Get More Support for Security Alerts with ExtraHop Reveal(x)
Once a potential threat is identified, Reveal(x) generates an alert and presents an explanation for its findings. This includes the devices and hosts involved, the IP addresses, the type of threat that is being launched and the severity of the alert. It explains why the threat is dangerous and what should be done to counteract it.
Reveal(x) will also offer to help with remediation, making it a great tool for less experienced security personnel.
Healthcare networks are necessarily complex behemoths so that providers can deliver high-quality patient care. A platform such as ExtraHop Reveal(x) can help to simplify some of that complexity, spotting threats and suspicious activities by their network traffic while exposing hidden behaviors that could be sheltering potential attackers.
SPECIFICATIONS
PRODUCT TYPE: Cloud-native network detection and responseDEPLOYMENT: Software as a ServiceTRAFFIC ANALYSIS SPEED: Up to 100GBs per secondENTERPRISE PROTOCOLS KNOWN: Over 70TRAFFIC DECRYPTION ABILITY: Can passively decrypt SSL and TLS 1.3MACHINE LEARNING ENGINE: Knows over 5,000 attack methods and patterns
What about Healthcare’s Encrypted Traffic?
The ExtraHop Reveal(x) platform is designed to monitor and protect east-west network traffic, covering devices and users operating within the security perimeter. In the past, all of that traffic has been unencrypted. However, with cyberthreats on the rise and many healthcare organizations moving to an assumed-breach mentality as the first step toward zero trust, east-west traffic is starting to get encrypted in some cases, especially for traffic interacting with critical assets.
This is happening quickly in healthcare because much of its east-west traffic contains HIPAA-protected patient data. However, if a network detection and response platform is not able to read encrypted packets, this offers attackers an avenue to hide their activities.
READ MORE: How is zero trust working in healthcare today?
ExtraHop Reveal(x) can passively decrypt SSL and even Transport Layer Security 1.3 encryption with perfect forward secrecy. And given the massive bandwidth that Reveal(x) can handle, this process does not seem to slow down real-time analysis by any measurable amount.
If suspicious activity is detected using encrypted packets, Reveal(x) can still flag that activity. Administrators then have the option to download the session keys so that the packets in question can be fully decrypted for forensic analysis.
Encryption is a growing trend in healthcare for protecting east-west network traffic. A platform that can passively decrypt those packets is necessary to maintain full visibility and protection. Thankfully, that is something that ExtraHop Reveal(x) does automatically and quickly along with its other critical traffic monitoring duties.
UP NEXT: What is a rapid maturity assessment and why is it useful in zero trust?
John Breeden II
https://healthtechmagazine.net/article/2024/02/review-supporting-healthcares-zero-trust-journey-uncovering-network-assets