Platform
Solutions
Modern NDR
Resources
Company

ExtraHop’s Modern NDR Platform

Network Detection & Response

Network Performance Monitoring

Modules

Intrusion Detection

Packet Forensics

Modern NDR

Modern NDR is critical to securing today’s modern infrastructure.

Key Use Cases

Threat Detection & Response Threat Hunting SOC Modernization Incident Response & Investigation Performance Monitoring

View All Use Cases

Industries

Education Defense and Intelligence Financial Services Healthcare Public Sector Retail

View All Industries

Integrations

Cloud Service Provider EDR SASE SIEM SOAR Ticketing

View All Integrations

CrowdStrike & ExtraHop

CrowdStrike & ExtraHop

Team up to modernize your SOC and maximize protection

Professional Services

Partners

Partner Login

Partner Finder

ABOUT US

Our Story

Leadership

Industry Recognition

Careers

Blog

Newsroom

Events

In-Person Events

Virtual Events

Leadership Team

Leadership Team

Get to know ExtraHop's Executive Leadership and Board of Directors

Black Hat 2025 - Las Vegas

Black Hat 2025 - Las Vegas

August 2 - 7, 2025 Mandalay Bay, Las Vegas

Platform
Solutions
Modern NDR
Resources
Company

Platform

ExtraHop’s Modern NDR Platform

Network Detection & Response

Network Performance Monitoring

Modules

Intrusion Detection

Packet Forensics

Modern NDR

Modern NDR is critical to securing today’s modern infrastructure.

Solutions

Key Use Cases

Threat Detection & Response Threat Hunting SOC Modernization Incident Response & Investigation Performance Monitoring

View All Use Cases

Industries

Education Defense and Intelligence Financial Services Healthcare Public Sector Retail

View All Industries

Integrations

Cloud Service Provider EDR SASE SIEM SOAR Ticketing

View All Integrations

CrowdStrike & ExtraHop

Team up to modernize your SOC and maximize protection

Professional Services

Partners

Partner Login

Partner Finder

Modern NDR

Resources

Company

ABOUT US

Our Story

Leadership

Industry Recognition

Careers

Blog

Newsroom

Events

In-Person Events

Virtual Events

Leadership Team

Get to know ExtraHop's Executive Leadership and Board of Directors

Black Hat 2025 - Las Vegas

August 2 - 7, 2025 Mandalay Bay, Las Vegas

Back to the top

Products

Network Detection and Response
RevealX™ NDR
Network Performance Monitoring
RevealX™ NPM
RevealX™ Platform

Company

About Us
Leadership
Careers
Blog
Newsroom

Products

Network Detection and Response
RevealX™ NDR
Network Performance Monitoring
RevealX™ NPM
RevealX™ Platform

Company

About Us
Leadership
Careers
Blog
Newsroom

© 2025 ExtraHop Networks, Inc.

Terms of Use

Trust Center

Privacy Notice

Do Not Sell My Personal Information

Vulnerability Disclosure

Customer Story

Health Services Provider Thwarts Ransomware Attack with RevealX

A leading health services provider

Download customer story

Rapidly isolated the source of malicious code in an ongoing ransomware attack

Created alerts on the file extension to rapidly detect and prevent future attacks

The Challenge Why RevealX The Outcome

Schedule a Demo

The CHALLENGE

An employee reported performance issues on his client machine. Upon investigation, the IT department discovered these issues were symptoms of an ongoing ransomware attack.

Today's threat actors are taking advantage of vast attack surfaces that extend across every endpoint, from the branch office to the datacenter or the cloud, and too often they operate unnoticed. At ExtraHop we've spent years developing technology that can analyze the entire network in real time—every critical asset and every transaction—so that there are no blind spots.

Jesse Rothstein Co-Founder, ExtraHop

The Technology Environment

Vital network-attached storage (NAS) resources that malicious actors were attempting to access and encrypt as part of a ransomware attack.

WHY REVEALX

Why the Health Services Provider Chose RevealX

Real-time insight from the network to the machine

Using ExtraHop to monitor and analyze east-west traffic, the IT team was able to monitor the client machine and watch, in real-time, each file that the ransomware was reading before quickly isolating impacted assets and stopping the attack from progressing.

The organization was already using RevealX for network performance monitoring

The Outcome

Stopping Ransomware in Its Tracks

Smarter investigations uncover root cause

Using the look-back functionality in the ExtraHop Discover appliance, the security team was able to investigate the employee's activity on his machine, determining that the ransomware came not from a PDF or executable file the user had intentionally downloaded, but from a URI on which the employee had clicked.

Security inside the perimeter

Real-time insight into east-west traffic empowers IT and security to detect and track anomalous behavior—like unusual NAS activity—through the entire application delivery chain so they can stop potential breaches in their tracks.

Proactive quarantine and alerting

Using the ExtraHop ransomware bundle, the organization's information security team identified that the malicious file had an unexpected extension and searched for it across the entire infrastructure. This allowed them to quickly identify and isolate compromised systems, as well as create alerts for instances of that file extension moving forward.

Keep exploring

Business Initiatives

All customer stories

Is RevealX right for you?

Schedule a demo Contact us

Products

What will your story be?

Security

Network Detection & Response (NDR)

RevealX NDR

Use the power of network visibility and AI for real-time detection, rapid investigation, and intelligent response for any threat.

Product overview

View capabilities

Performance

Network Performance Monitoring (NPM)

RevealX NPM

Use network data and machine learning to identify network and application performance issues and expedite time to response.

Product overview

View capabilities