October is Cybersecurity Awareness Month, and this year’s theme, straight from the Cybersecurity and Infrastructure Security Agency (CISA) website, is ‘See Yourself in Cyber.’ While years past have revolved around the advanced threats that wreak havoc on businesses and keep IT professionals up at night, this year is all about the people who work hard to protect valuable data.

As a company that specializes in defending businesses from cyber attacks, we decided to reach out and ask some ExtraHop employees about how they came to work in cybersecurity. What we learned may help others who are looking for a new career or who might be curious about working in this ever-growing industry.

Finding the Right Fit

“I was at the [University of Washington] CS department's career fair talking to another company whose table happened to be next to ExtraHop,” says senior software engineer Yvonne Chen. “After my conversation, an ExtraHop recruiter came up to me and said my background sounded interesting—would I like to chat? That was over six years ago!”

Career fairs are a great way for some people to learn about industries they may not have considered. For others, like software engineer Meg Kaye, they know exactly what they’re looking for. “I saw ExtraHop at the HMC career fair and was excited because I am passionate about cybersecurity,” Meg says. “Everyone I spoke to seemed happy and loved working there.”

Others have found success networking on LinkedIn. The site allows people to showcase their talents and experience—which is how Kavita Sah found an internship at ExtraHop that led her to her role as a security engineer. “A recruiter reached out to my friend via LinkedIn and my friend told me about the opening,” Kavita explains.

Honing Skills and Career Growth

Securing the job is one thing. In cybersecurity, it can take some time to feel comfortable—especially with the slew of acronyms and technical jargon. For software engineer Brianna Epstien, having support right away helped her get settled. “My team is super friendly and helpful, answering all the questions I have no matter how silly I might feel they are,” she says. “It's really great getting so much guidance and mentoring as a new grad.”

As one of the more tenured engineers on her team, Yvonne is now able to share her expertise. “We're a very open, collaborative team,” she explains. “Regardless of what functional area you work on, you can reach out to anyone else with a question and be confident that they'll give you a thoughtful, thorough answer.”

For many, it’s important to know that the work is meaningful. “I really like being able to have my code be useful and impactful right out of the bat,” Meg says. “ExtraHop employees are passionate about their work and are eager to help their team out!”

“My favorite part is working on the latest vulnerabilities,” Kavita explains. “We work on securing our customers and saving their network from bad actors.”

Striking A Balance

When you enjoy what you do, the days feel less monotonous. Younger generations have consistently stated that passion and flexibility are key factors in their job searches. “I appreciate how flexible we are with people moving between roles within the company,” Yvonne explains. “I started off on our Framework team, dabbled a bit in our UI code, then decided that the work scope of the Middleware team was a better fit for my current interests.”

Social outings can also bring teams closer together. For newer employees, it can be a great way to get to know your coworkers. “There are fun opportunities to meet others,” Brianna continues, “like office happy hours, or new hire group chats, as well as plenty of social Zoom calls, whether those are for your team to hang out or to eat lunch with the other new people.”

These passionate and talented employees are why ExtraHop was ranked as one of Built In’s 2022 Best Places to Work. This honor is not something we take for granted.

Finding the right career fit can feel challenging, but it’s not impossible. The job market continues to grow exponentially every year—especially in cybersecurity. Advanced threats are only becoming more advanced, which means we’ll need even more people to help us combat whatever the future may throw at us.

Each year, CRN releases their Women of the Channel, a list that honors exceptional women for their strategic vision, thought leadership, and channel advocacy that impacts growth and innovation. Extrahop is proud to have five employees represented (two recently joined the team from a previous group) on the 2022 CRN Women of the Channel list.

Let’s meet the honorees:

Heidi Hills, National Channel Sales Manager

“Being included in an elite list of women who are influencing the technologies of tomorrow is humbling. I aspire to be like these women in so many ways yet to be included was such an honor. Leigh and Sandra have given me such strong, effective role models to look toward and I hope that I can continue their legacy of success.”

Sandra Hilt, Channel Sales Director, EMEA

“I feel proud to get this award again. Being able to represent and support women in the channel, especially in EMEA, is an honour I don't take lightly. The channel is a lively place to work and I look forward to fostering more relationships with other women in the channel.”

