ExtraHop vs. Darktrace

It's the Data, Not the Math

How does ExtraHop Reveal(x) network detection and response compare to Darktrace Enterprise Immune System?

number 1

Wire Data

number 2

Analytics at Scale

number 3

Decryption Capabilities

number 4

Automated Investigation

ExtraHop Reveal(x) Darktrace
Wire Data
Data Sources Packet Headers (L2-L4)
Protocol Decoders 70+ Not Published
Machine Learning Cloud-Based On-Prem
Decryption SSL/TLS
Analytics Behavioral Analytics
Critical Asset Prioritization
Metrics 5000+ Not Published
Anomaly Correlation ML-Driven Manual
Investigation Capabilities Transaction Indexing
Forensics Continuous Packet Capture Reactive Packet Capture
Scalability Throughput 100Gbps Sustained 6Gbps Unsustained
Deployment Options On Premises (Hardware, Virtual)
Cloud
REST API
Extensibility Integration Partners 26 14
Custom Metrics
Custom Dashboards
Cloud AWS Marketplace On Demand

Why These Differences Matter

Analytics At Scale, Immediately

Reveal(x) analyzes data at a sustained 100Gbps per appliance, automatically discovering and classifying all endpoints and transactions in real time so you'll start receiving useful insights as soon as you plug in. Darktrace caps out at 6Gbps per appliance and requires human analysts to build out reports, so the first 3-4 weeks of your deployment delivers zero value.

Limited scalability for Darktrace means that even if you pay for six times more hardware and associated management costs, Darktrace will still provide less timely, less thorough information than you'd get from one Reveal(x) appliance.

Darktrace throughput comparison
Darktrace decoders comparison
Darktrace decryption comparison
Darktrace workflow comparison