www.extrahop.com Open in urlscan Pro
34.218.57.237  Public Scan

Form analysis
2 forms found in the DOM

Name: untitledForm-1367515949663 — POST https://s1701.t.eloqua.com/e/f2

<form method="POST" id="form107" name="untitledForm-1367515949663" role="form" action="https://s1701.t.eloqua.com/e/f2" class="reset-disabled" data-parsley-validate="" data-parsley-trigger="focusout" data-onload="extrahop.undisableForm"
  novalidate="">
  <input type="hidden" name="elqFormName" value="untitledForm-1367515949663">
  <input type="hidden" name="elqSiteId" value="1701">
  <input type="hidden" name="elqCampaignId">
  <input type="hidden" name="campaignId" value="70180000001EqjnAAC">
  <input type="hidden" name="elqCustomerGUID">
  <input type="hidden" name="elqCookieWrite" value="0">
  <input type="hidden" name="GA_Medium" value="">
  <input type="hidden" name="GA_Source" value="">
  <input type="hidden" name="GA_Campaign" value="">
  <input type="hidden" name="GA_Content" value="">
  <input type="hidden" name="GA_Term" value="">
  <input type="hidden" name="GA_Product" value="">
  <input type="hidden" name="GA_Region" value="">
  <input type="hidden" name="GA_Funnelstage" value="">
  <input type="hidden" name="GA_Version" value="">
  <input type="hidden" name="gclid" value="">
  <input type="hidden" name="FormURL" value="">
  <input type="hidden" name="uniqueid" value="">
  <input type="hidden" name="adgroupname" value="">
  <input type="hidden" name="redirectUrl" value="https://www.extrahop.com/company/newsletter-signup-success/" data-sync-host="www">
  <div class="inline-input">
    <div class="form-group email">
      <input id="email" class="form-control garlic-auto-save" name="email" type="email" required="" placeholder="Email Address">
    </div>
    <div class="form-group">
      <input type="submit" class="btn btn-basic" value="Subscribe" data-track-newsletter-subscribe="">
    </div>
  </div>
</form>

<form>
  <input class="st-default-search-input st-search-set-focus garlic-auto-save" type="text" value="" placeholder="Search this site" aria-label="Search this site" id="st-overlay-search-input" autocomplete="off" autocorrect="off" autocapitalize="off">
</form>

Text Content

 * The Platform
   
   
   EXTRAHOP
   REVEAL(X) 360
   
   CLOUD-NATIVE VISIBILITY, DETECTION, AND RESPONSE
   FOR THE HYBRID ENTERPRISE.
   
   Learn More
   
   Explore Reveal(x)
   
   How It Works
   
   Competitive Comparison
   
   Integrations and Automations
   
   Cybersecurity Services
   
   What is Network Detection and Response (NDR)?
   
   Cloud-Native Security Solutions
   
   Reveal(x) Enterprise: Self-Managed NDR

 * Solutions
   
   --------------------------------------------------------------------------------
   
   
   SOLUTIONS
   
   With the power of machine learning, gain the insight you need to solve
   pressing challenges.
   
   FOR SECURITY
   
   Stand up to threats with real-time detection and fast response.
   
   Learn More >
   
   FOR CLOUD
   
   Gain complete visibility for cloud, multi-cloud, or hybrid environments.
   
   Learn More >
   
   FOR IT OPS
   
   Share information, boost collaboration without sacrificing security.
   
   Learn More >
   
   BY INITIATIVE
   
    * Advanced Threats
    * Security Operations Transformation
    * Enterprise IoT Security
    * Integrate NDR and SIEM
    * Implement Zero Trust
    * Multicloud & Hybrid Cloud Security
   
   BY VERTICAL
   
    * Financial Services
    * Healthcare
    * e-Commerce and Retail
    * U.S. Public Sector
   
   Featured Customer Story
   
   
   WIZARDS OF THE COAST
   
   Wizards of the Coast Delivers Frictionless Security for Agile Game
   Development with ExtraHop
   
   Read More
   
   See All Customer Stories >

 * Customers
   
   --------------------------------------------------------------------------------
   
   
   CUSTOMERS
   
   Our customers stop cybercriminals in their tracks while streamlining
   workflows. Learn how or get support.
   
