Real-time visibility and threat detection across all network traffic, including encrypted traffic
Seamless integration with core ITSM applications, streamlined threat detection, and response activities
Easy-to-use interface without the need for system training allowed rapid adoption across security and operational teams
VERBUND is Austria's largest electricity producer and operates critical infrastructure assets, covering approximately 40% of the country's electricity generation. As such, the company takes cybersecurity extremely seriously and has invested significantly in technical training, systems, and expertise to protect its enterprise applications, IT-infrastructure, and its operational technology (OT).
Traditionally, VERBUND has relied on individual departments to design, implement, and manage security within their respective domains and operational roles. However, following a cybersecurity strategic review in 2018, senior management decided to consolidate security functions into a more centralised Security Operations Centre (SOC). As part of this process, VERBUND evaluated several network detection and response (NDR) platforms in search of the solution that would form one very relevant component of its new SOC.
ExtraHop gives us a holistic view of any situation and the ability to understand how each event impacts all the connected systems. This is a major advantage for us.
Project Manager SOC and OT Security Specialist, VERBUND
The Extrahop toolset is one component to help build up the new SOC. VERBUND evaluated Reveal(x) alongside other well-known NDR vendors as part of an eight-week proof of concept. "It really opened our eyes to what is possible and gave us a good understanding of how each solution worked," said Florian-Sebastian Prack.
ExtraHop proved itself superior in a number of areas, especially in terms of its core capabilities. "Some of the other systems rely just on metadata and extensive training, whereas ExtraHop is able to quickly give insights and then allow to easily drill down to find specific items that the other systems were simply unable to uncover." It also gives visibility into SSL/TLS 1.3-encrypted traffic without compromising data privacy—a major consideration of VERBUND.
VERBUND also found that Reveal(x) easily paired with its existing systems and workflows. The security team has integrated Reveal(x) with its SIEM and its Atlassian Jira ITSM to provide a process-driven method of analysing alerts and managing responses.