Leigh Malizia-Carlson, Senior National Partner Manager

“It’s exciting and empowering to work for a company with such a strong contingency of trailblazing women in the channel. I am humbled and honored to be recognized by CRN alongside so many influential women in our industry and I hope this list serves as a welcome wagon for others looking to get into the technology space.”

Kelly Smith, Area Vice President, TOLA, Rockies/Plains

“Thank you to CRN for encouraging and recognizing female leaders with unique vision, strengths, and achievements spanning different areas of the channel. Companies and their clients thrive when everyone works together with a common goal of helping each other to be more successful and I am honored to be recognized alongside so many incredible women who are making a difference!”

Katy Lietzau, Senior Channel Sales Manager

“I'm thrilled the channel has become a welcoming place for women who want to focus on using technology to solve today's problems. Thank you to CRN for the honor!”

In addition to recognizing these outstanding women, CRN also recently honored the ExtraHop Partner Program with a Five-Star rating. This incredible achievement was spearheaded by Channel Programs and Operations Manager, Dhriti Kanwar. She powers the program designed to provide our partners with training, systems, and assets.

At ExtraHop, we celebrate and empower the women in our company and reaffirm our commitment to the advancement of women in tech. It’s a high honor to have such inspiring talent and we salute their much-deserved recognition. Get to know this year’s honorees in more detail by browsing the entire list of 1,400 women on CRN’s 2022 Women of the Channel Awards page.

International Women’s Day is March 8. It’s a global celebration of the social, economic, cultural, and political achievements of women. It’s also a time to raise awareness about women’s equality, fight for accelerated gender parity, and to focus on channeling philanthropic support to organizations that improve equity for women and girls. Each year has a unique theme, and this year’s campaign is #BreakTheBias.

Unconscious bias is a challenging issue, mainly because it’s just that—unconscious. We may not even realize the cause for deciding on one thing over another is deeply rooted in what we’ve been taught. Unfortunately, simply knowing there’s an issue with bias isn’t going to change how we approach decisions. The best plans require action.

Starting the Conversation

This year, Extrahop’s employee resource group (ERG), Women@ExtraHop, held a fireside chat, moderated by Celine Rosak, brand marketing manager and featuring guest Victoria Budson, global head of diversity, equity and inclusion at Bain Capital.

Over the course of her storied career, Victoria has made a strong impact on gender equality. Before she joined Bain Capital, Victoria spent 25 years at Harvard Kennedy School of Government where she was co-founder and executive director of the Women and Public Policy Program. She also testified before the U.S. House of Representatives Committee on Financial Services Subcommittee on Diversity and Inclusion, with a focus on key diversity strategies for organizational performance.

Victoria’s expertise in diversity and inclusion has been sought by many multinational corporations, the World Economic Forum, the U.S. Department of Labor, and many more. Most recently, Victoria was honored by the United Nations as a member of Generation Equality for her global role in furthering gender equity.

Victoria has now set her focus on the private sector. Commenting on the opportunity to improve diversity, equity, and inclusion across Bain Capital and its portfolio of companies, Victoria says “Here at Bain Capital, we are committed to furthering DEI at the firm and within our community of portfolio companies. We are excited about this aspect of our partnership and the actions and impact we are collectively making today and catalyzing for tomorrow.”

The Fight Against Discrimination

During their conversation, Celine and Victoria discussed a variety of topics, starting with non-promotable work—work that needs to be done in service of the company, but isn’t considered when an employer is looking at promoting an employee.

In a recent report by LeanIn.org and McKinsey & Company, the employees who find the time to complete these necessary tasks are disproportionately women. Many choose to take on these duties in order to be seen as a “team player.” Issues like this lead many women to feel burnt out at work, and as the report states, almost 40% have considered downshifting their careers or leaving the workforce altogether.

When it comes to promotions, studies have shown that while women are making strides toward equality, the glass ceiling phenomenon still exists. McKinsey & Company also calls it the broken rung—for every 100 men promoted to a managerial position, only 86 women receive the same treatment. This imbalance creates a ripple effect, leading to fewer women in management and less mobility upward at each step. The phenomenon is even more compounded for women of color.

