ExtraHop – Optimizing Your Splunk Enterprise Security 21. June 2021 Take your Splunk Enterprise Security Information and Event Management (SIEM) threat detection to the next level. Get more from your logs by adding rich context and previously inaccessible information from wire data streaming analytics provided by ExtraHop. SIEM Needs Wire Data, But Not All Wire Data Solutions Are Created Equal. Wire data enriches your Splunk Enterprise Security with deeper, more comprehensive insight—but how you capture and forward wire data to Splunk determines whether it adds value or piles on stress. ExtraHop ensures that only high-quality, actionable data gets indexed into Splunk, and that no data is lost. It also minimizes the delay before data is searchable without complicating your Splunk environment and maintenance requirements. With ExtraHop, you can: Stream wire data to Splunk Enterprise Security in a matter of minutes Gain rich visibility into black boxes like BYOD and IoT devices Access communication volume metrics and baselines that'll warn you of potential threats early on ExtraHop lets you see and parse every packet first, then control precisely what gets sent to Splunk, with fully customizable triggers that also let you automate simultaneous actions—such as firing an alert or immediately blocking a firewall port via an external network access control platform. Use Cases DNS Exfiltration Use ExtraHop to detect and capture the specific DNS packets that exhibit possible tunnelling behaviour, then forward them to Splunk Enterprise Security for further analysis. Shadow IT Use ExtraHop to capture data from unreported public SaaS or on-premises applications and forward to Splunk Enterprise Security for analysis. Incident Response & Forensics Forward a minimum required subset of data to Splunk Enterprise Security for analysis while preserving complete records on ExtraHop for incident response and forensics if needed. Automated Security Investigations Use ExtraHop triggers to initiate security response (e. g. quarantining malware-infected devices via a workflow orchestration platform). SIEM Optimization Optimize Splunk Enterprise Security license and resource utilization by using ExtraHop to filter out low quality data in real time before it is sent to Splunk. How It Works ExtraHop requires no agents and integrates with Splunk Enterprise Security out of the box. Built for speed and scale, ExtraHop passively analyzes every packet that flows across your enterprise at a sustained 100 Gbps, decrypting, reassembling, filtering, and extracting actionable insights before streaming that information to Splunk. Extensive support for the most commonly used enterprise applications and protocols gives you maximum visibility and choice over what wire data you can send to Splunk Enterprise Security. Source: © 2021 ExtraHop, Inc. The Experts from NetDescribe are happy to help. Go 👉 directly to more get information about ExtraHop: NDR for Midsize Enterprises, NDR for a Secure Enterprise, ExtraHop Product Page, ExtraHop Reveal(x) Download the datasheet: ExtraHop-and-Splunk Don't forget to visit the NetDescribe Anniversary Page! (sorry only availabe in German). There is a monthly quiz with questions from our QUIZLYBÄR and in the rear view mirror of "NetDescribeHistory" you can read what else has happened in the past years. We are looking forward to your feedback. Please don't hesitate to contact our sales team for further information or an individual product demonstration firstname.lastname@example.org or call +49 89 215 4868-0. About NetDescribe GmbH NetDescribe GmbH is headquartered in Oberhaching in the south of Munich. Trusted Performance by NetDescribe stands for fail-safe business processes and cloud applications. The power of NetDescribe is tailor-made technology stacks instead of off-the-shelf technology. The holistic portfolio offers data analysis, solution concepts, development, implementation and support. As a trusted advisor to corporations and public institutions, NetDescribe delivers highly scalable solutions with state-of-the-art technologies for real-time dynamic and transparent monitoring. This provides customers with insights into security, cloud, IoT and industry 4.0 at all times. They can make agile decisions, secure internal and external compliance and conduct efficient risk management. Trusted Performance by NetDescribe.