ExtraHop Reveal(x) Edition
Mfg # REVX-9200
CDW # 5356176
Quick tech specs
- Eliminate blind spots with complete coverage which provides continuous visibility across all devices and workloads
- Respond 84% faster. Integrated response automation to immediately act on threats
- Packaged Appliance
- Detect threats other tools miss by leveraging cloud-scale ML,behavioral analysis,and threat intelligence dervived from petabytes of data per day
- Respond 84% faster. Integrated response automation to immediately act on threats
Know your gear
ExtraHop Reveal(x) Enterprise is the industry leader in network detection and response (NDR), providing complete east-west visibility, real-time threat detection inside the perimeter, and intelligent response at scale. Please contact your ExtraHop channel sales partner or an authorized ExtraHop distribution partner for questions and configuration support.
Enhance your purchase
ExtraHop Reveal(x) Edition is rated
4.70 out of
5 by
3.
Rated 5 out of
5 by
Serena Bryson from
Useful detection, effective external IP risk mitigation, but longer activity look back needed
What is our primary use case?
We are using ExtraHop Reveal(x) for lateral movement and for behavioral analytics.
How has it helped my organization?
ExtraHop Reveal(x) has allowed us to triage the alerts as they're coming in. For example, as detections are noticed, being able to spot any issues within the application or failed access.
We also use ExtraHop Reveal(x) for endpoint detection. The ability it has to mitigate risk from external IP addresses has been a lifesaver for us.
What is most valuable?
The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies.
What needs improvement?
ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x).
For how long have I used the solution?
I have been using ExtraHop Reveal(x) for approximately one year.
What do I think about the stability of the solution?
ExtraHop Reveal(x) is stable.
What do I think about the scalability of the solution?
The scalability of ExtraHop Reveal(x) is good it picks up the traffic along the network. It picks up everything within our tenant.
We have approximately 10 people using the solution in my organization.
We might increase the usage of this solution in the future.
How are customer service and support?
The support from ExtraHop Reveal(x) is sporadic, it can be good and it can be poor.
I rate the support from ExtraHop Reveal(x) a three out of five.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I previously used Darktrace.
What was our ROI?
We have received a return on investment using this solution.
What other advice do I have?
We have approximately two people who do the maintenance of the solution.
My advice to others is for them to make sure that ExtraHop Reveal(x) can see everything within their environment. Additionally, review the packet capture and look into the tuning features within it to tune your exceptions. They're pretty granular and don't tune them too broadly to where you exclude things that you want to see.
I rate ExtraHop Reveal(x) a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-10-05T00:00:00-04:00
Rated 5 out of
5 by
Ryan Barker from
Secure, simple to install, and has helpful technical support
What is most valuable?
The security features of this solution are the most valuable.
What needs improvement?
I can't think of anything right now. They meet all of my customers' requirements.
Additional integration partners would be beneficial.
I would like to see more cloud capability.
For how long have I used the solution?
I have been working with ExtraHop Reveal(x) for four years.
We are using the latest version.
What do I think about the stability of the solution?
ExtraHop Reveal(x) is very stable. We have not experienced any issues.
I would rate the stability a nine out of ten.
What do I think about the scalability of the solution?
Sometimes ExtraHop Reveal(x) is easy to scale. We have had some issues with scalability.
How are customer service and support?
I would rate technical support a four out of five. There's a little room for improvement.
How was the initial setup?
The initial setup is simple.
Maintenance requires very little personnel. For example, one person is required for every 100 people.
What's my experience with pricing, setup cost, and licensing?
I would rate the price a three out of five. It could be less expensive.
Which other solutions did I evaluate?
I have not compared ExtraHop Reveal (x) with other vendors.
What other advice do I have?
We are partners with ExtraHop.
I would rate ExtraHop Reveal(x) a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2022-08-07T00:00:00-04:00
Rated 5 out of
5 by
John Boake from
Does full decryption at 100 Gbps, reduces our MTTR, and has great analytics
What is our primary use case?
It's used by application owners and network engineers for troubleshooting application performance issues or network performance issues.
It's a hybrid solution. We have on-prem sensors and trace appliances and a cloud control appliance.
How has it helped my organization?
It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network.