“Many organizations are committed to creating and accelerating pathways for women’s advancement. Often, leaders lack the tools and familiarity with best in class approaches to hiring, retention, and promotion as well as the importance of mentorship and sponsorship,” noted Victoria. She elaborated, “Oftentimes, when companies set specific and transparent performance measures for all employees they remove barriers to women’s advancement. When metrics are built out and made transparent across teams, equity increases.”

Bridging the Gap

The gender wage gap also persists. According to a recent study from the National Partnership for Women & Families, women of color in the U.S. still experience the most severe salary discrepancies. Across all racial and ethnic groups, women are typically paid 83 cents for every dollar paid to men. If this gap were eliminated, women in America have enough to cover, on average:

• The full cost of a two-year college

• 13 months of additional childcare

• Seven months of premiums for employer-based health insurance

Speaking of childcare, the pandemic has made being a working professional and a mother even more challenging. After giving birth, many moms struggle with the transition between taking leave and returning to work. As noted above, bridging the pay gap would be able to assist many working moms.

There’s No Place for Complacency

The fight for equality may seem daunting—especially with the latest statistics—but it’s not impossible. Keeping the conversation alive is the first step. Companies can advance diversity and inclusion by creating a culture that fully embraces differences by creating an environment where people from a range of backgrounds feel comfortable bringing their unique perspectives, ideas, and experiences to their team.

At ExtraHop, we celebrate International Women’s Day. It’s an opportunity to empower the women in our company and to reaffirm our commitment to the advancement of women in tech. If you want to learn more about our commitment to diversity, read the inspiring story of why our senior director of IT operations, Bri Hatch, shaved his colorful locks to raise awareness—and nearly $30 thousand dollars!—for a more inclusive tech community.

Ransomware has risen to the top of many organization’s lists of concerns. These attacks have increased the need for security operations to reduce the time it takes to detect and mitigate threats and restore connectivity. In addition, financial pressures as the world comes out of the pandemic are putting a premium on processes and tools that can quickly show positive return on investment without high staffing requirements.

An effective and efficient way of achieving both objectives is for Network Operations Centers (NOC) and Security Operations Centers (SOC) to use common tools that support insight into security-relevant changes and anomalies as well as performance issues.

Lee Chieffalo is the technical director of cybersecurity operations at Viasat, a large ISP and services company that needs to protect its own network and customer systems from advanced attacks. He explained how he helped build the company’s commercial security capabilities and merged with the government side of their business to create a high-level SOC. “My role is to go out and understand the existing and new technology and find the best ways to augment and implement that technology to increase our staff’s effectiveness, efficiency, and accuracy.”

In a recent WhatWorks webcast, SANS Director John Pescatore interviewed Chieffalo about his experience with the business justification and deployment of Extrahop Reveal(x) to increase visibility into network traffic. “ExtraHop allowed us to get complete visibility of the ground truth of pretty much every frame that’s written to the wire on the network. That key capability is the enabler of our other security capabilities,” says Chieffalo.

Both Viasat’s NOC and SOC teams use Reveal(x) and discovered some key findings:

• The NOC team is able to do more direct application troubleshooting. Reveal(x) works with their DNS and DHCP servers to show how they perform frame by frame, from the client’s request to Viasat’s reponse.

• Their SOC team gets so many line events each day—upwards of five billion!—that it’s near impossible to triage everything directly. Reveal(x) helps them sift through the noise to determine which events are worthy of investigation. “We generate a risk calculus based on that behavior, or that attack pattern or traffic pattern, and then send that into our Security Information and Event Management (SIEM) server to be combined with other data sources to get an aggregate level of risk. If that aggregate level of risk is higher than that client’s risk acceptance, then we do something about it,” says Chieffalo.

• Reveal(x) has exposed malicious threats like WannaCry, Petya, NotPetya, and others. Viasat can see attacks targeting their customers and are able to stop them before they get out of control.

To learn more, download the SANS WhatWorks analyst report or watch the on-demand webinar.

It’s been a banner year for ransomware. Several high-profile attacks have rocketed this threat to the top of the Biden administration’s agenda. They’re bringing the full weight of U.S. policy to bear on cybersecurity and this recent scourge of ransomware, which has preyed on businesses who keep the country running.

