Comparison Deep Dive


ExtraHop vs. Riverbed

How does the ExtraHop Performance Platform compare to Riverbed?

NetOps and ITOps face countless challenges created by hybrid environments, SDN, and shadow IT. But they are far from insurmountable. While legacy NPM solutions, such as Riverbed–with its limited L7 visibility, shallow protocol analysis, and lack of machine learning–promise to deliver visibility and insights for the future, ExtraHop is already there. ExtraHop empowers IT teams to modernize at a massive scale so they can maintain visibility into all transactions on the network and improve IT staff efficiency, MTTR, and overall business productivity.

ExtraHop Riverbed
Sustained Throughput* 100 Gbps 20 Gbps
Advanced Machine Learning
On-Premises, Virtual, and Cloud Deployments
Cloud Integrations (Azure, AWS)
Auto-Discovery and Classification Limited
Enterprise Protocols 70+ 20
Line-Rate SSL Decryption and TLS 1.3 Support
Indexed Transaction-Level Detail with Visual Search Queries
Extensibility (Custom Dashboards, Triggers, Open APIs) Yes Limited
Integration Partners Open Architecture Closed Platform

* full-stream reassembly, decryption, and full payload analysis before writing to disk

Why These Differences Matter

Integrated Workflow

ExtraHop provides actionable, correlated insights from a unified and intuitive UI, taking you from alerts to transactions to packets in a matter of clicks. We provide an automated and accelerated investigation workflow that integrates with your enterprise tools, allowing you to move from a reactive remediation process to a proactive, analytics-first operation.

Riverbed has inconsistent workflows between product lines, requiring users to access multiple interfaces which further complicate the workflow from receiving an alert to finding transactions and querying packets. Riverbed innovates through acquisition and lacks any significant product development outside of feature parity, leaving the user frustrated and wondering what's next.

Machine Learning

ExtraHop leverages network data and applies machine learning to deliver deeper insights, maximum accuracy, and fewer false positives. ExtraHop's machine learning engine accomplishes this by leveraging the cloud, bypassing the need to perform these complex computations on-box, further degrading performance. Riverbed currently has no machine learning ability outside of simple dynamic baselining.

Sustained Throughput

ExtraHop gathers and analyzes 100Gbps of data in real time on a single appliance, providing rich, contextual insights within 15 minutes of being turned on. Our award-winning platform decrypts at line rate and gives visibility into all SSL traffic, including PFS-encrypted sessions (in addition to the newer TLS 1.3), while also providing full visibility into every L7 transaction. The Riverbed ARX 8170 provides 20Gbps of L4 analysis, with no L7 analysis. The ARX 8170 can only achieve 20Gbps of throughput with DPI turned off, which means the user is losing visibility into 1600+ auto-recognized applications like Google and Facebook. With DPI turned on, throughput drops to 18Gbps.

Cloud Integrations

Whether you are running an Azure, GCP, AWS, or a multi-cloud shop, ExtraHop supports hybrid cloud initiatives before, during and after migrations. As the first NPM vendor to offer a solution for AWS, ExtraHop has been developing integrations with CloudWatch, CloudTrail, VPC Flow Log, Azure Monitor, and Azure Activity Log. Currently, Riverbed offers no integration with cloud provider monitoring tools.

Decryption Capabilities

ExtraHop decrypts and analyzes packets all the way down to the application payload at Layer 7, providing the definitive insights organizations need to prioritize their actions and respond confidently, in a way that encrypted data limited to L4 flow communications cannot. ExtraHop is an out-of-band solution that conducts all decryption and analytics in real time, even TLS 1.3, without the need to store packets. Post-capture analysis can potentially miss anomalies minutes after they've occurred. ExtraHop's decryption is also hardware-based and can operate at line rate up to 100Gbps which breaks down to 3.6 million RSA/min. Riverbed's flagship appliance peaks at 20Gbps or 167k RSA/min, and performance decreases to 18Gbps when SSL or DBA analysis is turned on.

Rise Above Attackers

10%

Faster Threat
Detection

Rise Above Poor Experience

10%

Reduction in
Unplanned
Downtime

Rise Above Frustration

10%

Less Staff
Time to
Resolve Threats