report from SANS Instructor Dave Shackleford to learn how your peers across tech, finance, cybersecurity, and other industries address the following questions and more:

• What's the most dangerous cloud security vulnerability that you might think is only hype?
• What are the biggest challenges in adapting IR and forensics analysis to the cloud?
• What are the most effective security controls for the cloud, and how can you avoid common implementation roadblocks?

Whitepaper: SANS 2019 Incident Response (IR) Survey: It's Time for a Change

by ExtraHopAug 14, 2019

Curious about the state of incident response worldwide? Interested in expert recommendations for improving your incident team's performance?

Download a copy of the SANS 2019 Incident Response Survey: It's Time for a Change.

In this report, you'll dive deeper into survey results and get suggestions on how to boost breach detection, investigation and remediation by focusing on:

• Eliminating gaps in visibility
• Automating responses to security threats
• Improving communication between SecOps and NetOps teams

Whitepaper: Reveal(x) Reviewer's Guide

by ExtraHopFeb 20, 2019

As you go through the guide, you will learn how Reveal(x) can help your organization increase efficiency and confidence through unprecedented visibility, definitive insights, and immediate answers.

Whitepaper: Network Traffic Analysis for MITRE ATT&CK

by ExtraHopJun 12, 2019

The MITRE ATT&CK Framework has rapidly become popular among security teams looking to take a structured and proactive approach to improving threat detection.

For many security professionals, using the ATT&CK Framework means taking a close look at each of the hundreds of tactics, techniques, and procedures (TTPs) and trying to figure out which tool in their patchwork of solutions is most likely to detect or block any given threat. MITRE provides an evaluation framework for Endpoint Detection and Response (EDR) platforms to test their standard deployments against a subset (56) of the TTPs listed. However, no such evaluation yet exists for network traffic analysis (NTA) products.

Read the white paper for a high-level view of how enterprise NTA with ExtraHop Reveal(x) detects and enables investigation of a broad range of the TTPs catalogued by MITRE ATT&CK!

Whitepaper: IDC Workbook: Cloud Security Roadmap

by ExtraHopOct 03, 2019

Over the past year, the percentage of organizations supporting their business via the public cloud has grown by almost 50 percent. The benefits are clear, but when it comes to cloud security, vendors, consumers, and threat actors alike have had to learn by doing.

Which security tools and workflows can easily adapt themselves to the cloud? Where are the new blind spots and threat vectors? What does cloud actually mean in terms of the breakdown of responsibility between a security vendor and a client?

In this report, IDC compiles learnings and best practices for cloud security under the Shared Responsibility Model, where a public cloud provider secures the underlying cloud infrastructure but users must secure their own operating systems, middleware, applications and data.

You'll learn:
• Which pieces of cloud security fall to service providers vs. users under the Shared Responsibility Model?
• What are the suggested security practices for cloud customers?
• Which technology solutions does IDC recommend for cloud security?

And finally, to help you strategize in real time, the report provides a checklist with questions to ask any cloud security technology solution vendor to help you narrow down which products and services are right for your business.