Network Traffic Analysis for the Enterprise

Unprecedented Visibility.
Definitive Insights.
Immediate Answers.

Modern security programs need a new source of insight, one that provides empirical evidence to help analysts rapidly triage, investigate, and remediate high risk threats.

ExtraHop Reveal(x) is a network traffic analysis solution that provides crucial threat intelligence, ML, and investigation automation so security teams can act with confidence and speed.

Security Homepage Dashboard

Unprecedented Visibility

ExtraHop Reveal(x) uses stream processing to auto-discover and classify every transaction, flow, session, device, and asset in your enterprise—including data centers, cloud-hosted applications, remote branches, and IoT—at up to 100 Gbps. Reveal(x) analyzes and extracts features from more than 50 enterprise protocols, including SSL/TLS encrypted traffic, to give your team the high-fidelity insights about your internal (east-west) environment that are vital to detecting and stopping sophisticated threats.

Auto-discover and classify everything in your enterprise with need-to-know decryption of encrypted traffic

Visualize everything in a live activity map and click down into transaction records and even precise packet details

Quickly prioritize human expertise and radically speed up investigations with full context and workflow automation

Protect Your Critical Assets

ExtraHop Reveal(x) automatically detects and classifies everything communicating on the network, making it simple to identify the most critical assets in any environment, and focus on securing them. On top of that, Reveal(x) conducts deeper analysis on your most critical assets than any other security tool, providing timely insights when and where they matter most.

Critical Assets

Without ExtraHop, the investigation would have taken days or weeks, exposing [us] to potentially catastrophic risk. Even the FBI was impressed when they found out how quickly we identified and contained the threat!

Joanne White
Wood County Hospital

Click Through the Attack Chain:

Command Control Anomaly
Command and Control Alert

Command & Control

A compromised device on your network is attempting to contact an attacker's external Command and Control (C&C) server. Once a connection is established, the C&C server can send additional malware, instructions for remote remote execution, and/or payloads required to support the attack. Reveal(x) detects when an internal device is communicating to a suspicious system outside of your network in support of an attack.

Recon Anomaly
Reconnaissance Alert


An attacker has compromised a device and is using it to learn about your network. The attacker is looking for potential targets (critical assets) and associated vulnerabilities. Reveal(x) detects when an internal device is performing suspicious scans of devices, ports, services, applications, or files on your network as well as attempts to gain direct control of resources.

Exploit Anomaly
Exploit Alert


An attacker is actively exploiting assets and vulnerabilities in your network. Reveal(x) detects anomalous behavior associated with various techniques like brute force attacks and IP fragmentation.

Lateral Movement Anomaly
Lateral Movement Alert

Lateral Movement

An attacker is progressively moving through your network from device to device in search of data and critical assets that are ultimately the target of their attack campaign. Reveal(x) detects unusual movement of users or data within your network.

Exfiltration Anomaly
Exfiltration Alert

Actions on Objective

An attacker is finally making a move by exfiltrating files, encrypting data, or taking other unsavory action. Reveal(x) detects when attackers are near to completing their campaign goals.

Behavioral Analytics

Better Data Means Better ML

wire data for security

Machine learning is only as powerful as the data you give it. ExtraHop Reveal(x) processes over 1 PB of data per day and selectively guides its machine learning models with more than 4,600 wire data metrics, allowing for unmatched breadth, accuracy, and focus in behavioral analytics.

Authentication, authorization, and access control
Network file system and infrastructure
Remote access servers and methods
External communications and email servers
Internet communications and telephony

Reveal-X Packet Capture

Automated Investigation

When Reveal(x) surfaces suspicious behavior, you'll receive full context and precise packet details within seconds of detection. Automate anomaly-driven response workflows in SIEM platforms and management tools so you can quarantine infected systems, initiate containments, and focus human time and energy where it's most valuable.

What Does the SANS Institute Think?