A recent MeriTalk white paper, Colonial Pipeline Hack Rockets Ransomware to the Top of the U.S. Security Agenda, explored how the White House is applying pressure on nation-state adversaries and rallying overseas allies. The private sector also needs to get off the sidelines, especially those in critical infrastructure. Legal obligations to disclose attacks to Federal authorities appear to be coming in an effort to create more transparency.

Precedence and Legislative Response

The Federal push for better security is unprecedented and shows that cybersecurity is completing the leap from a technical problem to a national priority. Over on Capitol Hill, lawmakers are cranking up similar efforts. Legislation in the works would back up the Biden administration’s strategy and draw business into a more collective defense structure.

The Biden White House is taking the most visibly assertive stance to improve cybersecurity of any presidential administration in history. Driving the urgency is a series of rapid-fire attacks that began before the administration took office and continued to spread through its early days. Suspicion that these attacks originated on foreign soil adds significant fuel to the fire for action.

Almost 80% of critical infrastructure is privately owned. Outside of highly regulated sectors, like the power grid, Congress has been reluctant to impose binding requirements to achieve specific levels of security or support collective government cyber efforts. These recent attacks have changed the conversation.

Senator Mark Warner, D-Va., predicted that legislation will soon emerge to mandate private sector organizations report cyber incidents to Federal authorities, and expects the bill to have strong bipartisan backing. The bill’s aim would be to improve the government’s awareness of cyberattacks with ransomware demands and the ability of the Feds to take action against perpetrators.

Experts Discuss Company Strategy

Officials from leading cybersecurity providers agreed that Federal policy and legislative efforts to improve security and curb ransomware are pointed in the right direction. However, making a dent in ransomware will require targeted organizations to commit to technology improvements that make them less vulnerable.

Mark Bowling, Vice President of Security Response Services at ExtraHop, charted the growth in ransomware attack sophistication over the past five years—from the days when many malware-based attacks compromised single servers or workstations—through the wave of WannaCry and NotPetya attacks that self-propagated through networks “to achieve massive reach and inflict maximum damage.”

Bowling also shared the steps critical infrastructure companies need to take to decrease their exposure. First, they must develop a risk management strategy with executive stakeholder support. Companies should develop their most appropriate technical cybersecurity framework, “irrespective of your regulatory compliance framework—regulatory compliance is not equal to effective cybersecurity.”

Betting on the Future

Significant change is always an uphill task, and even more so with very slim margins in Congress and political divisions. But what sets apart the issues of cybersecurity and ransomware are growing public awareness and concern that demands a government response for improving security.

There is plenty of room to debate the details of how to get there, but few seem to doubt the value of the destination. To learn more about the congressional response to ransomware, and how it will affect businesses, read the white paper.

Anyone who has been following the news knows that sophisticated cyber attacks are on the rise from both lesser-known criminals and high-profile nation states. These threats are also targeting a broad spectrum of industries and causing widespread implications. The fact is that advanced persistent threats (APTs), supply chain attacks, and zeros days not only work well, they work well together.

In a recent white paper, APTs, Zero Days, and Supply Chain Attacks: Know the Difference and Prepare Accordingly, Deb Radcliff explored three common manifestations cybercriminals use that can go undetected. But while these threats are advanced, they’re not unstoppable. Once you understand how they function, you can protect your organization from compromise.

Defining an Advanced Attack

While the common catch-all term for these sophisticated attacks is advanced threats, it can mean a number of different things. Each has its own purpose and characteristics but the overall goal remains the same: get into the network, find something of value, and use it for gain.

When it comes to APTs, attackers gain entry—using tactics like exploiting vulnerabilities, implementing social engineering, and deploying malware—then gather intelligence on the layout of the network. These threats can remain undetected for days, weeks, or even months, as indicated by the SolarWinds SUNBURST attack. The information attackers find can also allow them to target their victim more than once.

A zero day is a previously unknown vulnerability in a developer’s software or hardware. If a threat actor first discovers the issue, they exploit the vulnerability before it’s made public and gets patched. Zero days can grow in severity the longer they remain unnoticed and become public knowledge without any advance warning. Recently, Microsoft Exchange servers suffered such an attack, with serious implications for organizations affected.

Supply chain attacks often use APT methods and zero day exploits to use the software supply chain, but these attacks go further by creating their own backdoors within trusted software. The tactic can give them a foothold in many downstream organizations. Unfortunately, these kinds of attacks are on the rise and are increasingly making headlines, as in the case of the SUNBURST and REvil attacks.

