Hi, I'm Tom Field, Senior Vice President of Editorial with Information Security Media Group. I'm talking today about NDR in the cloud. It's my pleasure to be speaking with Ryan Davis, Senior Manager, Cloud Product Marketing at ExtraHop. Ryan, thanks so much for joining me today.
Yeah, thanks for having me, Tom. So to start with, Ryan, as enterprises enter this evolving multicloud environment, what do you find that they're missing when it comes to network detection and response? I'll start by stating the obvious. Cloud adoption is vital for innovation, but cloud is introducing complexity.
It's expanding the attack surface and really it's weakening an organization's security posture. So as the security teams have been left to deal with this problem, they're also falling behind in evolving their security architecture and really the operational readiness to support cloud. And it's turned the security team into a blocker of sorts. They're blocking key business initiatives.
They're blocking other branches of the enterprise who are ready to move at the speed of the cloud. In terms of multicloud, there's a stat that IBM recently published that says more than 85% of organizations have workloads running in multiple cloud environments. And by next year, they expect that number to jump to 98%. So as an organization has already been mandated to move to the cloud, they're compounding the complexity by adding multiple cloud providers and multiple cloud services.
When you add in the challenges around additional tooling, additional agents that are required to monitor and manage these deployments, the life of a security team, security operations team member, really it's not looking very fun. So network detection and response helps to remove points of friction for security teams. NDR helps to break down silos between security, between IT and cloud infrastructure teams by giving each team one tool that can allow them to leverage a common data source really for different insights and actions. Security teams are not only missing a tool that can be used cross-functionally internally, but they're really missing a tool that can be used across multiple cloud providers.
And so that is inhibiting them from responding to the threats across multicloud and hybrid environments. So Ryan, it sounds like a bit of a fragmented market. How would you say enterprises have been navigating it? So that's a great question.
Cloud security is a highly fragmented industry. I have a slide I like to show when I talk about this. And my designer absolutely hates it. Basically, it's the NASCAR slide with over 50 logos and it shows the different vendors and offerings within the cloud security space.
But I like to keep it because it does a good job at showing how complex and segmented security has become for cloud. And it's not just about the volume of tools. It's how these tools integrate with each other and really how the tools don't integrate with each other and the visibility silos that's being created, especially in multicloud environments. So on one hand, you have the cloud service provider tools from AWS, GCP, and Azure.
And these require a certain level of expertise in each CSP's architecture. And they don't provide a single pane of glass between each tool. But more importantly, they don't provide visibility into the other cloud environments. And they typically will perform best when they are combined with a number of other tools.
But those integrations can be tricky. And you also have cloud first security tools, things like CASB, CWPP, CSPM. And these work well for one specific cloud service, whether it's PaaS or SaaS, but these tools don't usually cover all cloud services. So integrating cloud first tools with on-prem enterprise tools is also something that's very complex.
Last, there's this whole category of cloud security tools that leverage different data sources. So you have endpoint detection and response. This leverages agents. Same solutions which leverage logs and then network detection and response, which leverages network packets.
And most of these tools come from vendors who also have on-prem solutions. And it's not uncommon for legacy security providers to stretch their on-prem monitoring tools into the cloud. And what's happening is they're doing that by deploying sensors into the cloud and backhauling that data back to their on-prem environments. And these approaches raise concerns about data privacy, trust, and it's also very costly to move things in and out of cloud environments.
So it doesn't help SOC Ops gain complete visibility and complete control over their cloud workloads. It's also important for SOC Ops to adapt a true cloud-first, cloud-native hybrid security solution that is allowing them to deliver a single platform from which security teams can apply both controls on-prem and in cloud workloads. Ryan, talk to me about the evolution. What's changed in the past six months to enable better abilities, both to remediate and respond in the cloud?
Yeah, so traditionally, cloud security has depended on logs and agents as data sources. So I broke it down a little bit in the last question, but network data was cumbersome and difficult to scale in the past. It's always required a lightweight packet forwarder or some kind of agent to capture network packets. So network detection and response is not a well-known data source in cloud environments.