   COMMUNITY
   
    * Customer Portal Login
    * Solution Bundles Gallery
    * Community Forums
    * Customer Stories
   
   SERVICES
   
    * Services Overview
    * ExtraHop Reveal(x) Advisor
    * Deployment
   
   TRAINING
   
    * Training Overview
    * Training Sessions
   
   SUPPORT
   
    * Support Overview
    * Documentation
    * Hardware Policies
   
   Featured Customer Story
   
   
   WIZARDS OF THE COAST
   
   Wizards of the Coast Delivers Frictionless Security for Agile Game
   Development with ExtraHop
   
   Read More
   
   See All Customer Stories >

 * Partners
   
   --------------------------------------------------------------------------------
   
   
   PARTNERS
   
   Our partners help extend the upper hand to more teams, across more platforms.
   
   CHANNEL PARTNERS
   
    * Channel Overview
    * Managed Services Providers
    * Overwatch Managed NDR
   
   INTEGRATION PARTNERS
   
    * CrowdStrike
    * Amazon Web Services
    * Security for Google Cloud
    * All Technology Partners
   
   PANORAMA PROGRAM
   
    * Partner Program Information
    * Partner Portal Login
    * Become a Partner
   
   Featured Integration Partner
   
   
   CROWDSTRIKE
   
   Detect network attacks. Correlate threat intelligence and forensics.
   Auto-contain impacted endpoints. Inventory unmanaged devices and IoT.
   
   Read More
   
   See All Integration Partners >

 * Blog
 * More
    * About Us
    * News & Events
    * Careers
    * Resources
   
    * About Us
    * The ExtraHop Advantage
    * What Is Cloud-Native?
    * Leadership
    * Board of Directors
    * Contact Us
   
    * Explore the Interactive Online Demo
    * Take the Hunter Challenge
    * Upcoming Webinars and Events
    * Newsroom
   
   
   HUNTER CHALLENGE
   
   Get hands-on with ExtraHop's cloud-native NDR platform in a capture the flag
   style event.
   
   Read More
   
   
   
    * Careers at ExtraHop
    * Search Openings
    * Connect on LinkedIn
   
    * All Resources
    * Customer Stories
    * Remote Access Resource Hub
    * White Papers
    * Datasheets
    * Industry Reports
   
    * Webinars
    * Network Attack Library
    * Protocol Library
    * Documentation
    * Firmware
    * Training Videos


Login
Logout
Start Demo





THE PLATFORM


SOLUTIONS


CUSTOMERS


PARTNERS


BLOG


MORE

START THE DEMO

CONTACT US

Back


EXTRAHOP
REVEAL(X) 360

Cloud-native visibility, detection, and response
for the hybrid enterprise.

Learn More

HOW IT WORKS

COMPETITIVE COMPARISON

INTEGRATIONS AND AUTOMATIONS

CYBERSECURITY SERVICES

WHAT IS NETWORK DETECTION AND RESPONSE (NDR)?

CLOUD-NATIVE SECURITY SOLUTIONS

REVEAL(X) ENTERPRISE: SELF-MANAGED NDR

Back


SOLUTIONS



Learn More

SECURITY

CLOUD

IT OPS

USE CASES

EXPLORE BY INDUSTRY VERTICAL

Back


CUSTOMERS

Customer resources, training,
case studies, and more.

Learn More

CUSTOMER PORTAL LOGIN

CYBERSECURITY SERVICES

TRAINING

EXTRAHOP SUPPORT

Back


PARTNERS

Partner resources and information about our channel and technology partners.

