Quick tech specs
- Eliminate blind spots with complete coverage which provides continuous visibility across all devices and workloads
- Respond 84% faster. Integrated response automation to immediately act on threats
- Packaged Appliance
- Detect threats other tools miss by leveraging cloud-scale ML,behavioral analysis,and threat intelligence dervived from petabytes of data per day
- Respond 84% faster. Integrated response automation to immediately act on threats
Know your gear
ExtraHop Reveal(x) Enterprise is the industry leader in network detection and response (NDR), providing complete east-west visibility, real-time threat detection inside the perimeter, and intelligent response at scale. Please contact your ExtraHop channel sales partner or an authorized ExtraHop distribution partner for questions and configuration support.
Enhance your purchase
ExtraHop Reveal(x) Edition is rated 4.70 out of 5 by 6.
Rated 5 out of 5 by Jordan Swanson from It helps you visualize how data moves across your network What is our primary use case? Initially, we deployed Reveal as a standalone solution for network detection and response. It provided us with data and analytics on server-to-server enterprise networking. We used it to gain visibility into the amount of traffic and where it's going. For example, it will say that 28 gigs of data went to Google and break that down based on all the sites that have been visited. It also tells you about the authentication data and helps you visualize how data moves across your network. Based on that, you can adjust the routing tables to make things work a little more evenly. It will also help you identify specific types of malware and how it moves across devices, what protocols and ports it uses, etc. Unlike Crowdstrike, Reveal(x) doesn't require you to deploy sensors. CrowdStrike puts a sensor on the computer, so I know exactly how many devices are going through it. It's roughly 50,000. Those aren't people using it. Those are just devices that exist in the world. ExtraHop just looks at traffic, so each device connected to the network goes through it, and that's around 230,000 devices, and it's monitoring all the traffic to and from the internet. How has it helped my organization? We have a lot of other devices that do more analytics based on utilization instead of the actual configuration and management, but Reveal X gives us insight from a security standpoint into uptime, downtime, data aggregation, types of data, suspicious activity, etc. What is most valuable? Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server. It's a ton of data. CrowdStrike looks at anything that's on the machine and the network. Instead of having hard points on your network core switches with some antivirus on it or your firewall or rules at your internet service provider or things managing your cloud for access control, this lets you see actual traffic and it's a little bit more fluid in what you're allowed to see. What needs improvement? There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that For how long have I used the solution? I have been using Reveal X for a little less than a year. What do I think about the stability of the solution? Reveal(x)'s stability is excellent. What do I think about the scalability of the solution? Reveal(x) covers every bit of our network just fine. We started off small to see what it could do. It didn't matter. We opened up the floodgates, and it handled the traffic well. How was the initial setup? The console is a cloud product. There's also an on-prem server that collects and aggregates the data and sends it to your cloud instance. There's an appliance and a cloud console. Deployment and maintenance require only one person. What was our ROI? It picks up on real issues. It alerts you quickly, so you can clean them up. What's my experience with pricing, setup cost, and licensing? We get discounts because we're an educational institution, but I think this solution was $150,000 a year. That isn't terrible considering the amount of traffic we're pushing through it. We also need to pay for a separate license to integrate Reveal with CrowdStrike. I think there is a separate charge for hardware, too. What other advice do I have? I rate ExtraHop Reveal(x) 10 out of 10. This is more of a nice-to-have rather than a must-have solution. Something like a CrowdStrike or a next-gen AV is an essential product, whereas NDR is more of a nice-to-have thing. If you only have a little bit of traffic, you're probably not going to get anything out of it. It's better for a medium-to-large enterprise. It's more appropriate for companies wh a massfootprints or industrial applications using use nonstandard devices. It's helpful for things that use SCADA, the Internet of Things, somethingings that don't fit neatly into other management categories. Itty common for industrial, construction, or maintenance devices to be a little lackluster in their security. Major breaches like the Colonial Pipeline hack and attempted hacks on nuclear power plants all went through Internet of Things vulnerabilities and other devices where security wasn't part of their plan. This helps you cover yourself by monitoring the traffic. With something like CrowdStrike, you need to put the CrowdStrike sensor on it, but Reveal(x) looks at everything on the network. Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-09-18T00:00:00-04:00
