Another networking provider is climbing into the security market.

ExtraHop Networks Inc., maker of an appliance-based analytics platform for monitoring networks, is rolling out version 7.0 today. It features what it calls “Live Activity Maps,” which are three-dimensional representations of interactions within networks. The feature can be used to spot anomalies that indicate a security breach and combined with machine learning-based workflows to trigger automated responses.

Maps help security teams to visually identify and investigate suspicious behavior, including network scans, unauthorized transfer of data outside a company and unusual file server access requests. “Threats tend to follow certain patterns, such as changing file names or extensions. We’re optimized to see these patterns because we work behind the firewall,” said Paul Sanford, head of product at ExtraHop.

Reports can also be used to answer audit and compliance questions via visual representations of device communications and dependencies, monitor encrypted traffic and share data and analyses between teams, the company said. Live Activity Maps can also be used for such tasks as mapping dependencies for cloud migrations, enabling the integration of information technology assets in a merger, server decommissioning and network segmentation.

The new release also extends Secure Sockets Layer decryption capabilities to support Perfect Forward Secrecy, an emerging standard for privacy and security encryption that changes keys as frequently as every message or phone call to limit the amount of data that can be intercepted if an encryption key is compromised.

Live Activity Maps present a 360-degree visualization that encompasses both real-time and historical views. Security teams can zoom in on incidents and anomalies by filtering or excluding devices, and drill down into the transaction records with one click, ExtraHop said. The platform can support up to a 40-gigabyte-per-second line rate to collect more than 430 terabytes of data in a day. Network metrics are served within 30 seconds of the data being received.

“We know two clients were talking and can see into the payload. We see all the methods and stored procedures and look at the messages and procedures in a SQL transaction payload, for example,” said Isaac Roybal, ExtraHope’s director of product marketing. ExtraHop can decode 50 protocols out-of-the-box and spot patterns that indicate common threats.

In addition, it can feed alerts into automated service management tools such as ServiceNow Inc.’s namesake platform and Cisco Systems Inc.’s Tetration. The company’s Open Data Stream processing engine can also pipe data to a wide variety of messaging and network analytics platforms.

Pricing wasn’t disclosed.

Image: Flickr CC