Review: Supporting Healthcare’s Zero-Trust Journey by Uncovering Network Assets

9 months ago 61
ARTICLE AD

Skip to content Skip to footer

Newsletter

Sed ut perspiciatis unde.

Subscribe

The ExtraHop Reveal(x) Platform Offers Critical Monitoring

Instead of working with agents that would need to be installed on devices, ExtraHop Reveal(x) pulls in raw network traffic from a variety of potential sources, including network taps or port monitors. For Amazon Web Services or Microsoft Azure clouds, it can read all the data coming from a virtual traffic mirroring feed. It then analyzes that traffic — and can do so very quickly at up to 100 gigabytes per second.   

The platform then begins to classify every device operating on the network using its highly trained machine learning engine. In testing, it properly discovered everything from a Domain Name System server to a heart monitor. Reveal(x) comes pretrained so that it can quickly identify thousands of medical and Internet of Things devices. It can also learn about new or unique devices that may be operating within a healthcare network.

Once identified, devices are put into logical groups so that Reveal(x) can monitor traffic to determine what normal patterns flow within the network to compare against future outliers. It can also immediately identify malicious traffic associated with cryptomining or attack patterns.

The network discovery process is not a one-time event: Reveal(x) is always monitoring traffic, so every time a new device comes online, it will be identified the instant it starts to communicate. In this way, the platform can quickly identify and protect newly installed equipment; it can also reveal shadow IT or unauthorized devices before they can touch any other network assets.

Get More Support for Security Alerts with ExtraHop Reveal(x)

Once a potential threat is identified, Reveal(x) generates an alert and presents an explanation for its findings. This includes the devices and hosts involved, the IP addresses, the type of threat that is being launched and the severity of the alert. It explains why the threat is dangerous and what should be done to counteract it.

Reveal(x) will also offer to help with remediation, making it a great tool for less experienced security personnel.

Healthcare networks are necessarily complex behemoths so that providers can deliver high-quality patient care. A platform such as ExtraHop Reveal(x) can help to simplify some of that complexity, spotting threats and suspicious activities by their network traffic while exposing hidden behaviors that could be sheltering potential attackers.

SPECIFICATIONS

PRODUCT TYPE: Cloud-native network detection and response

DEPLOYMENT: Software as a Service

TRAFFIC ANALYSIS SPEED: Up to 100GBs per second

ENTERPRISE PROTOCOLS KNOWN: Over 70

TRAFFIC DECRYPTION ABILITY: Can passively decrypt SSL and TLS 1.3

MACHINE LEARNING ENGINE: Knows over 5,000 attack methods and patterns

Read Entire Article