BlogBack in February, a few days after launching the first release of ExtraHop Reveal(x), we were invited to participate in EMA's new research study on security analytics. The 16-page questionnaire dug into our analytics models, technical resources, patent counts, pricing, deployment variables – many different parts of the adoption equation.
Despite being evaluated on our very first dedicated security release, we are incredibly proud to have ExtraHop Reveal(x) chosen as both a Value Leader and the Vendor to Watch:
"Reveal(x) exhibited strong functionality due to its impressive feature differentiation, out-of-box reporting, and high-performance sustained data capture and processing (which was the highest of all competitors in this analysis).
"Though it worked in the networking analytics for IT Ops business for over ten years, in the last year ExtraHop focused on delivering security-intensive analytics. Its analytics history served as a solid foundation for its foray into security operations, launching it with an unprecedented jump into the Value Leaders corner of the Radar. This is unusual for a first release solution that competes with others that have been operating in the space for much longer. The lack of legacy architectures to deal with, solution development agility, and solid growth revenue give ExtraHop a great foundation to expand development to not only catch, but potentially exceed, the older competitors. This makes them a Vendor to Watch."
We were able to be included because Reveal(x) shipped on January 30, the last day for consideration. Since then, two more releases have expanded our capabilities, from compelling UI to threat intelligence to risk scoring, plus the industry's most advanced and innovative support for TLS 1.3 decryption in real time. Learn more about the latest release here.
Analytics are difficult to assess in the abstract amidst all the marketing noise, and the report provides a useful checklist for building your shortlist. Next, it's up to you to build an effective proof of concept. In our experience, the test for fitness will include:
- The genuine insights found in your production data (be leery of synthetic test traffic that won't evaluate real users, emerging threats, or production volumes – vendors know how to optimize for lab tests)
- How complete is the data you can explore? Are you seeing all the applications you use, all the users, devices, and servers on your network? Or are there still darkspaces?
- How responsive and searchable are the insights? Within seconds? How well does the UI encourage and guide effective triage, scoping, and root cause investigation?
- What is your normal traffic load, and what is the tool's capacity? What does it do if traffic exceeds capacity?
Network traffic analytics is coalescing as a market category, and it's one that ExtraHop is committed to helping define and make meaningful for security operations teams. Unlike many vendors, ExtraHop has been supporting enterprise expectations for many years. We understand the balance of features and productivity, and the need to avoid disruption as needs and threats change. Please use our new POC guide to structure your evaluation for rigorous and real-world assessment including concepts like this.
To read the report, click here: EMA: Network-based Security Analytics Market Takes Off
