Sign In
How it works
RevealX Platform Capabilities
See the functionality that powers the RevealX platform, and learn how it transforms network data into actionable insights.
Overview
Learn How RevealX Works
RevealX is an agentless network intelligence platform that offers multiple solutions, modules, services, and deployment models to deliver value across many security and performance use cases.
Core product modules are available for Network Detection and Response (NDR) and Network Performance Monitoring (NPM), with add-on modules for Intrusion Detection Systems (IDS) and Packet Forensics.
The RevealX platform also offers an extensive feature set across all modules and solutions that enable teams to operationalize network data to their benefit.
Collecting Data
Deep Visibility for Any Network Architecture
Traffic Mirroring
RevealX can ingest on-premise, hybrid, and multicloud network data directly via network- and host-based traffic mirroring.
- Network Based: SPAN, RSPAN, ERSPAN are supported for capturing traffic from multiple hosts at the network level.
- Host Based: The platform also supports packet forwarding, or software taps, for additional flexibility when working with networking architectures.
Sensor Form Factors
RevealX sensors passively collect mirrored network traffic. Multiple sensors can be connected to a single RevealX console for centralized management of the environment. Users have the option to connect sensors to storage devices for further analysis and long-term retention.
- Physical: A packet sensor can be installed on a physical network switch, available in multiple size and throughput configurations.
- Virtual: Virtual sensors and flow collectors are available for on-premises environments and cloud architectures, including those from AWS, Azure, and Google Cloud.
Stream Processing
Real-Time Insights at up to 100 Gbps
RevealX sensors passively ingest traffic at up to 100 gigabits per second (Gbps), and then automatically transform and reassemble the unstructured packets into structured wire data and transaction streams.
Levels of Analysis
Sensors collect multiple 'depths' of network data. These include endpoint interactions over time; raw data transferred between endpoints; and transaction, message, and network flows, among others.
Protocol Fluency
RevealX is capable of parsing network data from more than 90 protocol languages and counting, including TLS/SSL 1.3, SMB3, and MSRPC.
Advanced Decryption
RevealX can selectively decrypt network traffic at up to 100 Gbps, providing real-time insights into every transaction on the network. Decryption is performed 'out-of-band' to avoid added latency and security risk.
Storage and Forensics
Users have the option to store data for later analysis, long-term retention, and forensic evidence. Multiple storage services and configurations are available to meet differing preferences or statutory requirements.
Autodiscovery & Grouping
Analysis-First Approach for Reducing MTTR
In addition to passively observing traffic on the network, RevealX automatically collects information about that traffic, enabling an "analysis first" approach that helps reduce mean time to response/remediation (MTTR).
Asset Autodiscovery
The RevealX platform provides an automatic, continuous inventory of every asset communicating on the network, including devices, active users, and applications, along with information about those assets.
Activity Groups
Assets on the network are automatically tagged with attributes such as locality, software installed, protocol used, and more. Assets can be grouped together for further tracking and analysis.
Analysis & Visualization
See Everything, Risk Nothing
RevealX makes it easy to parse an immense amount of network information and quickly derive meaningful insights.
AI/ML Assisted Analysis
RevealX leverages cloud-scale artificial intelligence and machine learning to deliver real-time threat detection and network performance analytics, and can automatically gather and contextualize related information.
Alerts and Detections
RevealX uses a combination of rule-based alerts, behavioral analysis, peer group analysis, and deep learning to uncover hidden threats and unknown performance issues. This combination of approaches provides more holistic coverage than any single method alone.
Visualization and Mapping
Activity maps provide a dynamic view of communications on the network, both in real time and for specific time intervals. These 2D and 3D visualizations help users better understand traffic flows, chains of attack, and relationships between devices.
Enrichment & Correlation
Smarter Network Intelligence
RevealX has multiple options for ingesting additional intelligence into the platform or sharing network telemetry and IOCs with other solutions. Users are able to further enrich RevealX detections and pull in critical context where analysts need it most.
Enriching Data in RevealX
Curated threat collections from ExtraHop and CrowdStrike Falcon are provided off-the-shelf, which provide enhanced detection capabilities and contextual enrichment. Users can also upload custom collections from free and commercial sources in the security community using STIX format.
Informing Other Solutions
Native integrations and a publicly-documented API make it simple for users to share network telemetry with other tools, like SIEM/SOAR, EDR/XDR, and more. Automate administration or configuration tasks within RevealX, or share metrics, packets, and detections with other solutions.
Respond & Remediate
Up to 87% Faster Resolution
ExtraHop provides full context and one-click investigation workflows for every detection, allowing users to pivot from contextualized insights to forensic-level evidence in seconds—so tier 1 analysts can perform like tier 3 experts.
Native integrations and a publicly-documented API allows users to incorporate RevealX into workflows for response playbooks, ticketing, logging and retention, packet analysis, and more.
