How does ExtraHop Reveal(x) network traffic analysis compare to Darktrace Enterprise Immune System?
Wire Data
Analytics at Scale
Decryption Capabilities
Automated Investigation
| ExtraHop Reveal(x) | Darktrace | ||
|---|---|---|---|
| Data Sources | Wire Data | ||
| Packet Headers (L2-L4) | |||
| Protocol Decoders | 40 | 5 | |
| Analytics | Machine Learning | Cloud-Based | On-Prem |
| Decryption | SSL/TLS | None | |
| Behavioral Analytics | |||
| Critical Asset Prioritization | |||
| Metrics | 4000 | 400 | |
| Investigation Capabilities | Anomaly Correlation | ML-Driven | Manual |
| Transaction Indexing | |||
| Forensics | Continuous Packet Capture | Reactive Packet Capture | |
| Scalability | Throughput | 100Gbps Sustained | 6Gbps Unsustained |
| Deployment Options | On Premises (Hardware, Virtual) | ||
| Cloud | |||
| Extensibility | REST API | ||
| Integration Partners | 30+ | <5 | |
| Custom Metrics | |||
| Custom Dashboards |
Why These Differences Matter
Analytics At Scale, Immediately
Reveal(x) analyzes data at a sustained 100Gbps per appliance, automatically discovering and classifying all endpoints and transactions in real time so you'll start receiving useful insights as soon as you plug in. Darktrace caps out at 6Gbps per appliance and requires human analysts to build out reports, so the first 3-4 weeks of your deployment delivers zero value.
Limited scalability for Darktrace means that even if you pay for six times more hardware and associated management costs, Darktrace will still provide less timely, less thorough information than you'd get from one Reveal(x) appliance.