Learn More

CHANNEL PARTNERS

INTEGRATIONS AND AUTOMATIONS

PARTNERS

Back


BLOG



Learn More
Back


ABOUT US


NEWS & EVENTS


CAREERS


RESOURCES

Back


ABOUT US

See what sets ExtraHop apart, from our innovative approach to our corporate
culture.

Learn More

THE EXTRAHOP ADVANTAGE

WHAT IS CLOUD-NATIVE?

CONTACT US

Back


NEWS & EVENTS

Get the latest news and information.

Learn More

TAKE THE HUNTER CHALLENGE

UPCOMING WEBINARS AND EVENTS

Back


CAREERS

We believe in what we're doing. Are you ready to join us?

Learn More

CAREERS AT EXTRAHOP

SEARCH OPENINGS

CONNECT ON LINKEDIN

Back


RESOURCES

Find white papers, reports, datasheets, and more by exploring our full resource
archive.

All Resources

CUSTOMER STORIES

REMOTE ACCESS RESOURCE HUB

NETWORK ATTACK LIBRARY

PROTOCOL LIBRARY

DOCUMENTATION

FIRMWARE

TRAINING VIDEOS


BLOG


GARTNER ON HOW TO RESPOND TO A SUPPLY CHAIN ATTACK

 * Kelsey Milligan

 * September 13, 2021

Do you have trust issues? We don't care what your therapist says, in
cybersecurity that's perfectly okay, as the idea that there is trusted
third-party hardware and software is probably wishful thinking. Unfortunately,
diligent, well-respected software and hardware suppliers can still be
infiltrated by persistent adversaries.

The world became acutely aware of the severity and scope of supply chain attacks
after SUNBURST was disclosed in December, 2020. While the attack largely
targeted government institutions, the attack left an estimated 18,000
organizations vulnerable. Unfortunately, nine months after the attack, many
organizations are still building their cybersecurity response strategy.


THE QUICK ANSWER: RESPONDING TO SUPPLY CHAIN ATTACKS

To help organizations understand how SUNBURST and other supply chain attacks
work and how to form a response plan, Gartner® published Quick Answer: How to
Respond to a Supply Chain Attack? In the report, Gartner defines a supply chain
attack as "When goods, services or technology supplied by a vendor to a customer
have been breached and compromised, which introduces a risk to the customer
base."

A safe assumption is that no product or vendor should be completely trusted, but
Gartner makes the case for why staying on the defensive, rather than shunning
new technology is a smarter business strategy. According to Gartner, "Supply
chain attacks are a reality, but organizations are often unprepared to respond
to a cybersecurity event when it occurs. Security and risk management leaders
should have an incident response plan prepared to deal with events where supply
chain attacks may impact their organizations."

To help inform how organizations should respond to supply chain attacks, Gartner
outlines a plan, which includes determining if an organization is affected,
monitoring for indicators of compromise, and tracking any lateral movement.

The Quick Answer report also offers some tool recommendations. In it, Gartner
names, EDR or endpoint detection and response and NDR, or network detection and
response, as effective solutions that can help detect lateral movement and
credential management anomalies. Gartner also notes the benefits of behavioral
analytics, saying that "Also worth deploying are tools that incorporate user
behavioral analytics to examine standard access behavior of users and servers.
If such a tool is deployed, it will help reduce the spread of malware by
limiting it to the systems the infected device can access." They also add that
"any network security with threat intelligence or signatures could detect the
[command-and-control] communication once the servers are known as bad."

Read the Gartner Quick Answer: How to Respond to a Supply Chain Attack?


DEEPER DIVE: WHAT IS A SUPPLY CHAIN ATTACK?

While Gartner offers a quick answer, we feel that this is important enough to
dig in a little deeper to further breakdown the most common vehicles for supply
chain attacks and offer our take for fast, effective response.