Rated 5 out of 5 by Henry-Steinhauer from It enabled us to create dynamic triggers that allow us to inspect packet flow in real-time. What is our primary use case? We are a healthcare organization with more than 80 facilities, but I'm the only one who uses ExtraHop. When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment. We set up a number of traffic sources that are typically either ERSPANs or TAPs and place ExtraHop appliances at critical places within the network. That traffic is typically fed into a packet. We have four small devices designed to go into small data centers. We're continually rotating those around to different facilities to help identify issues. They have helped us to understand what's going on. The ExtraHop appliance enables you to do what an expert using Wireshark can do. However, it's all in the firmware, so you can do real-time analysis without the need to boil terabytes worth of data to find out what's happening. How has it helped my organization? We've been able to leverage the information to show other vendors we use that there are issues with the SaaS solution they provide to our EMR physicians. At the top of every hour, they were doing a data recovery operation in the event of an outage of some sort. That was preventing our physicians from using the application. It only lasted about five minutes, but the physicians had to stop working. Of course, when they called the support desk and finally reached a support person, the vendor insisted it was our problem, not theirs. This data helped to prove it was their problem. They eventually brought in some other consultants from the hardware vendor and corrected the issue. What is most valuable? ExtraHop enables us to create dynamic triggers that allow us to inspect packet flow in real-time. What needs improvement? They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot. For how long have I used the solution? We've been using ExtraHop for seven years, but the Reveal process has only been available for around three years. What do I think about the stability of the solution? They do routine updates of their firmware roughly every month, so they're continually adding more ability to decode and analyze the traffic flow. What do I think about the scalability of the solution? ExtraHop is highly scalable. However, you may exceed the capacity of a small device and need to upgrade to a larger one. The smaller devices have worked well for us, but you might need to upgrade to a newer one, so they've been aggressive on their pricing. How are customer service and support? I rate ExtraHop support nine out of 10. I've frequently worked with ExtraHop them, and they've always been excellent. Which solution did I use previously and why did I switch? We considered using Riverbed's analysis tools for this type of process, but it never panned out. It was always a problem to get into the right spot to grab the data we needed, but that was always challenging with their devices. How was the initial setup? Setting up ExtraHop is complex because we needed a nuanced understanding of the data flows into our data center. We need to know where things are coming into the environment versus where we thought they were entering. It's a complicated process of setting up the network taps and sending the data into a packet broker that forwards it to our ExtraHop device. The packet broker was required because we had so many different taps bringing data into the ExtraHop. ExtraHop only had four interfaces to receive data, yet we had 20 different taps that had been placed. Some of those taps required two interfaces each to absorb the data that was tapped. What about the implementation team? We did it all in-house. What was our ROI? ExtraHop has improved our service drastically. In that sense, it has saved us money because we can quickly identify problems. What's my experience with pricing, setup cost, and licensing? I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments. What other advice do I have? I rate ExtraHop Reveal(x) 12 out of 10. My advice to new users is to learn Wireshark first. You'll better understand what ExtraHop can do for you. Which deployment model are you using for this solution? On-premises Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-09-28T00:00:00-04:00
Rated 5 out of 5 by theJason from Saved the Day I've ExtraHop before and it has saved the day. Allowed for immediate investigation into a network problem I was investigating. Found out there was MTU mismatching issues with our new MPLS circuit. Without Extrahop this would of taken me hours or days.. found in 20 minutes!!
