Investigation & Response
It's not enough to fire a detection, you have to consider the context and correlate that detection with everything else that's happening on your network. Do you have the depth of data you need to investigate activity on your network and to look back for threat hunting?
Detections
Detections on every asset bolstered by full stream reassembly, analysis of 70+ protocols, decryption, and cloud-based machine learning —with fewer false positives
Provides detection across assets but is limited to on-box machine learning and lacks decryption capabilities, full protocol analysis, and stream reassembly
Why It Matters
Detections for every asset across all protocols, with decryption, is crucial for the detection of advanced attacks like SUNBURST and Kerberos Golden Ticket attacks. Cloud-based machine learning means you can process larger, more complex datasets to ensure detection of the latest attacks.
Investigation & Threat Hunting
Real-time and historical data for all network activity
Historical data is limited to detection-driven investigations
Why It Matters
To answer the question "Are we impacted by the latest threat?" you need all observed data to understand the context and perform proactive investigations and retrospective threat hunting using detailed historical data.
Unified Console: NetOps + SecOps + CloudOps
Unified console for network, cloud, and security operations
No NetOps coverage. Single console for security-related data and use cases only
Why It Matters
Having a single source of truth helps break down silos and provides faster resolution for security, performance, cloud, and hygiene use cases. That increases efficiency, decreases response time, and provides the opportunity to simplify your toolset.
Full Continuous Packet Capture (PCAP)
Always-on continuous PCAP
Precision PCAP
Why It Matters
Always-on, continuous PCAP makes sure you can access the packets you need. Relying on Precision PCAPs can omit details critical to understanding the severity of an incident.
VIDEO: Packet Capture
with ExtraHop Reveal(x)
Enterprise Scalability & Real-time Analysis
To scale to the needs of the enterprise, your network traffic analysis must deliver real-time insights by monitoring every asset communicating across your hybrid environment. Reveal(x) NDR leverages the cloud to constantly adapt to the demands of your network, providing security teams instant access to the data they need to respond to threats.
Scale: Raw Throughput Per-Sensor
Up to 100Gbps
Up to 5Gbps
Why It Matters
Raw throughput isn't the only factor determining the scale of monitoring, but it is an important one. Higher throughput ensures cost efficiency when scaling with the growing needs of your organization.
Scale: IP Monitoring
Up to 1 Million assets
Up to 50 thousand assets
Why It Matters
Scaling to a million assets ensures a single investigative console to rapidly correlate activity across assets without fragmented data—critical for threat hunting.
Scale: Machine Learning
Cloud-based Machine Learning
Appliance-based Machine Learning
Why It Matters
Cloud-based ML means you immediately have the most up-to-date detection capabilities while simultaneously scaling on-demand—so no detection is missed. Appliance-based ML is limited by system resources.
Visibility & Decryption
Visibility requires a complete picture of every asset connected to the network and its function. This challenge, combined with the rapid adoption of encryption, has hampered analysts industry wide. Reveal(x) gives security teams complete visibility augmented by decryption, including TLS 1.3 with PFS, (which ExtraHop competitors lack) into every asset (including IoT), application, and user communicating on the hybrid network. Decryption is required for threat detection—especially for uncovering the most advanced threats.
Interested in decryption? Learn more about how ExtraHop works.
Decryption and Encrypted Traffic Analysis (ETA)
ETA + Out of band line-rate decryption (up to and including TLS 1.3)
ETA only.
Why It Matters
As TLS 1.3 becomes ubiquitous, it's increasingly necessary to decrypt traffic to catch threats like SQL injection, cross-site scripting, SSRF, and Kerberos Golden Ticket attacks.
BLOG: Five Reasons You Need to Decrypt Traffic for SecOps Analysis
Asset Classification
Complete asset inventory with role-based classification including IoT
IP-address-based asset inventory with no asset classification capability
Why It Matters
You need to classify asset roles to give needed context. That allows you to rapidly determine if observed behaviors deviate from expected behavior, given its intended function. For example: DNS, VOIP, AD, SQL, IoT etc.
VIDEO: Asset Classification
with ExtraHop Reveal(x)
Historical Lookback
Up to 90 days of customizable historical data
Limited. Historical data is only retained when a detection occurs
Why It Matters
Understanding whether you are affected by advanced attacks like SUNBURST requires maximum historical data which may or may not be linked to a detection.
SECURITY REPORT: Lessons Learned Investigating the SUNBURST Attack
Hybrid, Multi Cloud & SaaS
Cloud-native security and flexible deployment models are critical for modern enterprises. Reveal(x) uses its expertise with AWS to provide frictionless, on-demand deployments to secure your cloud environments.
AWS Competency
AWS Security Competency
No AWS Security Competency
Why It Matters
AWS security competency demonstrates deep technical cloud expertise and proven customer success securing cloud transformation through every stage, from initial migration to ongoing day-to-day management.
Cloud Throughput
Up to 25Gbps
Up to 5Gbps
Why It Matters
Raw throughput is not the only factor determining the scale of monitoring, but it is an important one. Higher throughput brings cost efficiency when scaling with your growing business.
SaaS-Delivered Data Storage
Cloud-hosted and managed historical data
None. No historical storage options
Why It Matters
SaaS-delivered storage ensures historical data is available to meet your investigative, threat hunting, and compliance requirements.