An ExtraHop Infrastructure Assessment goes beyond consulting. We work with your team to understand the unique demands of your organisation and help to deliver better business outcomes – faster. Our experts have spent years honing methodologies that deliver rapid value and scale.
 
A dedicated ExtraHop engineer will whelp to quickly identify your unique needs and configure the ExtraHop platform to start delivering—and multiplying—value immediately. The engineer will walk you through implementation and out of the box functionality, including:

Auto discovery & classification

  • Discover any asset that talks on the network
  • Update CMDBs with live asset information
  • Classify all servers by activity type
  •  
    Live activity map & dependencies

  • ‘One click’ auto generated live activity map
  • 360 Degree Visualisation for the entire IT environment
  •  


     

    Assessment Scope

    An extensive analysis of your environment will be undertaken to provide visibility in to the following elements of your infrastructure:

    1. Network

    Domain Name Server (DNS) – Identify DNS Errors and Timeouts:

  • Show failing DNS transactions together with client details and frequency
  •  
    Active Directory – Visibility into key metrics regarding account and computer activity such as:

  • Invalid passwords by user name and IP
  • Computers with policy restrictions
  • Computers with time synchronisation errors
  • Authentication response time for Kerberos and LDAP servers
  • Active Directory DNS errors
  •  
    Transmission Control Protocol – Identify TCP metrics including:

  • Retransmissions
  • Retransmission Timeouts (RTO’s)
  • Round-Trip Time (RTT)
  • Aborts
  • Throttling
  • Zero Windows
  •  

    2. Web

  • Error codes – full status code analysis, including 404, 403, 5XX errors by user, server and URI
  • Web Server Performance – Identify the busiest, the fastest and the slowest web servers in the estate
  •  

    3. Database

  • Identify all database servers on the network, including MySQL, IBM, DB2/Informix, MS SQL Server, Oracle, PostgresSQL and Sybase
  • For each database type, understand the transaction type, quantity and rate, error status and full timing information
  • Discover all privileged logins by name and IP address
  •  

    4. Storage

    The ExtraHop appliance sees all CIFS and NFS file transfers, including the source IP address, the file and share name and the status of the request:
     
    Slow servers can be highlighted, as well as repeated attempts to access files that are not allowed to that user

    5. Baseline & Trend

    ExtraHop can keep a history of up to thirty days of activity and display these metrics in its dashboards. This lets you understand the baseline activity across your estate to help understand the rhythms of activity that might be associated with daily, weekly or even monthly events.
     

    6. Security

    Ransomware

    ExtraHop can see all file write and rename activities in real-time enabling incident response teams to set up an alert and be notified within minutes of a Ransomware infection starting to encrypt files. Rapidly pinpointing attacks is crucial to stopping Ransomware. The ExtraHop platform enables teams to identify attacks on NAS systems and shared file infrastructure in real-time as well as identify users and IP addresses associated with malware.

    SSL Analysis

    ExtraHop understands the full SSL/TLS handshake, including all details of ciphers in use, certificate expiration date, certificate authority, etc. This gives you an understanding of the network-wide SSL posture for your organisation without have to resort to manual audits or spreadsheets.