Machine Learning for Network Analysis

Advanced Behavioral Analytics Guided on Wire Data

An Industry-Leading ML Architecture

ExtraHop Cloud-Scale Machine Learning delivers enormously scalable insights with global coverage across your network boundaries, minimal impact on performance, and no manual configuration or model updating. ExtraHop processes over 1 PB of wire data per day, training our ML on the most objective and comprehensive data source available.

Learn how Reveal(x) uses Cloud-Scale ML to power cloud-native network detection and response.

Machine Learning Laptop

Advanced Machine Learning Algorithms

ExtraHop puts a wide range of machine learning algorithms into play to give you powerful, full-context analytics with no manual configuration needed:

  • Unsupervised attack detection models leveraging proprietary time series analysis and outlier detection
  • Risk score estimation that combines domain expertise and customer base telemetry
  • Entity clustering, inference, and peer group outlier detection engines

We also use hundreds of proprietary machine learning models such as peer group anomaly detection to reduce false positives, network privilege escalation detection, and ransomware detection models that specialize in file access and manipulation patterns.

Machine Learning Diagram

Eight Categories of Detections

ExtraHop machine learning evaluates multiple protocols and hundreds of built-in metrics with custom logic.

With contextualized wire data metrics derived from L2 through L7 network traffic (including encrypted traffic) plus domain expertise in attack detection, unusual behavior, and risk analysis, ExtraHop is able to provide deeply reliable insights for cybersecurity and IT performance.

Authentication, authorization, and access control

Network file system

Network infrastructure


Email server

Web server

Remote access servers and methods

Internet Communications and Telephony

Secure, Scalable Intelligence

ExtraHop's architecture uses a unique combination of on-premises tech and cloud services to support the full machine-learning process while protecting the confidentiality, integrity, privacy, and anonymity of customer data and activities.

While our machine learning service is based in ExtraHop's cloud in order to scale effortlessly with your enterprise, only de-identified metadata is sent to the cloud. Data categories containing potentially sensitive information such as payloads, filenames, or strings will remain on your premises, and we obtain SOC 2, Type 1 compliance certification for our machine learning service every year.