How it Works

Broad Visibility, Deep Analysis with RevealX

Transform network monitoring into decisive action that reduces risk and accelerates response.

Gartner® named ExtraHop a leader in network detection and response.

Read Why

FAQs

Overview

Learn How RevealX Works

RevealX leverages the network as the ultimate source of truth. You get broad visibility across all assets—from on-premises to cloud and unmanaged devices. By decrypting and decoding protocols, RevealX delivers the deep analysis you need to reveal and respond to cyber risk and ensure uninterrupted network operations.

ExtraHop consolidates NDR, NPM, IDS, and network forensics into a single, powerful platform. Our passive sensors, deployed on-prem and in the cloud, deliver context-rich, network-driven insights. With turnkey integrations into your existing security stack, you can maximize ROI and operationalize the intelligence of your network across your security and operations teams.

COLLECTING DATA

Traffic Monitoring Across On-Prem, Cloud, and Multi-Cloud Networks

Packets Go In, Visibility Comes Out

RevealX sensors receive network packets via port mirroring, physical and virtual network taps, SPANs, and aggregation switches. Sensors are not in-line like a firewall, and cannot bring the network down.

packet visibility on web, file and database servers going into a RevealX sensor graphic

Image of the physical and virtual ExtraHop sensors

Sensor Form Factors

RevealX sensors come in a variety of virtual and physical form factors to best fit that cloud or physical network, from virtual sensors for AWS, Azure, and GCP to physical sensors designed for full 100 Gbps line rate high-speed networks.

STREAM PROCESSING

Real-Time Insights at up to 100 Gbps

RevealX sensors passively ingest traffic at up to 100 Gbps, then decode that raw traffic into discreet applications and transactions. The raw traffic transforms into structured, lightweight records—which the RevealX platform analyzes.

Autodiscovery and Analysis

We see it all: Our sensors automatically discover and profile every device, user, and application, analyzing over 5,000 metrics to detect threats and reduce risk.

Autodiscovery & PROFILING

Faster Investigations, Reduced MTTR

RevealX continuously discovers and profiles devices communicating on the network, collecting over 5,000 metrics about your endpoints, servers, identities, services, and more. Combining this context-rich data with AI-powered anomaly detection and natural language search gives your team concrete answers—in much less time.

Asset Autodiscovery

RevealX provides automatic and continuous inventory of every asset communicating on your network. Devices profiles built over time rapidly identify changes, risks, and anomalies that help you investigate faster.

Image of devices by role in the ExtraHop Platform

Image of device groups in the RevealX platform

Aligning Devices to Your Business

RevealX leverages static and dynamic Device Groups—which allow you to group devices according to their business function or role. RevealX will then watch over those C-level devices, critical locations, VIP user identities, and high-risk employees for you.

Analysis & Visualization

Less Risk, Faster Answers

From weak cipher suites and out-of-date certs to unsanctioned AI and suspicious RMM tools—RevealX will point out the risks and weaknesses across all your on-prem and cloud networks.

AI-Assisted Analysis

Put your network data to work for you! RevealX collects over 5,000 metrics about all the devices and conversations across your networks. ML models use that data to baseline performance and behaviors, which are then used to spot anomalies, unexpected changes, and risks.

Integration & Correlation

Uplevel Your Entire Stack

You can consolidate many tools with RevealX: IDS, network monitoring, NDR, ITDR. But it doesn’t replace ALL tools. So it was designed to combine with key tools like EDR, SIEM, SOAR, SASE and automate workflows across tools—making them all more effective.

A Force Multiplier for Your Team

RevealX has a natural language UI and extensive tunability options, helping every member of your team to reduce noise and focus on the data that counts.

Image of example workflows in the UI interface

Automate Workflows for Faster Results

RevealX supports automating many of the steps in an investigation. Combine packaged automations with vendors like CrowdStrike and Splunk, or build your own. RevealX makes it easy to get the answers out and into other tools.

Featured Resources

Want to learn more about what RevealX can do for you?

VIDEO

Online Demo

See how RevealX can solve your specific challenges.

Learn more

REPORT

Gartner MQ for Network Detection and Response

See why ExtraHop was named a leader in Gartner’s Magic Quadrant for NDR.

Learn more

WHITE PAPER

The Buyer’s Guide for Network Detection and Response

Better understand the market, the choices, and outcomes you should expect.

Learn more

Stop Lateral Movement Fast—Start Now

Try ExtraHop

NEW

ExtraHop named a Leader in the 2025 Forrester Wave™: Network Analysis And Visibility Solutions

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Broad Visibility, Deep Analysis with RevealX

Transform network monitoring into decisive action that reduces risk and accelerates response.

Gartner® named ExtraHop a leader in network detection and response.

