Jesse Rothstein, ExtraHop, sits down with John Furrier & Dave Vellante at AWS re:Invent 2018 in Las Vegas, NV.
#reInvent #ExtraHop #theCUBE
https://siliconangle.com/2018/12/21/machine-learning-network-analytics-could-be-toughest-security-cop-on-the-block-startupoftheweek/
Machine learning analytics could be toughest security on the block
What is breach-detection technology good for? Does a police report help if the thief is already out the back door with the sofa, TV and grandfather clock? Getting closer to real time analysis is essential to effectively put out fires before they seriously injure an organization. Cybersecurity officers need to not only detect, but also investigate and take action on threats immediately. The computing network is emerging as a plane on which they can see and deal with suspicious activity as it happens.
If companies want real-time, always-on security, the network level is the place to be, according to Jesse Rothstein (pictured), co-founder and chief technology officer of ExtraHop Networks Inc. “It’s as close to ground truth as you can get, it’s very hard to hide from, and you can never turn it off,” he said.
Security tools that examine packets of data in motion may be seen as a form of superficial network security. “If you’re only looking at the packets, you’re barely scratching the surface,” Rothstein stated.
Security analytics based on data flow offer very sparse reports, he added. “It’s like a phone bill. It tells you who’s talking to whom and how long they spoke, but there’s no notion of what was said in the conversation. In order to do really high-quality security analytics, you need to go much deeper,” Rothstein said.
Applying more sophisticated analytics to real-time network telemetry data results in immediate, actionable detection. “Network analytics has tremendous implications for security,” he added
Rothstein spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during AWS re:Invent in Las Vegas. They discussed the role of the network in real-time threat response and the great cloud-versus-on-premises security debate. (* Disclosure below.)
This week, theCUBE spotlights ExtraHop Networks in our Startup of the Week feature.
Splunk for network
Organizations have been investing in defense in depth for decades. This type of security shuts out attackers at the parameter and at end points. But it does not do a good job of alerting users to breaches happening in real time, according to Rothstein.
Are breaches terribly difficult to spot? Actually, there are not many different behaviors that signal that a breach is about to take place. Verizon Communications Inc.’s “2018 Data Breach Investigations Report” gives statistics on security breaches. According to the report, “there are only nine or so behaviors that account for 90 percent of all breeches … what they look like,” Rothstein said. “You look for reconnaissance; you look for lateral movement; you look for some form of exfiltration.”
ExtraHop monitors the network for activities like these with sophisticated behavioral models and analytics. “I often describe ExtraHop as Splunk for the network,” Rothstein stated.
Splunk Inc. is the highly successful software platform for searching, monitoring and analyzing machine-generated data. ExtraHop uses very different technology, but the idea is the same, according to Rothstein.
The company offers analytics products for IT operations and security. Its targeted cybersecurity offering, Reveal(x), leverages machine learning to analyze network security threats at a deep level. Its network behavioral analytics allow it to actually “detect suspicious behaviors and potential threats, bring them to your attention,” Rothstein added.
Reveal(x) connects to ExtraHop’s broader analytics platform, which gives users the ability to investigate threats on the fly. “You’re a click away from being able to investigate or disposition these detections and see, ‘Hey, is this something I really need to be concerned about?'” Rothstein stated.
Importantly, it doesn’t rely solely on statistical baselines, but is actually predictive.
“We’re actually building predictive models around how we expect end points and instances to behave, and then when they deviate from their model, that’s when we say, ‘Hey, there’s something strange going on,'” he said.
...
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: ExtraHop Networks Inc. sponsored this segment of theCUBE. Neither ExtraHop nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AWS re:Invent 2018 | Las Vegas. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For AWS re:Invent 2018 | Las Vegas
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for AWS re:Invent 2018 | Las Vegas.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AWS re:Invent 2018 | Las Vegas. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to AWS re:Invent 2018 | Las Vegas
Please sign in with LinkedIn to continue to AWS re:Invent 2018 | Las Vegas. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jesse Rothstein, ExtraHop | AWS re:Invent 2018
Jesse Rothstein, ExtraHop, sits down with John Furrier & Dave Vellante at AWS re:Invent 2018 in Las Vegas, NV.
#reInvent #ExtraHop #theCUBE
https://siliconangle.com/2018/12/21/machine-learning-network-analytics-could-be-toughest-security-cop-on-the-block-startupoftheweek/
Machine learning analytics could be toughest security on the block
What is breach-detection technology good for? Does a police report help if the thief is already out the back door with the sofa, TV and grandfather clock? Getting closer to real time analysis is essential to effectively put out fires before they seriously injure an organization. Cybersecurity officers need to not only detect, but also investigate and take action on threats immediately. The computing network is emerging as a plane on which they can see and deal with suspicious activity as it happens.
If companies want real-time, always-on security, the network level is the place to be, according to Jesse Rothstein (pictured), co-founder and chief technology officer of ExtraHop Networks Inc. “It’s as close to ground truth as you can get, it’s very hard to hide from, and you can never turn it off,” he said.
Security tools that examine packets of data in motion may be seen as a form of superficial network security. “If you’re only looking at the packets, you’re barely scratching the surface,” Rothstein stated.
Security analytics based on data flow offer very sparse reports, he added. “It’s like a phone bill. It tells you who’s talking to whom and how long they spoke, but there’s no notion of what was said in the conversation. In order to do really high-quality security analytics, you need to go much deeper,” Rothstein said.
Applying more sophisticated analytics to real-time network telemetry data results in immediate, actionable detection. “Network analytics has tremendous implications for security,” he added
Rothstein spoke with John Furrier (@furrier) and Dave Vellante (@dvellante), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during AWS re:Invent in Las Vegas. They discussed the role of the network in real-time threat response and the great cloud-versus-on-premises security debate. (* Disclosure below.)
This week, theCUBE spotlights ExtraHop Networks in our Startup of the Week feature.
Splunk for network
Organizations have been investing in defense in depth for decades. This type of security shuts out attackers at the parameter and at end points. But it does not do a good job of alerting users to breaches happening in real time, according to Rothstein.
Are breaches terribly difficult to spot? Actually, there are not many different behaviors that signal that a breach is about to take place. Verizon Communications Inc.’s “2018 Data Breach Investigations Report” gives statistics on security breaches. According to the report, “there are only nine or so behaviors that account for 90 percent of all breeches … what they look like,” Rothstein said. “You look for reconnaissance; you look for lateral movement; you look for some form of exfiltration.”
ExtraHop monitors the network for activities like these with sophisticated behavioral models and analytics. “I often describe ExtraHop as Splunk for the network,” Rothstein stated.
Splunk Inc. is the highly successful software platform for searching, monitoring and analyzing machine-generated data. ExtraHop uses very different technology, but the idea is the same, according to Rothstein.
The company offers analytics products for IT operations and security. Its targeted cybersecurity offering, Reveal(x), leverages machine learning to analyze network security threats at a deep level. Its network behavioral analytics allow it to actually “detect suspicious behaviors and potential threats, bring them to your attention,” Rothstein added.
Reveal(x) connects to ExtraHop’s broader analytics platform, which gives users the ability to investigate threats on the fly. “You’re a click away from being able to investigate or disposition these detections and see, ‘Hey, is this something I really need to be concerned about?'” Rothstein stated.
Importantly, it doesn’t rely solely on statistical baselines, but is actually predictive.
“We’re actually building predictive models around how we expect end points and instances to behave, and then when they deviate from their model, that’s when we say, ‘Hey, there’s something strange going on,'” he said.
...
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: ExtraHop Networks Inc. sponsored this segment of theCUBE. Neither ExtraHop nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
