Cloud network detection and response platform provider ExtraHop Networks Inc. today announced new features that enable deeper forensic investigations of advanced threats.

ExtraHop, which was recently acquired by Bain Capital Private Equity and Crosspoint, sells threat detection and response tools that use hundreds of machine learning models deployed side-by-side to find threats lurking in enterprises’ cloud environments. It also integrates with third-party security systems such as firewalls, sharing the data it finds so companies can quickly respond to the threats they discover.

Those third-party systems can then automatically block hacking attempts, which reduces remediation time because no manual input is necessary.

Today’s updates are more focused on enabling deeper investigation of the threats ExtraHop discovers in order to help enterprises understand them better and respond more effectively.

The new Reveal(x) 360 Threat Briefings feature delivers a one-click incident report that makes it possible to retroactively investigate any critical vulnerabilities or exploits the platform has discovered. The reports are said to include more comprehensive information about the nature of the threat.

In addition, they provide recommendations for remediation actions the customer can take in the event they fall victim to high-profile attacks. Those include the REvil ransomware campaign that infiltrated hundreds of companies using software from Kaseya Ltd. last month.

Meanwhile, the new Reveal(x) 360 Ultra Sensors feature is designed to provide more scalable detection, response and forensic investigation capabilities for Amazon Web Services workloads, ExtraHop said. That’s necessary, it explains, because cybercriminals can quickly proliferate attacks via cloud infrastructure to attack hundreds of systems.

The company is also making forensic data available to AWS users with its new ExtraHop Packet Basics offering on the AWS Marketplace. ExtraHop Packet Basics is a free solution that provides teams with richer detail than what is already available to them in logs and data from security agents and firewalls, the company said.

ExtraHop co-founder and Chief Technology Officer Jesse Rothstein (pictured) said complete incident response involves gathering forensic evidence, sharing it across teams to establish root cause, and then putting together an actionable plan to totally eradicate that threat or vulnerability.

“The defense and forensics capabilities of our network detection and response solution gives incident responders a true tool for the full spectrum of response from hunting and investigations to remediation, not just another alert cannon,” he said.

Enterprise Strategy Group analyst Jon Oltsik said today’s sophisticated attackers use stealthy techniques to enter networks, land on vulnerable devices and then pivot to their desired target, and all the time they’re watching and waiting for an opportunity.

“These innovations by ExtraHop can provide incident response teams with streamlined workflow and investigative capabilities with forensics so they can better identify their overall threat exposure and reduce mean-time-to-respond,” he said.

ExtraHop said the new features are all available starting today.

Rothstein appeared on SiliconANGLE’s livestreaming studio theCUBE during AWS re:Invent 2019, where he discussed why visibility is becoming more important than ever for enterprises:

Photo: SiliconANGLE