ExtraHop automates detection and response workflows for customers with CrowdStrike Falcon Next-Gen SIEM

Network telemetry from ExtraHop RevealX helps SOC analysts reveal and stop threats faster.

Joint customers ingesting network telemetry from the ExtraHop RevealX platform in CrowdStrike Falcon Next-Gen SIEM can now orchestrate that data in Falcon Foundry, CrowdStrike’s low-code application development platform, to build custom detection and response workflows.

When ExtraHop RevealX detects abnormal network behaviors, Falcon Next-Gen SIEM ingests the alert, correlates it with EDR and other data and can use that intelligence within Foundry apps and Fusion workflows.

With streamlined and customized workflows, customers can benefit from:

• Rapid detection and investigation: Anomalous network detections are investigated through automated workflows, instantaneously.
• Reduced manual intervention: Automated responses for low-priority detections empower analysts to allocate more time to mission-critical tasks.
• Scalability: Customized workflows designed to scale with an organization ensures security processes remain effective with growth.

“The ExtraHop RevealX NDR platform gives enterprises unique visibility into security threats as they propagate through the network and reveals risks that may not be visible through other security tools,” said Kanaiya Vasani, Chief Product Officer, ExtraHop.

“The breadth and depth of telemetry ExtraHop gathers from the network when combined with other data sources such as EDR and the ability to build custom workflows to investigate a range of detections, helps customers accelerate response to security threats.”

Daniel Bernard, Chief Business Officer, CrowdStrike, said: “With access to CrowdStrike’s robust data and threat intelligence, Falcon Foundry enables users to establish creative solutions and workflows tailored to their organization’s unique needs.

“By adding network data from ExtraHop RevealX, a critical accelerant in understanding and closing security gaps, our partnership with ExtraHop elevates the speed in which joint customers respond to both endpoint and network threats.”