It's useful for different teams in our organization. The cybersecurity team uses it because it has got great analytics for anomaly detection, malware detection, and ransomware. It's used by the networking people because it's great to be able to get the three-way handshake between systems to see how your network is doing.
The microservices for DNS use it because they like to be able to see how their DNS services are operating and how many DNS requests are being rejected, denied, or dropped. Application people love it because it fully decrypts their traffic. On the server side, they can see what's going on, how many methods are running, and which users are doing it. If there is a long-running process, what the SSL handshake looks like and how long does it take to figure out which cipher suite you're going to use and get it working.
What is most valuable?
I like their dashboards. It has machine learning, and it has great analytics for security, network, and microservice performance.
Out of the box, with very little configuration, it does more than all the other tools. The features that other vendors promise to be available within six months to a year of purchase are already available in this product.
What needs improvement?
Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting.
The beautiful thing about the company that runs ExtraHop is that when we go to them with feature requests or with things that we would like to see, they're really good at getting them added. The most recent one that we're looking for is being able to limit the packets that users can download. So, if you're an administrator, you should be able to download a full packet capture with the full packet, but if you're just an engineer or an application person just looking at your application header traffic, you don't need to see any payload data. We want to be able to limit that traffic. We want to limit who can see the payload, and we can do that. The vendor is putting that into the tool for us. It's going to be done before the end of the year.
For how long have I used the solution?
Our company has been using it for eight or nine years. I've been using it for five years, and I've been the subject matter expert over it for the last two years.
What do I think about the stability of the solution?
One series of hardware that we ordered with the same sequential serial numbers has issues, but the rest of the hardware is rock solid. The operating system they put on this, the firmware, the versions, and everything that they run is pretty good. I don't have an issue with the appliances, but the initial release of these new 10k appliances has had some issues.
What do I think about the scalability of the solution?
It's very scalable. I have close to a thousand users who use this tool or have access to the tool. They are DBAs, application people, networking people, and security people. It's used by all of them. It's a great tool.
It's being used globally. We always have plans to increase the usage. The more people use it, the harder it's to get rid of it.
How are customer service and support?
They're great. I would rate them a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
At this company, I did not use any other solution.
How was the initial setup?
It was pretty straightforward. After you've done it once or twice, it's pretty simple and straightforward.
It was really easy and straightforward for me. The problem is that there are so many bits and pieces that are required on the outside in order to get the inside working. It reads packet data. So, I have to somehow get the packets to the appliances. The complexities come in when you are trying to create the packet stuff on the outside.
It has taken us two years to do this implementation. The hardware is easy to put in, but I work with so many other groups that it's difficult to get the time and resources to get hardware racked, get IP addresses, and get cabling done. It's all done by different teams. Our company makes it difficult. If I was at my previous company, it would be a breeze because I would just order the hardware, and I would rack it myself. I would cable it myself, IP it myself, hook it up at the switch myself, and do all the configuration myself, but because I have to go through so many other teams and groups, it's much more difficult now.
What about the implementation team?
It was done in-house. I'm the only person who takes care of its deployment and maintenance.
What was our ROI?
It reduces our MTTR. The mean time to repair is reduced dramatically because you can quickly isolate where the problem is. I can quickly say the problem is not a network-related problem. It’s a server-related problem, or it's an application-related problem. The return on investment on this one is probably seen in the first year of purchase.
We have some fairly hefty applications. We're a finance company. So, we're constantly processing banking information, credit card information, and online transactional information. It's constantly running through our mainframes or data centers. So, it's invaluable that we keep the lights on and these applications running as smoothly and as efficiently as possible.
Which other solutions did I evaluate?
We've done our due diligence and research on other products such as Riverbed and NetScout. This product is by far the supreme leader. It does full decryption currently at a hundred gigabits per second on a single appliance. Their next generational appliances are going up to 400 gigabits per second. That's full decrypt, which means a consistent rate. So, it can decrypt packets and store over 4,000 metrics from these packets. It's an invaluable tool.
What other advice do I have?
I would say absolutely go for it. It's a well-rounded product. The company is nimble enough to be able to implement change.
I would rate it a nine out of ten because there is always room for improvement.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-07-18T00:00:00-04:00