Common Attack Cooperation

Adversaries may use any and all tactics they have at their disposal to gain an edge, which means that each of these advanced attacks can work independently or together as part of a larger attack chain.

Not all advanced attacks include zero days, but nearly all zero-day attacks are considered advanced because they require organizations to react quickly and patch the vulnerable software. Not all supply chain attacks deploy zero days, but they can and frequently do—to great effect.

Advanced attacks also abuse trust in every stage of the process, from breaking in to exfiltrating valuable data. The goal of network defenses is to stop these attacks as early as possible in the cyber kill chain, and preferably before any of their schemes succeed. Unfortunately, the more sophisticated attacks can be extremely difficult to detect.

Taking Back the Advantage

To battle a sneaky opponent, you need to be even sneakier. Some sophisticated attacks can evade or disable endpoint-based security and remain hidden, while others disable logs and can even go as far as to erase them. Security teams need complete visibility across both physical and cloud environments, while remaining invisible to intruders.

As we learn more about advanced attacks, it’s clear that endpoint- and log-based security alone aren’t enough to stop threats. Layered security that oversees your network, cloud, and endpoint activity is the best way to cover all your bases. To learn more about how network detection and response (NDR) can detect and expose advanced threats before they can do real damage, read the white paper.

Securing the perimeter alone worked well in the 1990s. Unfortunately, today’s IT teams need more robust security solutions to keep up with advanced threats and increasingly complex environments—yet many organizations are finding that their security tools aren’t holding up.

As a result, many CISOs are now re-evaluating their toolsets. A recent ESG Showcase, NG-IDS, NDR and ExtraHop, explored how intrusion detection systems (IDS) no longer rise to the challenge and why organizations should look to next-generation tools such as network detection and response (NDR).

Rising Challenges Over Just Two Years

When IDS entered the market over 20 years ago, the landscape of cybersecurity was much smaller. All you’d need was a sturdy network perimeter and the ability to inspect traffic for exploits that targeted vulnerable software. But according to ESG research, many organizations believe security has become even more difficult in the past two years due to:

• An increasingly complex network

• A more dangerous threat landscape

• An ever-growing attack surface

• A global cybersecurity skills shortage

With these growing concerns, CISOs are discovering that they can’t rely on legacy strategies anymore and are looking for ways to improve their overall efficacy, integration, and dwell time.

IDS Only Goes So Far

While IDS was designed to detect and secure the network perimeter from attacks—like port scanning, SQL injections, and buffer overflows—the evolution of the adversary has exposed the limits of IDS. This one-size-fits-all technology misses the mark due to:

• A narrow view of threat detection efficacy

• An inability to cover east-west traffic

• A lack of support for network security hygiene

• An need for high operational overhead

• The potential for numerous false positives

As attackers have become more strategic and malicious, organizations need to pivot to a comprehensive defense solution. IDS is still useful, but it’s effectiveness is growing increasingly limited.

How NG-IDS Modernizes Network Security

Next-generation intrusion detection systems (NG-IDS) improve on legacy technologies by harnessing the benefits of network detection and response (NDR). With NDR, you can monitor the attacker’s land-and-pivot approach to prevent threats before they cause significant damage. Additional benefits include:

• Better security efficacy with cloud-scale machine learning (ML) behavioral analysis

• Rules-based critical common vulnerabilities and exposures (CVE) exploit detection

• Added visibility into encrypted and east-west traffic

• Extended detection across the full attack life cycle

• Optimized workflows for time-strapped analysts

• Integrated detection, investigation, and response into one tool

CISOs and security teams can no longer support operationally intensive technologies like IDS. They need integrated solutions like NG-IDS as part of a broader operation. To learn more about the ESG evaluation of ExtraHop Reveal(x) network detection and response as an NG-IDS solution, and how it can take your network security to the next level, read the ESG Showcase Report.

After what we all had experienced last year, it’s no surprise that Zero Trust interest and initiatives are on the rise. With COVID-19 came the rapid shift to working from home, and with unknown devices suddenly connecting to the network, phishing campaigns rose, ransomware attacks increased, and other advanced threats emerged—like the SUNBURST supply chain attack and the recent Colonial Pipeline shutdown.

