RevealX Platform Capabilities

RevealX is an agentless network intelligence platform that offers multiple solutions, modules, services, and deployment models to deliver value across many security and performance use cases.

Core product modules are available for Network Detection and Response (NDR) and Network Performance Monitoring (NPM), with add-on modules for Intrusion Detection Systems (IDS) and Packet Forensics.

• Network Based: SPAN, RSPAN, ERSPAN are supported for capturing traffic from multiple hosts at the network level.
  
  
• Host Based: The platform also supports packet forwarding, or software taps, for additional flexibility when working with networking architectures.

• Physical: A packet sensor can be installed on a physical network switch, available in multiple size and throughput configurations.
  
  
• Virtual: Virtual sensors and flow collectors are available for on-premises environments and cloud architectures, including those from AWS, Azure, and Google Cloud.

RevealX sensors passively ingest traffic at up to 100 gigabits per second (Gbps), and then automatically transform and reassemble the unstructured packets into structured wire data and transaction streams.

Sensors collect multiple 'depths' of network data. These include endpoint interactions over time; raw data transferred between endpoints; and transaction, message, and network flows, among others.

RevealX is capable of parsing network data from more than 90 protocol languages and counting, including TLS/SSL 1.3, SMB3, and MSRPC.

RevealX can selectively decrypt network traffic at up to 100 Gbps, providing real-time insights into every transaction on the network. Decryption is performed 'out-of-band' to avoid added latency and security risk.

Users have the option to store data for later analysis, long-term retention, and forensic evidence. Multiple storage services and configurations are available to meet differing preferences or statutory requirements.

In addition to passively observing traffic on the network, RevealX automatically collects information about that traffic, enabling an "analysis first" approach that helps reduce mean time to response/remediation (MTTR).

The RevealX platform provides an automatic, continuous inventory of every asset communicating on the network, including devices, active users, and applications, along with information about those assets.

Assets on the network are automatically tagged with attributes such as locality, software installed, protocol used, and more. Assets can be grouped together for further tracking and analysis.

RevealX leverages cloud-scale artificial intelligence and machine learning to deliver real-time threat detection and network performance analytics, and can automatically gather and contextualize related information.

RevealX uses a combination of rule-based alerts, behavioral analysis, peer group analysis, and deep learning to uncover hidden threats and unknown performance issues. This combination of approaches provides more holistic coverage than any single method alone.

Activity maps provide a dynamic view of communications on the network, both in real time and for specific time intervals. These 2D and 3D visualizations help users better understand traffic flows, chains of attack, and relationships between devices.

RevealX has multiple options for ingesting additional intelligence into the platform or sharing network telemetry and IOCs with other solutions. Users are able to further enrich RevealX detections and pull in critical context where analysts need it most.

Curated threat collections from ExtraHop and CrowdStrike Falcon are provided off-the-shelf, which provide enhanced detection capabilities and contextual enrichment. Users can also upload custom collections from free and commercial sources in the security community using STIX format.

Native integrations and a publicly-documented API make it simple for users to share network telemetry with other tools, like SIEM/SOAR, EDR/XDR, and more. Automate administration or configuration tasks within RevealX, or share metrics, packets, and detections with other solutions.

ExtraHop provides full context and one-click investigation workflows for every detection, allowing users to pivot from contextualized insights to forensic-level evidence in seconds—so tier 1 analysts can perform like tier 3 experts.

Native integrations and a publicly-documented API allows users to incorporate RevealX into workflows for response playbooks, ticketing, logging and retention, packet analysis, and more.