2024 Global Cyber Confidence Index

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right


An employee reported performance issues on his client machine. Upon investigation, the IT department discovered these issues were symptoms of an ongoing ransomware attack.

Today's threat actors are taking advantage of vast attack surfaces that extend across every endpoint, from the branch office to the datacenter or the cloud, and too often they operate unnoticed. At ExtraHop we've spent years developing technology that can analyze the entire network in real time—every critical asset and every transaction—so that there are no blind spots.

Jesse Rothstein Co-Founder, ExtraHop

The Technology Environment

  • Vital network-attached storage (NAS) resources that malicious actors were attempting to access and encrypt as part of a ransomware attack.


Why the Health Services Provider Chose RevealX

Real-time insight from the network to the machine

  • Using ExtraHop to monitor and analyze east-west traffic, the IT team was able to monitor the client machine and watch, in real-time, each file that the ransomware was reading before quickly isolating impacted assets and stopping the attack from progressing.

The organization was already using RevealX for network performance monitoring

The Outcome

Stopping Ransomware in Its Tracks

Smarter investigations uncover root cause

  • Using the look-back functionality in the ExtraHop Discover appliance, the security team was able to investigate the employee's activity on his machine, determining that the ransomware came not from a PDF or executable file the user had intentionally downloaded, but from a URI on which the employee had clicked.

Security inside the perimeter

  • Real-time insight into east-west traffic empowers IT and security to detect and track anomalous behavior—like unusual NAS activity—through the entire application delivery chain so they can stop potential breaches in their tracks.

Proactive quarantine and alerting

  • Using the ExtraHop ransomware bundle, the organization's information security team identified that the malicious file had an unexpected extension and searched for it across the entire infrastructure. This allowed them to quickly identify and isolate compromised systems, as well as create alerts for instances of that file extension moving forward.

Is RevealX right for you?


What will your story be?

Security badge


Network Detection & Response (NDR)

RevealX NDR

Use the power of network visibility and AI for real-time detection, rapid investigation, and intelligent response for any threat.

Product overview
Security badge


Network Performance Monitoring (NPM)

RevealX NPM

Use network data and machine learning to identify network and application performance issues and expedite time to response.

Product overview