I will explain exactly how you can know what your network devices do like you would want to know when it comes to your children. Why would you even want to know you might ask. Yes, I am still talking about network devices and not small children.  The easiest way to explain this is to use small children as an example.

Everyone who has small children or ever cared for one, let alone a couple, will know that knowing where they are is not the only thing that matters. It is knowing what they do which is more important. There is a big difference between knowing that they are in the living room probably being so quiet because they are playing and knowing that they are in the living room where they are writing on the walls with the lipstick they just found in a purse.

We can take the example of small children and project this to your corporate network. Knowing that you have servers that you expect to provide valuable services to the organization and probably be able to guess what protocols and services are being used is a big difference from knowing exactly what services are provided, what protocols they use, and what the dependencies are between these servers.

Knowing what servers are exactly doing and with what protocol became all too apparent when Log4J happened. Security teams were in panic mode trying to understand how this vulnerability worked and to figure out what the blast radius was within the organization. They started asking the IT team if they knew how many and where all their potentially impacted webserver/HTTP server lived. Everyone who experienced this period in time dealing with this vulnerability will remember that it was hard to get trustworthy information ab. Not all that later the security team was facing the same issue with the OpenSSLv3 vulnerability.

ExtraHop customers were experiencing the Log4J period in a more controlled manner. The Reveal(x) solution is an agentless solution that monitors the raw network traffic of devices. It automatically creates a complete list of all the devices it sees and identifies what protocols they are communicating with and to whom. Before the Log4J vulnerability was publicly known, ExtraHop customers were already getting detections and automatic response was already isolating the issue. Reveal(x) detected unusual LDAP connections that were initiated from the web servers to the internet. At that time ExtraHop customers did not know exactly what they stopped until the Log4J vulnerability was published. The protocol inventory that Reveal(x) had created by passively listening to the network communication, was used by the IT team to identify the potential vulnerable HTTP servers, and they took appropriate action to avoid any additional misuse

To summarize ExtraHop customers can detect future unknown vulnerabilities by using the network as a data source for detecting unusual malicious activity. They have full visibility into their IT environment and they know instead of having to guess device activities. Resulting in faster detection, remediation, and validation of the issue. Coming back to watching small children. Provide your security team with Reveal(x) to be able to monitor the children (devices) on the network before one of them smears lipstick all over the organization