ExtraHop Reveal(x)
Reveal(x) is a Cloud Cyber Security Platform, providing unparalleled Visibility, Anomaly & Threat Detection and Response. Compatible with major cloud providers, on-premise and private clouds. Reveal(x) comes with cloud-scale machine learning (ML) to detect threats and anomalous behaviours, provides 360-degree visibility of network traffic, fast investigation workflows and response automation.
Features
- Real-time stream processing: total application fluency and reassembly
- Automatic Asset Discovery and Full-Content Analysis
- Machine Learning Service: Real-time intelligence derived from threat telemetry
- Record Store: fully managed search capacity for incident investigation
- Continuous Packet Capture: deliver filtering to rapidly locate packets
- Line Rate Decryption: bulk decryption offering real-time analytics
- Integration with SOC ecosystems
- Fully Programmable Telemetry: customised telemetry via event-driven programmable interface
Benefits
- iSYSTEMS has the capability to design and implement this solution
- iSYSTEMS will offer a free of charge consultation
- iSYSTEMS will scope and size free of charge
- Network analytics for visibility across entire attack surface
- Leverages Cloud scalable resources to perform behavioural analytics and AI
- Provides 90 days minimum of record lookback for incident response
- Decrypts Active Directory protocols to detect encrypted attacks
- Gives visibility across IT estate in a single web-based UI
- Completely SaaS-based NDR with seamless deployment model
- Open API integrating threat telemetry with leading enterprise providers
Pricing
£2,000 a unit
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 7 3 0 4 5 0 1 6 7 5 2 4 5 1
Contact
iSYSTEMS Integration Ltd
Mick Cooper
Telephone: 07831 154 221
Email: mick.cooper@isystemsintegration.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- ExtraHop sensors passively monitor network traffic through a port mirror or a network tap and aggregate metrics from the switch infrastructure or cloud service provider. Sensors gather over 5,000 metrics without user configuration and offer a programmable interface through which users can easily define custom metrics. Users can deploy sensors in physical, virtual, or cloud-based environments to monitor on-premises and cloud workloads. Sensors would require data connection to the data feed and required inbound and outbound communication to the Cloud Services.
- System requirements
-
- On prem deployed sensors require datacentre rack space
- On prem deployed sensors require cooling and power
- On prem deployed sensors require data feed connections
- Information on specific requirements are detailed in the ExtraHop datasheets
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Platinum Support has the following initial response times 24x7x365:
Severity 1: Phone or Web 1hr, Email 4hr
Severity 2: Phone or Web 2hr, Email 4hr
Severity 3 & 4: Phone or Web 4hr, Email 12hr - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Platinum and Standard
Support cases may be managed by 3rd parties to the customer - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
ExtraHop provides detailed documentation on our deployments. Customers have access to a full set of training modules and materials including learnings on the specific deployment requirements for each sensor or platform component.
Details on the deployment are found at our documentation site https://docs.extrahop.com/current/deploy - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
No data is returned to the customer at time of contract termination.
Instructions are provided to our cloud providers for data deletion/destruction. Data is generally deleted within 24 hours. Access to data can be limited at the time of the deletion request.
Any data resident on the on prem sensor can be destroyed with a device reset using the data destruction policy based on NIST 800-88r1. The Process is described in our documentation. To perform a secure data wipe on the sensor appliance the web-based instructions can be found here - https://docs.extrahop.com/current/eh-rescue-media/#
Disc Data wipe pattern options can be selected at the time of reset:
1-pass Quick Fill with 0x00 - writes zeros to every sector of every disk on the appliance.
1-pass One Random Pass - writes random bits to every sector of every disk on the appliance.
3-pass DoD 5220.22-M - writes random bits to every sector of every disk on the appliance, then writes zeros to every sector of every disk on the appliance, and then writes ones to every sector of every disk on the appliance. Finally, a verification pass is performed. - End-of-contract process
-
No data is returned to the customer at time of contract termination. All data is destroyed.
Instructions are provided to our cloud providers for data deletion/destruction. Data is generally deleted within 24 hours. Access to data can be limited at the time of the deletion request.