Date published: 2019-04-23T00:00:00-04:00
Rated 5 out of 5 by reviewer2283003 from An easy-to-use and intuitive solution that works out of the box when it comes to threat hunting What is our primary use case? I'm on the cybersecurity team. I do a lot of the blue threat-hunting and incident response. The things I deal with have nothing to do with network performance, but I handle the detections and things that ExtraHop Reveal(x) can pick up. What is most valuable? ExtraHop Reveal(x) is very easy to use and intuitive. ExtraHop Reveal(x) can pick up threats without any customization on the threat detection when none of my other tools can pick up. I've been told to make my other tools work how ExtraHop Reveal(x) works. I'm trying to get my SIEM to perform the way ExtraHop does out of the box. For example, we're starting to ingest our DNS logs to be able to pick up on something that's called DNS tunneling. ExtraHop picks it up in the middle of it. My SIEM, however, didn't have the log. So, I have to work with the server team. It's been two-plus months trying to get those logs up and running, but I am still not there yet. The other tool I have didn't tell me for almost 24 hours. ExtraHop was able to pick it up in the middle and detect there's DNS tunneling. ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting. What needs improvement? The solution?s pricing could be improved. For how long have I used the solution? How are customer service and support? The solution's technical support is great. Unlike other vendors that take more than two months to fix simple problems, ExtraHop's technical support team does actual troubleshooting over the phone. A lot of times, they fix it on the back end without any intervention from me. How was the initial setup? The solution's initial setup is easy. I rate ExtraHop Reveal(x) ten out of ten for the ease of its initial setup. What other advice do I have? Overall, I rate ExtraHop Reveal(x) ten out of ten. Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-10-05T00:00:00-04:00
Rated 5 out of 5 by reviewer2181960 from Has good stability but needs more integration with security solutions What is our primary use case? We use the solution for an advanced layer of security. It provides us with network visibility to identify types of attacks. What is most valuable? The solution's most valuable feature is network visibility for security purposes. What needs improvement? They should integrate the solution with more security vendors. For how long have I used the solution? We have been using the solution for six months. What do I think about the stability of the solution? It is a stable solution. What do I think about the scalability of the solution? We have three end users of the solution in our organization. How are customer service and support? We contacted the solution's technical support team for issues related to security layers. Which solution did I use previously and why did I switch? I have used LinkShadow before. It has good offloading features. How was the initial setup? The solution's initial setup process is easy. We have to scan the port and tune the configuration for deployment. It takes a week to complete the process. What about the implementation team? Our vendor helped us implement the solution. What other advice do I have? I advise others to ensure the solution covers all the use cases. I rate it as a seven. Which deployment model are you using for this solution? On-premises Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-05-13T00:00:00-04:00
Rated 5 out of 5 by Seksan Srisakorn from Stable and works well for sending sensors but is expensive What is our primary use case? Our company uses the solution to send sensors to the Reveal 360 cloud for customers. We have about 500 customers using the solution. What is most valuable? The solution works well for sending sensors. What needs improvement? The solution should include more support protocols. The solution should be less expensive. For how long have I used the solution? I have been using the solution for 18 months. What do I think about the stability of the solution? The stability is rated an eight out of ten. What do I think about the scalability of the solution? The scalability is rated an eight out of ten. How are customer service and support? The technical support is good and very fast. Support is rated an eight out of ten. How would you rate customer service and support? Positive How was the initial setup? The setup is straightforward. What about the implementation team? We implement the solution for customers and deployment takes two or three days. We use the app to send middle traffic from the network to the ExtraHop sensor. What's my experience with pricing, setup cost, and licensing? The solution is based on an annual subscription model and is expensive. Pricing is rated a five out of ten. What other advice do I have? If you want to implement the SOC, then you must use the ExtraHop for the SOC operating system. I recommend the solution and rate it a seven out of ten. Which deployment model are you using for this solution? On-premises Disclaimer: My company has a business relationship with this vendor other than being a customer:Reseller
Date published: 2023-02-05T00:00:00-05:00