A supply chain attack occurs when a bad actor trojanizes a legitimate
product—that is, they insert malicious code or backdoors into trusted hardware
or software products as means of entering undetected into an environment.
Generally, supply chain attacks target three types of products:

Hardware Supply Chain: These occur when an adversary alters hardware or firmware
components in products such as servers and network infrastructure to gain
backdoor access. By leveraging hardware, the attacks become extremely hard to
detect. Malicious additions such as implanted chips can easily be disguised as
legitimate components, and any system intrusions are almost impossible for
victims to identify in the early stages.

While these attacks reap rewards for attackers, hardware supply chain attacks
are also extremely difficult to carry out. An attacker has to physically
intercept and tamper with hardware, either during the production process or
while a piece of hardware is in transit.

Software Dependencies and Development Tools: In this type of attack, an
adversary infiltrates software dependencies, including open-source software and
commercially licensed development tools. Because software dependencies can be
widely used across many different vendors, an attacker has the potential to
target a broad set of victims.

Supply chains are becoming increasingly complex, which gives an added advantage
to software dependency attacks. A single manufactured device may encompass
hardware components and software that can contain dependencies and the
associated risk that goes far up the supply-chain ladder. Even when malicious
code is discovered, an intended victim could potentially be exposed for a long
period of time as patches and updates trickle down the supply chain, creating a
longer attack window. The Ripple20 vulnerabilities offer a worst-case example of
how complex, modern supply chains impact today's security.

Software Supply Chain: This is when an adversary manipulates software prior to
deployment, usually with the goal of gaining system access or exfiltrating
sensitive data. This method is a well-documented form of supply chain attack in
the Mitre ATT&CK framework, with numerous examples of its use by advanced
persistent threats, including nation-state adversaries and ransomware gangs.

In the case of SUNBURST, APT29 is thought to be responsible for adding malicious
code into legitimate SolarWinds software. Once uploaded to servers via a
software update, the malware was able to leverage administrative privileges to
disable the host security processes and services before communicating back to an
external malicious server or infrastructure for instructions, aka
command-and-control beaconing.


TECHNOLOGY THAT GIVES YOU THE ADVANTAGE

Among their recommendations for vendor risk management, the Gartner Quick
Response lists behavior-based analytics as part of an NDR solution, while naming
threat intelligence and signature-based detections separately from NDR. NDR
tools are becoming necessary for defending against advanced threats, but within
the NDR market category, there is a range of available technology that has the
potential to make or break a team's success. It's worth a closer look at the
most important NDR features that make the detection and investigation of
stealthy attacks more clear cut.

BEHAVIOR ANALYTICS

One of the most important factors in detecting any kind of unknown threat, and
part of what defines NDR technology, is behavioral analytics. Machine-learning
powered network detection and response establishes network baselines, allowing
it to know what is normal, and parse out any unusual activity on the network.

While signature-based detection is helpful, when used on it's own, it can only
detect known threats. This leaves organizations vulnerable to the new threats
that are carrying out today's sophisticated supply chain attacks. In addition,
the current generation of machine-learning powered, behavior-based detectors
don't fire off false positives at the same rate as signature-based detections.

This is why we don't recommend an organization use signature-based IDS, but
instead look toward a comprehensive NDR solution that combines rule-based and
behavior-based detections. It allows organizations to reduce alert fatigue and
get the benefits of superior perimeter detection capabilities while still being
able to detect threats post compromise.

CURATED THREAT INTELLIGENCE

The ability to detect anomalous behavior is just the first step toward effective
investigation and response. Once suspicious activity has been detected, an
analyst must be able to determine the actual risk by investigating the anomaly,
usually starting by looking at any communication records that may be associated
with an event.

When integrated with an NDR solution, curated threat intelligence helps users
get a comprehensive look at any devices or communications associated with a
specific detection. This allows security analysts to clearly see what's at risk
and drill down to any associated communications, making the investigation of
suspicious URIs or hosts a simpler task. The relevant threat information
provided helps network defenders make the decisions they need to protect their
network before any major damage is done.