This dangerous and persistent activity has served as a wake up call for many people—including the United States government—which has many security teams looking for a better way to secure their environments. The Zero Trust model has come to the forefront as one potential answer and is getting increasing attention.

Zero Trust isn’t something that you just turn on overnight—it’s a strategy to apply broadly across environments. Sound intimidating? Don’t panic. You already have a powerful tool to help you, if you know how to use it: network data.

Why Zero Trust?

As John Kindervag, the creator of Zero Trust explains, trust cannot be determined solely based on a user or their device’s location within the network. Just because we trusted something yesterday doesn’t mean we should trust it today. This truth breaks down the efficacy of our traditional defense-in-depth cybersecurity frameworks—static rules that apply trust to broad categories no longer make sense. We need to think about how we can enable more secure access, especially as our reliance on third parties (contractors, third-party software, and various partners) increases.

What is Zero Trust? A Zero Trust approach determines trust dynamically and regardless of where the users are located. Access privileges are not just granted once the user and device identities are authenticated, but instead are continuously verified. Authorization to applications and resources is granular, lasting only for specific transactions on an as-needed basis. No asset or network segment is implicitly trusted.

5 Ways Network Data Can Help

#1 Visibility: Core to Cloud to a Remote Workforce

The move to a remote workforce means a growing list of devices. How can you tell the difference between unmanaged, IoT, uninstrumented, and rogue devices? This problem becomes even more challenging when advanced threats are masking their activity and bypassing traditional defenses.

Even with so many solutions available, cloud perimeters can also be challenging to monitor and protect. As organizations grow, both on site and especially in remote environments, their cloud workload expands, which can leave gaps in an already strained infrastructure. Although solutions like endpoint detection and response (EDR) are necessary and good, they’re not really suited to a growing cloud environment or devices connecting from multiple locations.

To implement dynamic rules for when devices can access specific resources, you need a clear picture of every device and cloud workload. Network traffic can help identify and profile those devices, providing a foundation for implementing Zero Trust architecture. Everything touches the network, and that makes it the natural source of ground truth.

#2 Detect Over Prevention

The transition from a prevent mindset to one of detection and response parallels the ideas of Zero Trust. Machine-learning powered solutions will detect sketchy behavior regardless of whether it’s a so-called trusted user account doing it. Many of the activities represented in the MITRE ATT&CK framework—including command & control, lateral movement, and data exfiltration—can stop even advanced attacks that have evaded preventative tools.

Common tools designed to track and log data, like a security information and event management (SIEM) system, are capable of detecting malicious behavior, but they have a few critical blind spots and, importantly, can be disabled or circumvented—like they were in the SUNBURST attack.

A network-based solution can act as a covert onlooker. It can’t be seen or disabled by intruders and will continuously observe their behavior, even if they’re using valid credentials or seemingly innocuous or difficult-to-log protocols.

#3 Reduce Friction and Eliminate Silos

The division of responsibilities and resources across NetOps, SecOps, and IT Ops teams can create unnecessary friction and barriers. Zero Trust demands a cohesive strategy and shared information across teams.

One thing that these silos forget is that they share a common bond—the use of network data. If you build your security strategy using network data as the foundation, you enable a coordinated effort across teams—and across the entire hybrid environment, from cloud workloads to the data center, remote sites, and IoT deployments.

With streamlined collaboration and a single source of truth, your plan to implement zero trust can leap a whole series of roadblocks.

#4 Enable Zero Trust in the Cloud

How does Zero Trust work in the cloud? When you’re using network data, the answer is: the same as it does everywhere else.

Okay, that’s an oversimplified answer, but the point is that a good network security solution is well-suited to adapt to cloud environments. Comprehensive visibility without needing an agent in every workload? Check. Behavior-based detections that catch advanced attacks? Check. Better cross-team collaboration? Check!

#5 ExtraHop Reveal(x) Brings Everything Together

As glorious and all-seeing as network data is, it’s also a firehose of information. Network detection and response (NDR) solutions use machine learning to turn data into actionable insight. Reveal(x) helps you act on that insight with streamlined workflows and helpful visualization tools.

