ExtraHop Security: Advanced Capabilities for Threat Defense

Capabilities

Complete network visibility

Gain broad risk visibility across the entire attack surface, beyond what can be seen on endpoints, SIEM, logs, or other NDR solutions.

Automated asset discovery

Understand your attack surface from core to edge to cloud.

Identify unknown and unmanaged assets, including IoT.
Classify all assets and map dependencies.
Passively monitor and analyze traffic without agents without

Protocol fluency

Decode 80+ protocols, including Microsoft protocols.

Monitor L2–L7 traffic at up to 100 Gbps.
Decrypt Microsoft Active Directory protocols.
Gain insight into IAM, databases, web transactions, and more.

Line-rate decryption

Decrypt SSL/TLS 1.3 traffic with perfect forward secrecy enabled.

Use out-of-band decryption with no effect on performance.
Uncover threats like malware in encrypted traffic.
Enable Zero Trust security models.

Cloud-scale machine learning

Advanced machine learning and AI analyzes behavior, detects threats, and automates investigation steps for faster response.

Cloud-scale machine learning

Continuously apply, refine, and retrain millions of predictive models to network data.

Use superior detection and analytics with high-fidelity modeling.
Receive rapid security updates continuously pushed live.
Gain coverage across your enterprise network attack surface.

Peer-group analysis

Identify suspicious activity and potential threats based on observed behavior.

Establish baselines and uncovers deviations.
Identify kill chain behaviors as they occur.
Detect threats up to 83% faster.

AI-optimized investigation workflows

Accurately prioritize detections for rapid triage and response.

Collect the most relevant information without human intervention.
Conduct 3-click investigations from detection to root cause.
Resolve threats up to 87% faster.

Real-time Detection

Reduce risk and identify threats other tools miss with ML-powered detections, behavioral analysis, and signature-based detections for known IOCs.

Inventory & vulnerability assessment

Continuously discover all assets and flag vulnerabilities.

dentify assets as soon as they communicate on the network.
Receive information on weak ciphers and expiring certificates.
Detect vulnerability scanning tools.

Threat detection

Identify known and unknown threats and malicious behaviors as they occur, and detect zero-day threats.

Detect suspicious behavior with advanced machine learning and AI.
Identify known indicators of compromise with rules and threat intelligence.
Automated retrospective threat detection identifies zero-day threats in historical records.

Investigation & response workflows

Respond quickly with manual triage or AI-powered Smart Triage.

Investigate from detection to root cause in 3 clicks.
Use AI-recommended response actions.
Integrate for automated response or use manual remediation.

User Identities Linked to Detections

Link user identities to detections, and tune detections by username.

Correlate detections by user identity to enhance efficiency.
Assess and prioritize risk for usernames repeatedly found in detections.
Uncover wider attack patterns based on users.

Streamlined Investigation

Investigate from detection to root cause in 3 or fewer clicks with intuitive, AI-enhanced investigation workflows.

AI-optimized investigation workflows

Accurately prioritize detections for rapid triage and response.

Collect the most relevant information without human intervention.
Investigate from detection to root cause in 3 clicks.
Smart Triage to prioritize detections.

Context-rich detection cards

Gain a holistic view of detections and click for added context.

Quickly identify attack type, victims, and offenders.
Use network metrics to understand things like expected traffic flows.
Gain context into the attack kill chain with related detections.

Drill down for more details

Quickly drill down to forensic evidence via intuitive workflows.

Map detections to frameworks like MITRE ATT&CK.
Access ExtraHop and third-party threat intelligence.
Easily click into transaction records and packets.

User Table for Investigation and Threat Hunting

Quickly find user identities associated with detections and devices.

Conduct identity-based investigation and threat hunting.
Click into specific records, devices, and detections for users.
Identify when valid identities and credentials are used in attacks.

Intelligent Response

Slash mean-time-to-respond (MTTR) with native integrations and bundles to take automated action or through analyst-led response.

Recommended mitigation options

Use AI-powered mitigation options for response.

Quickly identify a range of mitigation options in ExtraHop detections.
Take action based on recommendations.

Quickly identify a range of mitigation options in ExtraHop detections.
Take action based on recommendations.

Turnkey integrations

Native integrations for automated response.

Take automated action via integrations with CrowdStrike, Splunk, and more.
Use push-button response from ExtraHop detections via the CrowdStrike Falcon agent.

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Capabilities

Complete network visibility

Automated asset discovery

Understand your attack surface from core to edge to cloud.

Protocol fluency

Decode 80+ protocols, including Microsoft protocols.

Line-rate decryption

Decrypt SSL/TLS 1.3 traffic with perfect forward secrecy enabled.

Cloud-scale machine learning

Cloud-scale machine learning

Continuously apply, refine, and retrain millions of predictive models to network data.

Peer-group analysis

Identify suspicious activity and potential threats based on observed behavior.

AI-optimized investigation workflows

Accurately prioritize detections for rapid triage and response.

Real-time Detection

Inventory & vulnerability assessment

Continuously discover all assets and flag vulnerabilities.

Threat detection

Identify known and unknown threats and malicious behaviors as they occur, and detect zero-day threats.

Investigation & response workflows

Respond quickly with manual triage or AI-powered Smart Triage.

User Identities Linked to Detections

Link user identities to detections, and tune detections by username.

Streamlined Investigation

AI-optimized investigation workflows

Accurately prioritize detections for rapid triage and response.

Context-rich detection cards

Gain a holistic view of detections and click for added context.

Drill down for more details

Quickly drill down to forensic evidence via intuitive workflows.

User Table for Investigation and Threat Hunting

Quickly find user identities associated with detections and devices.

Intelligent Response

Recommended mitigation options

Use AI-powered mitigation options for response.

Turnkey integrations

Native integrations for automated response.

API Integrations

Integrate RevealX with leading security tools.

Leverage complete network visibility

Capabilities

Complete network visibility

Automated asset discovery

Understand your attack surface from core to edge to cloud.

Protocol fluency

Decode 80+ protocols, including Microsoft protocols.

Line-rate decryption

Decrypt SSL/TLS 1.3 traffic with perfect forward secrecy enabled.

Cloud-scale machine learning

Cloud-scale machine learning

Continuously apply, refine, and retrain millions of predictive models to network data.

Peer-group analysis

Identify suspicious activity and potential threats based on observed behavior.

AI-optimized investigation workflows

Accurately prioritize detections for rapid triage and response.

Real-time Detection

Inventory & vulnerability assessment

Continuously discover all assets and flag vulnerabilities.

Threat detection

Identify known and unknown threats and malicious behaviors as they occur, and detect zero-day threats.

Investigation & response workflows

Respond quickly with manual triage or AI-powered Smart Triage.

User Identities Linked to Detections

Link user identities to detections, and tune detections by username.

Streamlined Investigation

AI-optimized investigation workflows

Accurately prioritize detections for rapid triage and response.

Context-rich detection cards

Gain a holistic view of detections and click for added context.

Drill down for more details

Quickly drill down to forensic evidence via intuitive workflows.

User Table for Investigation and Threat Hunting