ExtraHop Cloud-Scale Machine Learning delivers enormously scalable insights with global coverage across your network boundaries, minimal impact on performance, and no manual configuration or model updating. ExtraHop processes over 1 PB of wire data per day, training our ML on the most objective and comprehensive data source available.
ExtraHop puts a wide range of machine learning algorithms into play to give you powerful, full-context analytics with no manual configuration needed:
Unsupervised attack detection models leveraging proprietary time series analysis and outlier detection
Risk score estimation that combines domain expertise and customer base telemetry
Entity clustering, inference, and peer group outlier detection engines
We also use hundreds of proprietary machine learning models such as peer group anomaly detection to reduce false positives, network privilege escalation detection, and ransomware detection models that specialize in file access and manipulation patterns.
Eight Categories of Detections
ExtraHop machine learning evaluates multiple protocols and hundreds of built-in metrics with custom logic.
With contextualized wire data metrics derived from L2 through L7 network traffic (including encrypted traffic) plus domain expertise in attack detection, unusual behavior, and risk analysis, ExtraHop is able to provide deeply reliable insights for cybersecurity and IT performance.
Authentication, authorization, and access control
Network file system
Remote access servers and methods
Internet Communications and Telephony
Secure, Scalable Intelligence
ExtraHop's architecture uses a unique combination of on-premises tech and cloud services to support the full machine-learning process while protecting the confidentiality, integrity, privacy, and anonymity of customer data and activities.
While our machine learning service is based in ExtraHop's cloud in order to scale effortlessly with your enterprise, only de-identified metadata is sent to the cloud. Data categories containing potentially sensitive information such as payloads, filenames, or strings will remain on your premises, and we obtain SOC 2, Type 1 compliance certification for our machine learning service every year.