ExtraHop

Siloed cybersecurity tools are no match for sophisticated adversaries. In a complex attack landscape, real success requires an interconnected ecosystem.

This reality was put to the test on a global stage at NATO Locked Shields 2026, the world’s largest, most prestigious, and most complex live-fire cyber defense exercise.

We are incredibly proud to share that the ExtraHop NDR platform was chosen play a critical role in this mission, providing the foundational network intelligence required to power the Joint Cyber Defense Stack against massive, coordinated nation-state simulations.

In our latest blog, Sarah Cleveland breaks down what an operation of this unprecedented scale proved about modern cyber defense:

🤝 Orchestrating a Unified Front: Success depends on a layered framework where network detection, asset visibility, and malware analysis work in concert to close operational gaps before adversaries can exploit them.

🎯 The Power of Network Ground Truth: An integrated defense stack only functions if you have immediate, real-time network intelligence to capture threats in motion and seamlessly trigger the rest of your security infrastructure.

⚡ Cutting Through Live-Fire Noise: Unified decryption combined with live-fire PCAP analysis gives defenders the definitive tactical advantage needed to outpace advanced threat actors.

Read Sarah’s full breakdown from the front lines of NATO Locked Shields 2026: https://xtra.li/49obhnw

🚀 Big news! We're expanding our partnership with Ignition into North America!

After seeing incredible success collaborating across EMEA and APJ, we are thrilled to bring this momentum across the Atlantic to drive innovation for the agentic SOC.

As security teams increasingly pivot to AI-powered defenses, high-fidelity network telemetry is everything.

Poor data sidelines AI models, but ExtraHop's modern NDR platform decrypts and decodes network traffic in real-time and at scale, providing the foundational context that autonomous security operations need to act with machine-speed precision.

Through this expanded partnership with Ignition (an Exclusive Networks company), we are bringing these powerful capabilities to North American enterprises, eliminating critical visibility gaps, and restoring the advantage to the defender.

🔗 Learn more: https://xtra.li/3ROFwOd

What does it take to run a modern, enterprise-grade platform?

It requires an architectural foundation built for both deep visibility and advanced security automation.

Look for capabilities like...

🔹 Full-stack intelligence & rich network context: Deep analysis across the entire network layer, including encrypted traffic and complex protocols, lets you see every user, device, and workload to provide the high-fidelity ground truth needed to fuel an agentic SOC.

🔹 Enterprise scale: Massive engineering capacity supporting high-throughput hybrid environments up to 400 Gbps ensures your team never drops packets or misses critical behaviors.

🔹 Tool consolidation: A single, consolidated pipeline unifying NDR, network performance monitoring, and packet forensics eliminates visibility gaps and operational overhead.

We believe these core strengths are a major reason why ExtraHop was named a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response once again.

Read our co-founder Raja Mukerji’s full breakdown here: https://xtra.li/4uVmX9i

❌ Stop managing alerts. ✅ Start solving incidents.

If your security team is spending more time correlating data than actually stopping threats, it’s time to pivot to an evidence-first approach.

We are teaming up with Zscaler for an exclusive webinar on how to build an actionable, high-fidelity security framework.

If you're looking to elevate your hybrid environment's defenses with robust SSE visibility and airtight Zero Trust enforcement, this one is for you.

We’ll teach you how to:

👤 Accelerate threat investigations with deep, identity-first context

🔍 Validate incidents instantly with packet-level ground truth

🛡️ Supercharge response speed and drastically level up your team's detection confidence

⏳ Reclaim lost hours by reducing manual correlation

Secure your spot here: https://xtra.li/43nXnhs

As threats evolve, your SOC needs to keep pace. Is your team ready?

Join experts from CrowdStrike and ExtraHop for our upcoming webinar, "5 Requirements for a Modern SOC," where we’ll dive into:
▪️ How attackers have modernized their playbook (and why old defenses are failing)
▪️ Navigating the burnout, alert fatigue, and visibility gaps stalling today’s security teams
▪️ Practical ways to weaponize AI to cut through the noise and accelerate your response time

🗓 Date: Thursday, June 11, 2026
⏰ Time: 10am PT/1pm ET
📍 Register: https://xtra.li/4uQunuA

Enterprise AI is scaling fast, but the security infrastructure built to monitor it wasn't designed for this level of volume.

Standard security systems were built for human-scale workloads, not 24/7 machine-to-machine activity.

When traffic spikes, standard security tools simply can't process it all.

Instead of giving an error, they fail silently, ignoring critical data to keep up.

The result?

Invisible security gaps where threat actors can move around, elevate their access, and hide in plain sight.

We break down AI's latest challenge on the blog 👉 https://xtra.li/4dur8Sy

We’ve got some "extra" big news to share!

For the second year in a row, ExtraHop is a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response (NDR)!

The landscape has changed. With AI-powered threats moving faster than ever and the rush to bring AI into the enterprise creating new blind spots, the SOC is under more pressure than ever to keep up.

Whether it’s surfacing sophisticated, high-velocity threats or providing the ground truth needed to make the agentic SOC a reality, ExtraHop gives you the clarity to act when every second counts.

We aren't just watching the network; we’re helping you defend the future of the enterprise.

👀 Want the full story?

We’ll share the report very soon. Keep your eyes glued to the ExtraHop feed to see the data, the insights, and why ExtraHop is a Leader once again.

Meet DINDOOR: The new backdoor bypassing your EDR 👋

In early 2026, Iranian state-sponsored group MuddyWater began moving away from traditional executables and toward specialized runtimes.

From U.S. financial institutions to Canadian NGOs and Israeli aerospace software firms, the reach of this campaign is global and its methods are evolving.

The ExtraHop research team breaks down the latest threat on the blog: https://xtra.li/4eKhCx4

How did the EU Commission get breached? It started with a tool meant to improve security.

1️⃣ Attackers compromised the Trivy vulnerability scanner, turning a trusted security tool into a credential stealer.

2️⃣ Attackers then used stolen AWS API keys to enter the environment, hunt for more secrets and create new keys on existing accounts to stay under the radar.

3️⃣ Because they had valid credentials, their reconnaissance looked like normal admin activity. They spent 5 days inside before being caught by a spike in network traffic.

The Result: 350GB exfiltrated. 71 clients affected.

Details on the blog: https://xtra.li/42WHTAN

Cloud provider logs are built for *their* needs — platform uptime, billing accuracy, service reliability. Not yours.

So when attackers move laterally across your environment, when subtle anomalies start stacking up, when regulators demand a precise account of a breach, you're working from a filtered, incomplete record you don't control.

And you probably don't know it yet.

The organizations that find out the hard way face:
❌ Longer dwell times
❌ Higher remediation costs
❌ Regulatory and legal exposure from evidence gaps

The ones that get ahead of it? They stop relying on provider logs as their source of truth, and start owning the evidence layer themselves.

Our co-founder Raja Mukerji breaks it down on the blog 👉 https://xtra.li/4tTl252