Hardware sensors are cleared of all data.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Online web page via ExtraHop website giving high level service availability.
- Accessibility standards
- None or don’t know
- Description of accessibility
- Via web interface
- Accessibility testing
- Not known
- API
- Yes
- What users can and can't do using the API
- REST API is extensive and most day-to-day tasks can be enabled.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- No
Scaling
- Independence of resources
- ExtraHop Reveal(x) is a SaaS-delivered NDR Solution to enable scale and agility; ML algorithms are unconstrained by on-premise resources. Each customer is allocated a separate cloud services instance independent of other customers. Customers are responsible for the management of on-premise sensors which use real-time stream processing to extract L2-7 insight locally within each customer environment. Sensors are scalable (appliances are available in formats from 1 to 100 Gbps).
Analytics
- Service usage metrics
- Yes
- Metrics types
-
ExtraHop decodes more than 70 enterprise protocols with real-time fluency at the application layer achieving unprecedented visibility into all the conversations taking place within data centres and cloud environments. The ExtraHop platform extracts thousands of metrics across all supported protocols and presents them in out-of-the-box dashboards that provide an intuitive way to drill down to the transactional details of any given protocol metric. ExtraHop also enables you to create bespoke dashboards quickly with drag-and-drop functionality.
You can quickly and easily export charts and background data points to PDF, Excel, or CSV. - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- ExtraHop
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Other
- Other data at rest protection approach
- The only data sent to ExtraHop Cloud Services is metadata and does not contain payload information. For this reason data at rest is not encrypted.
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- All communication from customer managed sensors to ExtraHop Cloud Services is encrypted using current TLS protocol versions and strong ciphersuites.
- Data export formats
-
- CSV
- Other
- Other data export formats
- .xls
- Data import formats
-
- CSV
- Other
- Other data import formats
- .xls
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- ExtraHop's Reveal(x) 360 Cloud Control Plane (CCP) resilience and disaster recovery measures have been certified by the AWS Security Competency program for a Recovery Time Objective (RTO) of 24 hours and Recovery Point Objective (RPO) of 4 hours. The vast majority of the Machine Learning Storage is stored on AWS S3, which is replicated on multiple devices in a region and has a guarantee of 11 nines of durability. Google BigQuery stores copies of all CRS data in two different Google cloud zones, making it resilient to soft and hard failures.
- Approach to resilience
- As discussed above, resiliency is designed around distributed data stores and rapid instance reconstitution.
- Outage reporting
-
ExtraHop provides a services notification web page available to all users. Please see https://www.extrahop.com/support/status/
ExtraHop provides notification to customers as contractually required via email.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Other
- Other user authentication
- Authentication can be enabled via a customer provisioning users in an ExtraHop-managed instance of Cognito or more typically using SAML to integrate with the customer's SSO.
- Access restrictions in management interfaces and support channels
- RBAC enables different levels of access, ensuring that only appropriate staff may access administration controls.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Other
- Description of management access authentication
- Specific user accounts may be defined with administrator level privileges.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 24/09/2020
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- Not known
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- SOC2
- SOC3
- GDPR
- HIPAA
- US Privacy Shield
- CSA Star
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- The ExtraHop Deputy CISO reports to the board through the ExtraHop Chief Technology Officer. GDPR and privacy policies preclude providing the individuals' names here. Please see the ExtraHop SOC3 report for an organization chart that identifies these roles. Information on the ExtraHop Board of Directors can be found on our website https://www.extrahop.com/company/board/
- Information security policies and processes
- Please see the ExtraHop SOC reports for information on policies and processes related to Governance.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- ExtraHop has a robust change management system that requires testing, approval, and backout planning. The ExtraHop SOC 2 report attests to the existence of and compliance with this system.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
ExtraHop proactively monitors all of our systems with the ExtraHop Reveal(x) platform and cloud native tools. Any identified issue is triaged and corrective action planned for the current or next build cycle, depending on critically of the issue.