It can help you plan, implement, operate, and secure a Zero Trust architecture by helping you:

• Know everything that’s on your network so you can implement Zero Trust policies

• Identify where Zero Trust isn’t being followed

• Detect malicious behavior regardless of what’s doing it

Dig into network insights in Reveal(x) on your own, online, in the full product (running on example data).

As businesses move to the cloud and offer employees remote access to their network, it creates gaps in security and adds additional strain on NetOps and SecOps teams. Fragmented tools and environments make every security and troubleshooting effort consume more time and energy than these teams have to spare. To top it off, the

The SolarWinds SUNBURST attack exposed major gaps in security.

In our recent eBook, Why the Time is Right for Network and Security Collaboration, we explored how current circumstances have introduced new challenges to IT OPs, and why data sharing and collaboration can help both security and operations teams achieve their key goals more effectively in ways that create a competitive advantage for the business as a whole.

Remote Work and Cloud Migration Impact Security

The pandemic accelerated the move to remote work and forced previously centralized businesses to rapidly adopt a distributed workforce model, which contributed to decentralizing networks. As more employees started using personal devices and VPNs for business purposes, visibility decreased, giving stealthy attackers an ever-growing opportunity inside the system.

This new reality—combined with the already rapid migration to the cloud—exposed the problems of siloed IT and security teams. The speed of adoption had unintended consequences and unforeseen costs. And when these processes are rushed, it creates further stress and challenges to keeping your network safe.

Expanding Attack Surfaces Favor Advanced Threats

In the early years, network operations and security needs could be handled by a single IT operations team. But as organizations grew in both size and complexity, they began to split the workloads into specialized NetOps, SecOp, and now CloudOps teams. Siloing operations allowed inefficiencies to flourish and encouraged a lack of communication.

The success of NetSecOps depends on complete mutual understanding and accountability. If each team can speak the same language and use the same tools and formats, it becomes increasingly easier to identify and respond to incidents. Since everything—whether that’s attack behavior or problematic network activity—must cross the network, this data provides the perfect connective tissue for collaboration.

Accelerate Incident Response and Troubleshooting

When tools and teams are siloed, response times suffer. If the security operations or incident response team has to call or email the network or IT Ops team to get packet captures for an investigation, it can add hours or days to the process. Attackers use that time to move laterally, establish persistence, and ultimately exfiltrate data, causing more damage.

Security teams have had difficulty hiring new talent for years. Demand simply outpaces supply. But if your network operations team is using the same tools and workflows to troubleshoot performance issues, you've got a built-in backup plan. Often, the skills and tools required to diagnose network and app performance challenges are highly relevant to security. Training from within is a great way to beat the security skills shortage, but it only works if your teams are already on the same page, and using the same tools and data sources.

Furthermore, if the business is paying for more than one packet capture tool to meet the needs of security operations and network operations tools, there's a clear opportunity to consolidate.

Collaboration and Network Data Can Close Gaps

NetSecOps benefits from sharing data sources, increased visibility, and improved workflows. Using network data can also provide the resources to collaborate more effectively across infrastructure, network management and monitoring, and incident response. When you use network data as the primary source for fueling security and IT operations, you’re able to:

• Accelerate incident response and reduce attack dwell time

• Manage and monitor cloud applications to catch misconfigurations and assure secure, performant deployments across environments

• Create real business change that feeds future innovation

Remote work and cloud adoption is here to stay, and the need to protect an ever-expanding network demands collaboration between NetOps and SecOps teams. To learn more about how ExtraHop Reveal(x) network detection and response (NDR) can take your security coverage to the next level, read our eBook.

IDC recently released it’s analysis on the rapidly growing network intelligence and threat analytics (NITA) market. In this inaugural report, IDC’s Research Director for Security Products, Chris Kissel examines the market and the importance of network data for security.

“Network intelligence extracts metadata from packets and applies insights about the packet based on user behaviors (UBA) and network events and often cross-correlate with threat intelligence or attack simulation to find possible adversaries.”

“NITA roughly tracks to a more common industry acronym: network detection and response (NDR),” adds Kissel. The report provides insights for the future of network detection and response (NDR)..

ExtraHop was not only named as a top-three NITA vendor, but was named as the “Vendor Who Shaped the Year”—which according to Kissel is attributed to “unique capabilities and first-mover cloud advances.”

