Machine Learning

Advanced Behavioral Analytics Guided on Wire Data

The Richest, Most Powerful Data

Machine learning is only as powerful as the data you give it. ExtraHop processes over 1 PB of wire data per day, training our ML on the most objective and comprehensive source of raw network data available.

Our platform selectively guides machine learning models on more than 4,700 wire data metrics, allowing for unmatched breadth, accuracy, and focus in behavioral analytics.

Machine Learning Laptop

Advanced Machine Learning Algorithms

ExtraHop puts a wide range of machine learning algorithms into play to give you powerful, full-context analytics with no manual configuration needed:

  • Unsupervised attack detection models leveraging proprietary time series analysis and outlier detection
  • Risk score estimation that combines domain expertise and customer base telemetry
  • Entity clustering, inference, and peer group outlier detection engines

We also use hundreds of proprietary machine learning models such as peer group anomaly detection to reduce false positives, network privilege escalation detection, and ransomware detection models that specialize in file access and manipulation patterns.

Machine Learning Diagram

Eight Categories of Detections

ExtraHop machine learning evaluates multiple protocols and hundreds of built-in metrics with custom logic.

With contextualized wire data metrics derived from L2 through L7 network traffic (including encrypted traffic) plus domain expertise in attack detection, unusual behavior, and risk analysis, ExtraHop is able to provide deeply reliable insights for cybersecurity and IT performance.

Authentication, authorization, and access control

Network file system

Network infrastructure


Email server

Web server

Remote access servers and methods

Internet Communications and Telephony

Secure, Scalable Intelligence

ExtraHop's architecture uses a unique combination of on-premises tech and cloud services to support the full machine-learning process while protecting the confidentiality, integrity, privacy, and anonymity of customer data and activities.

While our machine learning service is based in AWS in order to scale effortlessly with your enterprise, only de-identified metadata is sent to the cloud. Data categories containing potentially sensitive information such as payloads, filenames, or strings will remain on your premises, and we obtain SOC 2, Type 1 compliance certification for our machine learning service every year.