How it Works
Broad Visibility, Deep Analysis with RevealX
Transform network monitoring into decisive action that reduces risk and accelerates response.
Gartner® named ExtraHop a leader in network detection and response.
Overview
Learn How RevealX Works

RevealX leverages the network as the ultimate source of truth. You get broad visibility across all assets—from on-premises to cloud and unmanaged devices. By decrypting and decoding protocols, RevealX delivers the deep analysis you need to reveal and respond to cyber risk and ensure uninterrupted network operations.
ExtraHop consolidates NDR, NPM, IDS, and network forensics into a single, powerful platform. Our passive sensors, deployed on-prem and in the cloud, deliver context-rich, network-driven insights. With turnkey integrations into your existing security stack, you can maximize ROI and operationalize the intelligence of your network across your security and operations teams.
COLLECTING DATA
Traffic Monitoring Across On-Prem, Cloud, and Multi-Cloud Networks
Packets Go In, Visibility Comes Out
RevealX sensors receive network packets via port mirroring, physical and virtual network taps, SPANs, and aggregation switches. Sensors are not in-line like a firewall, and cannot bring the network down.


Sensor Form Factors
RevealX sensors come in a variety of virtual and physical form factors to best fit that cloud or physical network, from virtual sensors for AWS, Azure, and GCP to physical sensors designed for full 100 Gbps line rate high-speed networks.
STREAM PROCESSING
Real-Time Insights at up to 100 Gbps
RevealX sensors passively ingest traffic at up to 100 Gbps, then decode that raw traffic into discreet applications and transactions. The raw traffic transforms into structured, lightweight records—which the RevealX platform analyzes.
Autodiscovery & PROFILING
Faster Investigations, Reduced MTTR
RevealX continuously discovers and profiles devices communicating on the network, collecting over 5,000 metrics about your endpoints, servers, identities, services, and more. Combining this context-rich data with AI-powered anomaly detection and natural language search gives your team concrete answers—in much less time.
Asset Autodiscovery
RevealX provides automatic and continuous inventory of every asset communicating on your network. Devices profiles built over time rapidly identify changes, risks, and anomalies that help you investigate faster.


Aligning Devices to Your Business
RevealX leverages static and dynamic Device Groups—which allow you to group devices according to their business function or role. RevealX will then watch over those C-level devices, critical locations, VIP user identities, and high-risk employees for you.
Analysis & Visualization
Less Risk, Faster Answers
From weak cipher suites and out-of-date certs to unsanctioned AI and suspicious RMM tools—RevealX will point out the risks and weaknesses across all your on-prem and cloud networks.
Integration & Correlation
Uplevel Your Entire Stack
You can consolidate many tools with RevealX: IDS, network monitoring, NDR, ITDR. But it doesn’t replace ALL tools. So it was designed to combine with key tools like EDR, SIEM, SOAR, SASE and automate workflows across tools—making them all more effective.
A Force Multiplier for Your Team
RevealX has a natural language UI and extensive tunability options, helping every member of your team to reduce noise and focus on the data that counts.












