Threat detection tactics lead ExtraHop’s integration with Cisco, Niagara Networks

Threat detection through data inspection.

That’s what network intelligence cybersecurity companies like ExtraHop provide customers, offering to track vulnerabilities and manage security for IT teams.

During an interview at Cisco Live in early June, ExtraHop director of business development and strategic partner alliances Tranel Hawkins and technical marketing manager Jason Kunst told IT Brew that their company’s analysis of data relies on Niagara Networks aggregation and then works with Cisco Identity Services Engine (ISE), which allows for heightened security.

“We see the threat in the network, and ISE is able to isolate that network portion,” Kunst said.

You’re not alone. ExtraHop isn’t the only company providing detection services to IT departments, developers, and others. UK-based NCC Group debuted its Code Credential Scanner in Maye, promising to alert users “when credentials are present in the code, so that the team can immediately fix issues as they arise.”

But Kunst and Hawkins believe their integration with Cisco gives ExtraHop an advantage.

“If you were a bad guy, you wouldn’t know we exist, because they’re sending us the data; we’re not even a bump in the wire that’s on the network itself,” Hawkins said. “Once they send us that data, then we analyze that and provide real time detection back to the security analyst.”

Reflecting pool. Niagara collects data and mirrors it, Niagara Networks engineer Vivek Singh told IT Brew. Then, Extrahop lets them know what to provide.

“Once we have all the traffic, we collect it, and then the ExtraHop team reports to us what they actually want,” Singh said. “So we filter the traffic and then send it to them.”

The pair works in tandem to provide a picture of intrusions for detection and response—a tool that can centralize “all their tooling,” as Kunst put it, and can “see if there’s some sort of exploit—some sort of bad behavior happening.”