How it works
Overview
RevealX is an agentless network intelligence platform that offers multiple solutions, modules, services, and deployment models to deliver value across many security and performance use cases.
Core product modules are available for Network Detection and Response (NDR) and Network Performance Monitoring (NPM), with add-on modules for Intrusion Detection Systems (IDS) and Packet Forensics.
The RevealX platform also offers an extensive feature set across all modules and solutions that enable teams to operationalize network data to their benefit.
Collecting Data
Stream Processing
RevealX sensors passively ingest traffic at up to 100 gigabits per second (Gbps), and then automatically transform and reassemble the unstructured packets into structured wire data and transaction streams.
Sensors collect multiple 'depths' of network data. These include endpoint interactions over time; raw data transferred between endpoints; and transaction, message, and network flows, among others.
RevealX is capable of parsing network data from more than 90 protocol languages and counting, including TLS/SSL 1.3, SMB3, and MSRPC.
RevealX can selectively decrypt network traffic at up to 100 Gbps, providing real-time insights into every transaction on the network. Decryption is performed 'out-of-band' to avoid added latency and security risk.
Users have the option to store data for later analysis, long-term retention, and forensic evidence. Multiple storage services and configurations are available to meet differing preferences or statutory requirements.
Autodiscovery & Grouping
In addition to passively observing traffic on the network, RevealX automatically collects information about that traffic, enabling an "analysis first" approach that helps reduce mean time to response/remediation (MTTR).
The RevealX platform provides an automatic, continuous inventory of every asset communicating on the network, including devices, active users, and applications, along with information about those assets.
Assets on the network are automatically tagged with attributes such as locality, software installed, protocol used, and more. Assets can be grouped together for further tracking and analysis.
Analysis & Visualization
RevealX leverages cloud-scale artificial intelligence and machine learning to deliver real-time threat detection and network performance analytics, and can automatically gather and contextualize related information.
RevealX uses a combination of rule-based alerts, behavioral analysis, peer group analysis, and deep learning to uncover hidden threats and unknown performance issues. This combination of approaches provides more holistic coverage than any single method alone.
Activity maps provide a dynamic view of communications on the network, both in real time and for specific time intervals. These 2D and 3D visualizations help users better understand traffic flows, chains of attack, and relationships between devices.
Enrichment & Correlation
RevealX has multiple options for ingesting additional intelligence into the platform or sharing network telemetry and IOCs with other solutions. Users are able to further enrich RevealX detections and pull in critical context where analysts need it most.
Curated threat collections from ExtraHop and CrowdStrike Falcon are provided off-the-shelf, which provide enhanced detection capabilities and contextual enrichment. Users can also upload custom collections from free and commercial sources in the security community using STIX format.
Native integrations and a publicly-documented API make it simple for users to share network telemetry with other tools, like SIEM/SOAR, EDR/XDR, and more. Automate administration or configuration tasks within RevealX, or share metrics, packets, and detections with other solutions.
Respond & Remediate