ExtraHop Expands Agentic SOCs With Deeper Visibility

ExtraHop, a modern network detection and response (NDR) provider, has launched new visibility and forensic capabilities that deliver the contextual insights required to power agentic SOCs and enable more autonomous defense against sophisticated threat actors.

Setting AI agents up for success

Citing the growth of AI-assisted attacks, ExtraHop says these new capabilities aim to equip AI agents in the SOC with the foundational network intelligence they need to operate autonomously and combat threats effectively.

“The perceived advancement of the agentic SOC is an illusion for most, as a lack of high-fidelity, contextual data silently undermines the system’s efficacy and prevents enterprises from realizing any actual benefit from their agents,” said Kanaiya Vasani, chief product officer at ExtraHop. 

“The network remains the immutable source of truth for the modern enterprise, and ExtraHop unlocks that potential for the agentic SOC, driving agentic operations with robust and highly contextual insights. ExtraHop is providing holistic visibility into the most complex segments of the modern attack surface to help enterprises stop advanced threats with unprecedented speed and precision,” Vasani added.

Through deep protocol analysis, ExtraHop provides rich network telemetry that correlates activity across devices, users, applications, and identities. 

This provides the context AI agents need to reason and autonomously triage, enrich, and respond to cyber threats.

Offering unified identity and network insights

According to ExtraHop, the new capabilities will provide AI agents with strong network telemetry that tracks what is happening across the network and who is behind those actions. 

The company says this added layer of context provides autonomous agents with the information they need to operate securely and effectively.

To this end, ExtraHop has added integrations with leading identity systems, including Entra ID, Active Directory (AD), and Okta, to unify identity attributes and network telemetry into a single dataset.

By infusing dashboards, detections, and response actions with enriched user context, agents are empowered to investigate incidents with deeper insight and reduce mean time to response (MTTR).

Visibility into Kubernetes and ‘EQL’

ExtraHop says it now delivers full visibility into Kubernetes environments by natively capturing and decrypting Kubernetes traffic, then analyzing key resource metadata. 

This approach provides rich, integrated telemetry that helps SOC agents make faster, more deterministic decisions.

ExtraHop is also introducing ExtraHop Query Language (EQL), a new way for AI agents to access network intelligence. According to the company, EQL lets agents selectively query massive volumes of network telemetry to extract needed context at machine speed.

ExtraHop adds that EQL enables agents to securely consume enriched network metadata and detections to automate threat detection, investigation, and response through APIs and Model Context Protocol (MCP) servers.

“AI tools are only as good as the insights powering them and while creating the agentic SOC is a leading initiative for a number of enterprises, a lackluster source of data is holding them back from success,” said Chris Kissel, research vice president of security & trust products at IDC. 

“ExtraHop is solving this by doubling down on context and further closing the visibility gaps impacted by unobserved Kubernetes environments and user identities. Having this level of insight is critical for organizations deploying AI agents and allows adoption of autonomous operations to continue without sacrificing the pace of innovation,” Kissel continued.

Last year, ExtraHop released its Global Threat Landscape Report, highlighting how threat actors are driving record-high ransomware payouts. Learn more about the findings and how ExtraHop’s NDR approach helps organizations stay ahead of evolving threats.