ExtraHop has integrated a Secure Development Lifecycle based on ISO 27001 throughout all of its products and services. ExtraHop performs regular network scans and compiles detailed reports on known and emerging vulnerabilities. ExtraHop undergoes regular penetration tests conducted by our internal security team as well as by independent third parties. We also perform security testing before each release. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
ExtraHop monitors all of our systems with the ExtraHop Reveal(x) platform and cloud native tools.
As described in our Security, Privacy, and Trust Overview document ExtraHop has implemented and maintains a Security Operations Framework that comprises an extensive set of policies and procedures. This framework is based on the NIST Cybersecurity Framework, undergoes annual SOC 2 and SOC 3 audits, and is applied to all ExtraHop products and services. Our SOC 3 report is attached. The ExtraHop SOC 2 Type II certification is evidence that these policies/processes are in place and verified at least annually. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Any identified issue is triaged and corrective action planned for the current or next build cycle, depending on critically of the issue.
All incidents are triaged and corrective action planned for the current or next build cycle, depending on critically of the issue.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
iSYSTEMS has grown rapidly over the past 12 months and has focused on building our team from the local area. Recruiting locally reduces the necessity for long commutes into the office.
We also offer flexible working, allowing employees to work from home, utilising Teams to maintain face to face contact. Working from home more often reduces our carbon footprint and the need to use public transport.
The iSYSTEMS office is almost completely paperless and we work with local suppliers as far as possible. - Covid-19 recovery
-
Covid-19 recovery
The COVID pandemic has changed the way we do things, iSYSTEMS has adapted our working practices to keep our employees healthy, safe and productive.
Working from home more often, reducing the need to use public transport, ensuring the office environment is safe and COVID secure and making sure we stay connected has been our focus. - Tackling economic inequality
-
Tackling economic inequality
iSYSTEMS is committed to paying our staff a fair salary and being based just outside of London ensure all our employees wages exceed the London Living Wage.
We offer several salary reviews throughout the year based on performance, with an increase after the satisfactory completion of the employees probation period and an annual salary review/increase. - Equal opportunity
-
Equal opportunity
We are building an inclusive and diverse team focusing on skills and added value to our business. As we grow, we are building our foundations and documenting our business processes to identify skills gaps. - Wellbeing
-
Wellbeing
Maintaining our culture is fundamental to our core values. We foster a collaborative team by holding cross department meetings and a range of social events to cement relationships. We regularly organise and / or contribute to joint campaigns with our partner organisations.
iSYSTEMS supports a number of charities and in particular ex-military personnel.
We have recently partnered with London's Air Ambulance Charity and will be supporting through its corporate charity support programme by a range of fundraising activities with our employees and customers as well as offering pro-bono technology consulting.
We have developed a close relationship with the Friends of PWRR Princess of Wales's Royal Regiment Benevolent Fund and have organised several fund-raising events including a charity football match between Princess of Wales's Royal Regiment and Millwall Legends at The Den, including ex England star Teddy Sheringham, as well as a very successful event called Party for Heroes (P4H).
Our sister company iFORCE is made up exclusively of ex-Special Forces and Intelligences Services and we have close links with Brian Wood MC who regularly attends our events and shares his insights from his time in the military. Throughout the month of November, Brian completed his Ultimate Sacrifice Challenge - Walking With The Wounded Brian Wood- Ultimate Sacrifice Challenge - Walking With The Wounded, where he dedicated every mile to one of our fallen soldiers from the Iraq and Afghanistan conflicts - 26 miles per day for 25 days, totalling 635 miles. iSYSTEMS supported Brian’s endeavours and was a major contributor and corporate sponsor.
We are considering various initiatives in 2022 including apprenticeship schemes, advance training and further staff benefits that do not cost the company very much but have a huge impact on our employees.
Pricing
- Price
- £2,000 a unit
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
ExtraHop pricing is bespoke from £2k per month / £24k per year.
A Proof of Concept provides a deployed system and support from a Sales Engineer for a 4- or 5-week duration - Link to free trial
- https://www.extrahop.com/products/cloud/free-trial/