PACKET-LEVEL FORENSICS AND DECRYPTION

The benefits of both behavior analytics and threat intelligence have limitations
without visibility into the east-west corridors of the network. The advancement
of network encryption has in most respects increased the security of data in
transit, but for network defenders, encryption also leaves dark corners for
attackers to hide.

Supply chain attacks may benefit from encryption as a means to hide their
actions via encrypted connections, as an attacker can encrypt and therefore
obscure any data exfiltration, database queries, or C&C beaconing. By mirroring
and decrypting traffic, defenders can safely gain the information they need to
conduct forensics with accuracy. Rather than merely inferring what malicious
activity may have occurred from observed patterns, a security analyst can
clearly identify exactly what actions were taken down to the packet level.

You can see how NDR with behavior-based analytics, curated threat intelligence,
and packet-level forensic capabilities performs against supply chain attacks in
our online demo. The demo offers a full, unthrottled version of our NDR
solution, ExtraHop Reveal(x), running on example data. Choose the SUNBURST
scenario for a guided tour of how it can help your organization detect and
respond to a real supply chain attack.

Gartner, Quick Answer: How to Respond to a Supply Chain Attack?, Peter
Firstbrook, Jeremy D'Hoinne, 21 December 2020
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its
affiliates in the U.S. and internationally, and is used herein with permission.
All rights reserved.
 * Posted in Security, Tech, NDR, Decryption, Tips and Hacks
 * See other posts by Kelsey Milligan


STOP BREACHES 84% FASTER

Investigate a live attack in the full product demo of ExtraHop Reveal(x),
network detection and response, to see how it accelerates workflows.

Start Demo


RELATED BLOGS

1.7.21


SUNBURST: WHY SUPPLY CHAIN ATTACKS ARE SO DESTRUCTIVE

Why was the SUNBURST supply chain attack so destructive? In this blog, ExtraHop
identifies common elements of a supply chain attack and how to stop these
attacks in the early stages.

Dan Frey

3.9.21


ARE YOU READY TO DEFEND AGAINST THE NEXT SUPPLY CHAIN ATTACK?

What can organizations do now to defend against the next supply chain attack?
Find out more in our latest blog post.

Dan Frey

7.6.21


REVIL RANSOMWARE ATTACK AND SUPPLY CHAIN RISK

The latest REvil ransomware attack is a sophisticated supply chain-based attack
on software provider Kaseya that has put up to 1,500 customers at risk.

Jeff Costlow


SIGN UP TO STAY INFORMED

Javascript is required to submit this form


+

ExtraHop uses cookies to improve your online experience. By using this website,
you consent to the use of cookies. Learn More

Global Headquarters
520 Pike St
Suite 1600
Seattle, WA 98101
United States

EMEA Headquarters
WeWork 8
Devonshire Square
London EC2M 4PL
United Kingdom

APAC Headquarters
3 Temasek Avenue
Centennial Tower
Level 18
Singapore 039190

PLATFORM

 * Reveal(x) 360
 * How It Works
 * Competitive Comparison
 * Integrations and Automations
 * Cybersecurity Services
 * What is Network Detection and Response (NDR)?
 * Cloud-Native Security Solutions
 * Reveal(x) Enterprise: Self-Managed NDR

SOLUTIONS

 * Security
 * Cloud
 * IT Ops
 * Use Cases
 * Industries

CUSTOMERS

 * Customer Portal Login
 * Services Overview
 * Training Overview
 * Support Overview

PARTNERS

 * Channel Overview
 * Technology Integration Partners
 * Partner Program Information

BLOG

MORE

 * About Us
 * News & Events
 * Careers
 * Resources

 * Copyright ExtraHop Networks 2021
 * Terms of Use
 * Privacy Policy

 * Facebook
 * Twitter
 * LinkedIn
 * Instagram
 * YouTube







Close


suggested results