While logs and agents are still really good solutions for cloud security, they do have some drawbacks. With logs, you can turn them off and you can't deploy agents in everything in a cloud environment. So really what's changed in the last six months, in June of 2019, AWS went GA with their virtual tap called VPC Traffic Mirroring. And essentially, this allows customers to take a copy of their cloud traffic and route that traffic to a monitoring instance.
Or in our case, it would send a copy of that traffic to our ExtraHop RevealX cloud SaaS solution or our on-prem-based solution. And the customer is getting all the benefits of network detection and response by leveraging the network as a data source, which is really providing the ground truth. The network is difficult to evade and the network can't be turned off. And you also have GCP and Azure that have both announced virtual taps of their own.
So each of the three main cloud providers have the ability to leverage the network as a data source and customers can enjoy the value of NDR solutions. Tell me more about ExtraHop. How are you helping customers to maximize their NDR capabilities in this multi-cloud environment we've been talking about? Yeah, so last week, our day just ended and we made a number of announcements.
And one of our announcements centered around taking a cloudNative approach specifically for multi-cloud environments and hybrid environments. And security teams are able to manage detection. They're able to manage investigation and response via an integrated workflow with a SaaS-based solution. And this ExtraHop cloudNative SaaS offering is delivering a couple of things.
So the first is a new control plane for global intelligence, for this 360-degree visibility and this overall situational awareness across both hybrid and multi-cloud attack surface. And really what this means is our customers don't need to worry about where they are monitoring data, whether their data is in the on-prem data center, whether it's in remote sites or branch offices, or if it resides in different cloud environments. It doesn't matter as they can manage all of their data from one interface, one pane of glass. And really, it's one product, so there's no need to jump in and out of UIs.
We also announced a scalable cloud-based record warehouse. This helps customers analyze rich layer 2 to layer 7 metadata to drive real-time detections and essentially enable investigative workflows. And this is allowing customers to leverage the cloudNative advantages and reduce the deployment friction, improve the efficacy of detections, and really ultimately get to faster root cause analysis and response time. Well, Jason, you've given a pretty good overview of how these solutions, these new announcements, will work.
What business benefits can be achieved from them? The way sensors are deployed in cloud environments is actually pretty simple. As I mentioned earlier, it used to be difficult to capture network traffic in cloud environments. But with the release of virtual taps by every major CSP, it's now pretty easy.
In the case of AWS, they have a virtual tap called VPC traffic mirroring. And by default, the traffic mirroring feature is turned off. But essentially, with a click of a button, customers can enable traffic mirroring and the rest can be handled in a few steps. So traffic mirroring sessions monitor cloud workloads and a workload could be anything from a VM, a load balancer, an EC2 instance.
Essentially, all traffic mirroring needs is an elastic network interface or an ENI to attach and then it can send copies of cloud traffic to a monitoring instance. And in this case, a customer could send traffic to our SaaS solution or to our Omni solution. And as I mentioned before, the big difference is our offering will work across cloud providers and on-prem environments to give the user one UI, one interface to interact with and see all their data. So in terms of benefits that can be achieved, visibility and control is really a key benefit.
As I mentioned in the first question, SecOps has been tasked with this mandate to migrate to the cloud and ensure that every workload, every application is secure. And security teams have lost control. They're really desperate to get in front of groups like the DevOps and applications teams. And in order to do that, they need visibility.
Unified security is also a key benefit. I've said this a bunch, but one product, one UI, one interface, which is so important as enterprises begin to adopt multiple clouds while still keeping an on-prem footprint. And zero infrastructure, the ability to deploy instantly without manual configuration and operational management is really a key tenant of cloud environments. It's why we moved to the cloud.
But it's also important that our tools do the same thing. There's also a tool consolidation value to note here. Another reason companies want to make the move to the cloud is to help simplify and really to get away from the complex on-prem architecture where there's a tool for everything. It doesn't make sense to move to the cloud and then repeat that mistake and have a tool for each team.
So tool consolidation is a real benefit and finding