Start Demo

The Platform

For Security

For Cloud

For IT Ops

Blog

More

Start the Democaret-right

Contact Uscaret-right
caret-left Back

ExtraHop Reveal(x)

Cloud-native visibility, detection, and
response for the hybrid enterprise.

Reveal(x) 360

SaaS-based network detection
and response.

Learn More

How It Workscaret-right

Reveal(x) Enterprise

Self-managed network detection
and response.

Learn More

How It Workscaret-right
caret-left Back

For Security

Protect and scale your business with complete visibility, real-time threat detections, and intelligent response.

Learn More

Comprehensive Inventory of All Devices

Detect Lateral Movement

Monitor Sensitive Data Movements

Respond to Alerts That Matter

Simple, Streamlined Threat Hunting

Next Generation Intrusion Detection System
caret-left Back

For Cloud

Secure rapid cloud adoption and maintain control of applications, workloads, and data in cloud or multi-cloud environments.

Learn More

Monitor Critical Cloud Workloads

Detect Supply Chain Attacks

Cloud Detection and Response

Respond to Alerts That Matter

Security for AWS

Security for Azure

Security for Google Cloud
caret-left Back

For IT Ops

Boost NOC/SOC collaboration and ensure availability and performance across your hybrid enterprise.

Learn More

Resolve Performance Issues

Support Distributed Workers

Reliably Scale to the Cloud

NetOps and SecOps Collaboration
caret-left Back

Blog

Learn More
caret-left Back

Customers

Partners

Resources

About Us

caret-left Back

Customers

Customer resources, training,
case studies, and more.

Visit Customer Portal

Support

Professional Services

Training

Solution Bundles Gallery

Community Forums

caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Visit Partner Portal

Panorama Partner Program

Overwatch Managed NDR

Technology Integration Partners

Become a Partner

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories

Network Attack Library

Protocol Library

Documentation

Firmware

Training Videos

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

The ExtraHop Difference

What Is Cloud-Native?

Careers

Newsroom

Upcoming Webinars and Events

ExtraHop vs. Darktrace

It's the Data, Not the Math

How does ExtraHop Reveal(x) network detection and response compare to Darktrace Enterprise Immune System?

Get the Datasheet
number 1

Wire Data

number 2

Analytics at Scale

number 3

Decryption Capabilities

number 4

Automated Investigation

ExtraHop Reveal(x) Darktrace
Wire Data
Data Sources Packet Headers (L2-L4)
Protocol Decoders 70+ Not Published
Machine Learning Cloud-Based On-Prem
Decryption SSL/TLS
Analytics Behavioral Analytics
Critical Asset Prioritization
Metrics 5000+ Not Published
Anomaly Correlation ML-Driven Manual
Investigation Capabilities Transaction Indexing
Forensics Continuous Packet Capture Reactive Packet Capture
Scalability Throughput 100Gbps Sustained 6Gbps Unsustained
Deployment Options On Premises (Hardware, Virtual)
Cloud
REST API
Extensibility Integration Partners 26 14
Custom Metrics
Custom Dashboards
Cloud AWS Marketplace On Demand

Why These Differences Matter

Analytics At Scale, Immediately

Reveal(x) analyzes data at a sustained 100Gbps per appliance, automatically discovering and classifying all endpoints and transactions in real time so you'll start receiving useful insights as soon as you plug in. Darktrace caps out at 6Gbps per appliance and requires human analysts to build out reports, so the first 3-4 weeks of your deployment delivers zero value.

Limited scalability for Darktrace means that even if you pay for six times more hardware and associated management costs, Darktrace will still provide less timely, less thorough information than you'd get from one Reveal(x) appliance.

Darktrace throughput comparison
Darktrace decoders comparison
Darktrace decryption comparison
Darktrace workflow comparison

See Inside Encrypted Traffic

ExtraHop decrypts SSL/TLS at line rate, including Perfect Forward Secrecy (PFS) implementations. Darktrace offers zero decryption capabilities, leaving the majority of network traffic completely opaque—so insiders and attackers can roam freely and exfiltrate data unseen.

70% of cyber attacks will use encryption in 2019 (Cisco). Encryption helps them get through the firewall and then reconnoiter and implement their attacks within your network. Without decryption capabilities those attacks will be invisible to your security team.

Better Data Yields Better Analysis

Wire data is to packet headers what the full color spectrum is to black and white. Unlike Darktrace, ExtraHop gives you real-time visibility into 70+ enterprise protocols so you can not only understand which assets are communicating, but also what they're actually saying.

This rich data set permits machine learning to be more focused and precise, taking advantage of the variations in behavior that have the most value and meaning while suppressing false positives.

Live Activity Maps

Cut Effort by
50%

Threat detection can't solve the talent crisis or the rising tide of attackers unless you back it up with robust investigation automation capabilities. Without those additional capabilities, threat detection can even make the problem worse.

Darktrace will alert you to potential threats all over your environment with no prioritization or forensic evidence attached, no correlation between anomalies, and no custom dashboards or response options—and human analysts still need to intervene and weed out false positives.

green checkmark

Auto-discover, classify, and prioritize assets so critical systems receive deeper analytics (enabling faster response)

green checkmark

Correlate transactions and packets in real time to automate the investigation process and streamline forensic analysis

green checkmark

Integrate with popular SIEM platforms out of the box and utilize the Open Data Stream (and the REST API) for rededication and automation

Timeline of a Breach

Reveal(x) tells the whole story. No plot holes.

Reveal(x) vs. Darktrace

Client attempts and fails DB login several times

Rare client attempts and fails DB login several times*

Unusual amount of SQL traffic between a DB and rare client

Client successfully logs into DB

Client logs into DB and receives confirmation from the DB

No packet data

Client requests info from DB using "select" command

Client requests info from DB using "select" command

No packet data

DB responds in the affirmative & begins delivering data

DB responds in the affirmative & begins delivering data

No packet data

Client issues "drop" command against DB audit table

Client issues "drop" command against DB audit table

No packet data

DB responds in the affirmative

DB responds in the affirmative

No packet data

Client initiates large data transfer to external host

Client initiates large data transfer to external host

Unusual volume of data transfer between client and rare external host

*That first alert from ExtraHop provides enough info to justify quarantining the device in question and launching a full investigation. But if the worst should happen, full attack chain visibility puts you in the best position to eliminate the threat.

Launch the interactive demo to explore the Reveal(x) workflow for yourself.

Put Reveal(x) To the Test

+

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies. Learn More