Below are the top takeaways for organizations to consider in their network detection and response strategies. The full report can be downloaded here or to hear further insights listen to the market discussion in the accompanying webcast featuring Chris Kissel.

The NITA Market Is Growing Fast

The NITA market (up 18.9% in 2019) is growing rapidly—much faster than AIRO products (up just 5.7%) because these tools:

• Are adaptable in the face of remote workforces and changing infrastructures

• Compliment other tools

• Offer versatility and faster workflows

• Will detect threats missed by signatures

• Make it easier to investigate advanced threats

“Network intelligence and threat analytics (NITA) is a technology sector within the cybersecurity AIRO product group within the IDC Security and Trust set of services. The acronym AIRO (analytics, intelligence, response, and orchestration) establishes the foundation for the types of technologies and platforms that are mapped within the service.”

The webcast analyzes the report and provides insight into why the NITA market is growing rapidly. In particular, the webcast discusses how signature-based approaches will miss some threats, especially sophisticated attacks like SUNBURST, making it critical to use network telemetry to understand behavior. As Kissel put it, “If you’re still thinking about signatures as the only way that you can detect an adversary, I think you’ve got real problems.”

How the Network Is Used to Unmask the Adversary

The NITA report is IDC’s first examination of the detection and response market with this framing. Kissel has included a variety of network solutions he believes are important to consider in your security tooling strategy, including NDR, Deception, PCAP and NPM, and Emulation.

In the webcast, Kissel discusses the importance of the network in stopping advanced threats. He stressed that a strong perimeter is important, but inevitably threats will get inside. Because advanced threat behavior is visible across the network, NITA solutions have a unique ability to connect the dots in a way other solutions can’t.

As the report explains, “...NITA platforms assume an analytical view of the network (i.e., a bird's eye view). NITA platforms can monitor for configuration drift and look for indicators of compromise (IoCs) from sessions, telemetry coming from IT and cybersecurity tools, or artifacts coming from the metadata of the files themselves.”

Vendor Who Shaped the Year: ExtraHop

The report cites several reasons for choosing ExtraHop as the Vendor Who Shaped the Year, but they start by saying that “ExtraHop comes to mind because its platforms were fully qualified when Microsoft Azure announced a beta version of VTAP and when AWS made its traffic mirroring capability generally available (GA).”

Over the last three years, ExtraHop has worked with the major cloud players to perform out-of-band analysis on network traffic across cloud scenarios:

• In October 2018, Microsoft Azure announced a beta trial for its VTAP enabling mirroring of virtual machine traffic for out-of-band monitoring.

• In June 2019, Amazon Virtual Private Cloud (Amazon VPC) capabilities became generally available in all public AWS regions.

• In December 2019, Google announced packet mirroring capabilities for Google Cloud Platform (GCP) and later on became generally available in March 2020.

The report notes that “ExtraHop was an originating, platform-qualified vendor and strategic business partner at the time of all three announcements.”

Further, ExtraHop Reveal(x) provides central management even if you’re securing cloud environments across multiple cloud providers. That allows you to monitor, secure, and threat hunt across your entire footprint without having to deal with disjointed data sets.

We’re excited to be a top-3 vendor in IDC’s NITA market classification. However, our customers would tell you that, with additional capabilities such as network performance monitoring and out-of-band decryption, Reveal(x) brings more to the table than IDC’s definition of NITA. And with Reveal(x) 360, our SaaS-based solution for unified security across complex hybrid networks, ExtraHop is revolutionizing what’s possible in network-focused security.

Securing the Cloud with a Cloud-Native Approach

In reviewing ExtraHop, IDC paid close attention to our cloud-scale machine learning to provide peer group analysis and identify device or asset behaviors that indicate network privilege escalation and ransomware. IDC also noted that Reveal(x) can provide continuous packet capture, record storage, and more.

The report noted that Reveal(x) provides:

1. Efficient workflows

2. Wider coverage in one tool across cloud, multicloud, and on-premises environments

3. Fast and effective forensics

4. Threat detection and response, including sophisticated advanced threats

5. Mapping of detections to the MITRE ATT&CK framework

6. Integration with other solutions in the SOC toolset

Given the last year’s major shift to remote work and the acceleration of cloud adoption, complete cloud coverage is of particular importance. As Kissel put it in the webcast, “It’s not only contemporary, it’s necessary.”