The ExtraHop wire data analytics platform enables IT teams to answer questions they hadn't known to ask before, such as "Which SSL servers are receiving heartbeats?" and "Where are heartbeat messages coming from?"
The Power of Wire Data Analytics in the Heartbleed Episode
1. 1
The Power of Wire Data Analytics
in the Heartbleed Episode
Answering Questions You Didn’t Know to
Ask
April 17, 2014
2. 2
CONFIDENTIA
What Is Heartbleed?
• Heartbleed allows anyone to
steal data in working
memory (including
encryption keys) from any
server that uses vulnerable
versions of OpenSSL
• Enterprise IT orgs run
hundreds of these services
and applications
Web
servers
Mail servers
Network
appliances
VPN servers FTP servers
Client-side
applications
3. 3
PACKET CAPTURE NETWORK SCANS
¤ Can take days to
complete in a
large environment
¤ Adds overhead to
servers and
consumes
bandwidth
Legacy Solutions Are Ineffective
SERVER LOGS
¤ Cannot detect
Heartbleed,
which leaves no
trace in logs
¤ Expensive: 100+
TBs each day for
enterprise
environments
¤ Requires highly
skilled network
engineers to parse
the data
¤ Does not work in
real time
4. 4
ExtraHop
ExtraHop: Comprehensive Visibility
Analyzes all SSL
transaction metrics,
including heartbeats
Provides context:
historical data,
contextual
communications,
geolocation, etc.
Easily understood by
all teams
Click on SSL
Server activity
group
1
Click to see all
servers receiving
heartbeat requests
2
Drill down to
device views for
SSL servers
3
5. 5
ExtraHop: Valuable Visualizations
Where are heartbeat
messages coming from?
In Kiev, which IP
addresses are sending
heartbeat messages?
Are there requests
coming from China?
6. 6
The Power of Wire Data
• Wire data is an immensely rich
source of data and insight
– All L2-L7 communications between
systems, including full bidirectional
transaction payloads
• ExtraHop is the platform for wire
data analytics
– Up to a sustained 20Gbps
– 2,500+ metrics available out-of-the-
box
– Programmable interface for custom
analysis
• ExtraHop offers unprecedented
IT visibility for risk mitigation and
much more
Application
Inspection
Triggers
Full-Stream Reassembly
L2-L7 Content Analysis
Intelligent Protocol Framework
Device & Application Auto-Discovery & Classification
Streaming Datastore
Historical Trending & Alerting Engine
SybaseEMCInformixNetAppCitrixSQL Server
VMwareIBM DB2OracleSharePointIBM MQSAP
SSL Decryption TCP State Assembly
Sessions
Flows
Transactions
Heartbleed detection is just one example!