Capabilities
Complete network visibility
Gain broad risk visibility across the entire attack surface, beyond what can be seen on endpoints, SIEM, logs, or other NDR solutions.
Automated asset discovery
Understand your attack surface from core to edge to cloud.
- Identify unknown and unmanaged assets, including IoT.
- Classify all assets and map dependencies.
- Passively monitor and analyze traffic without agents.
Protocol fluency
Decode 80+ protocols, including Microsoft protocols.
- Monitor L2–L7 traffic at up to 100 Gbps.
- Decrypt Microsoft Active Directory protocols.
- Gain insight into IAM, databases, web transactions, and more.
Line-rate decryption
Decrypt SSL/TLS 1.3 traffic with perfect forward secrecy enabled.
- Use out-of-band decryption with no effect on performance.
- Uncover threats like malware in encrypted traffic.
- Enable Zero Trust security models.
Cloud-scale machine learning
Advanced machine learning and AI analyzes behavior, detects threats, and automates investigation steps for faster response.
Cloud-scale machine learning
Continuously apply, refine, and retrain millions of predictive models to network data.
- Use superior detection and analytics with high-fidelity modeling.
- Receive rapid security updates continuously pushed live.
- Gain coverage across your enterprise network attack surface.
Peer-group analysis
Identify suspicious activity and potential threats based on observed behavior.
- Establish baselines and uncovers deviations.
- Identify kill chain behaviors as they occur.
- Detect threats up to 83% faster.
AI-optimized investigation workflows
Accurately prioritize detections for rapid triage and response.
- Collect the most relevant information without human intervention.
- Conduct 3-click investigations from detection to root cause.
- Resolve threats up to 87% faster.
Real-time Detection
Reduce risk and identify threats other tools miss with ML-powered detections, behavioral analysis, and signature-based detections for known IOCs.
Inventory & vulnerability assessment
Continuously discover all assets and flag vulnerabilities.
- Identify assets as soon as they communicate on the network.
- Receive information on weak ciphers and expiring certificates.
- Detect vulnerability scanning tools.
Threat detection
Identify known and unknown threats and malicious behaviors as they occur, and detect zero-day threats.
- Detect suspicious behavior with advanced machine learning and AI.
- Identify known indicators of compromise with rules and threat intelligence.
- Automated retrospective threat detection identifies zero-day threats in historical records.
Investigation & response workflows
Respond quickly with manual triage or AI-powered Smart Triage.
- Investigate from detection to root cause in 3 clicks.
- Use AI-recommended response actions.
- Integrate for automated response or use manual remediation.
Streamlined Investigation
Investigate from detection to root cause in 3 or fewer clicks with intuitive, AI-enhanced investigation workflows.
AI-optimized investigation workflows
Accurately prioritize detections for rapid triage and response.
- Collect the most relevant information without human intervention.
- Investigate from detection to root cause in 3 clicks.
- Smart Triage to prioritize detections.
Context-rich detection cards
Gain a holistic view of detections and click for added context.
- Quickly identify attack type, victims, and offenders.
- Use network metrics to understand things like expected traffic flows.
- Gain context into the attack kill chain with related detections.
Drill down for more details
Quickly drill down to forensic evidence via intuitive workflows.
- Map detections to frameworks like MITRE ATT&CK.
- Access ExtraHop and third-party threat intelligence.
- Easily click into transaction records and packets.
Intelligent Response
Slash mean-time-to-respond (MTTR) with native integrations and bundles to take automated action or through analyst-led response.
Recommended mitigation options
Use AI-powered mitigation options for response.
- Quickly identify a range of mitigation options in ExtraHop detections.
- Take action based on recommendations.
Turnkey integrations
Native integrations for automated response.
- Take automated action via integrations with CrowdStrike, Splunk, and more.
- Use push-button response from ExtraHop detections via the CrowdStrike Falcon agent.
API Integrations
Integrate RevealX with leading security tools.
- Choose from hundreds of bundles to integrate with other tools.
- Share RevealX data with SIEM, SOAR, EDR, and more.
- Quickly take automated response action.