Learn How RevealX Works

Traffic Monitoring Across On-Prem, Cloud, and Multi-Cloud Networks

Packets Go In, Visibility Comes Out

RevealX sensors receive network packets via port mirroring, physical and virtual network taps, SPANs, and aggregation switches. Sensors are not in-line like a firewall, and cannot bring the network down.

Sensor Form Factors

RevealX sensors come in a variety of virtual and physical form factors to best fit that cloud or physical network, from virtual sensors for AWS, Azure, and GCP to physical sensors designed for full 100 Gbps line rate high-speed networks.

Real-Time Insights at up to 100 Gbps

RevealX sensors passively ingest traffic at up to 100 Gbps, then decode that raw traffic into discreet applications and transactions. The raw traffic transforms into structured, lightweight records—which the RevealX platform analyzes.

Autodiscovery and Analysis

Faster Investigations, Reduced MTTR

Asset Autodiscovery

RevealX provides automatic and continuous inventory of every asset communicating on your network. Devices profiles built over time rapidly identify changes, risks, and anomalies that help you investigate faster.

Aligning Devices to Your Business

RevealX leverages static and dynamic Device Groups—which allow you to group devices according to their business function or role. RevealX will then watch over those C-level devices, critical locations, VIP user identities, and high-risk employees for you.

Less Risk, Faster Answers

From weak cipher suites and out-of-date certs to unsanctioned AI and suspicious RMM tools—RevealX will point out the risks and weaknesses across all your on-prem and cloud networks.

AI-Assisted Analysis

Uplevel Your Entire Stack

You can consolidate many tools with RevealX: IDS, network monitoring, NDR, ITDR. But it doesn’t replace ALL tools. So it was designed to combine with key tools like EDR, SIEM, SOAR, SASE and automate workflows across tools—making them all more effective.

A Force Multiplier for Your Team

RevealX has a natural language UI and extensive tunability options, helping every member of your team to reduce noise and focus on the data that counts.

Automate Workflows for Faster Results

RevealX supports automating many of the steps in an investigation. Combine packaged automations with vendors like CrowdStrike and Splunk, or build your own. RevealX makes it easy to get the answers out and into other tools.

Featured Resources

Want to learn more about what RevealX can do for you?

Online Demo

Learn more

Gartner MQ for Network Detection and Response

Learn more

The Buyer’s Guide for Network Detection and Response

Learn more

Stop Lateral Movement Fast—Start Now

Learn How RevealX Works

Traffic Monitoring Across On-Prem, Cloud, and Multi-Cloud Networks

Packets Go In, Visibility Comes Out

RevealX sensors receive network packets via port mirroring, physical and virtual network taps, SPANs, and aggregation switches. Sensors are not in-line like a firewall, and cannot bring the network down.

Sensor Form Factors

RevealX sensors come in a variety of virtual and physical form factors to best fit that cloud or physical network, from virtual sensors for AWS, Azure, and GCP to physical sensors designed for full 100 Gbps line rate high-speed networks.

Real-Time Insights at up to 100 Gbps

RevealX sensors passively ingest traffic at up to 100 Gbps, then decode that raw traffic into discreet applications and transactions. The raw traffic transforms into structured, lightweight records—which the RevealX platform analyzes.

Autodiscovery and Analysis

Faster Investigations, Reduced MTTR

Asset Autodiscovery

RevealX provides automatic and continuous inventory of every asset communicating on your network. Devices profiles built over time rapidly identify changes, risks, and anomalies that help you investigate faster.

Aligning Devices to Your Business

RevealX leverages static and dynamic Device Groups—which allow you to group devices according to their business function or role. RevealX will then watch over those C-level devices, critical locations, VIP user identities, and high-risk employees for you.

Less Risk, Faster Answers

From weak cipher suites and out-of-date certs to unsanctioned AI and suspicious RMM tools—RevealX will point out the risks and weaknesses across all your on-prem and cloud networks.

AI-Assisted Analysis

Uplevel Your Entire Stack

You can consolidate many tools with RevealX: IDS, network monitoring, NDR, ITDR. But it doesn’t replace ALL tools. So it was designed to combine with key tools like EDR, SIEM, SOAR, SASE and automate workflows across tools—making them all more effective.

A Force Multiplier for Your Team

RevealX has a natural language UI and extensive tunability options, helping every member of your team to reduce noise and focus on the data that counts.

Automate Workflows for Faster Results

RevealX supports automating many of the steps in an investigation. Combine packaged automations with vendors like CrowdStrike and Splunk, or build your own. RevealX makes it easy to get the answers out and into other tools.

Featured Resources

Want to learn more about what RevealX can do for you?

Online Demo

Learn more

Gartner MQ for Network Detection and Response

Learn more

The Buyer’s Guide for Network Detection and Response

Learn more

Stop Lateral Movement Fast—Start Now