Investigation & Response
It's not enough to fire a detection, what's important is to consider the context and correlation of what else is happening on your network. Do you have the depth of data you need to investigate any activity on your network with the ability to look back for threat hunting?
Detections
Detections on every asset bolstered by full analysis of 70+ protocols, decryption, and cloud-based machine learning.
Provides detection on all assets but is limited to on-box machine learning and lacks full protocol analysis and decryption capabilities.
Why It Matters
Full analysis of every asset across all protocols, augmented by decryption, is crucial for the detection of advanced attacks like SUNBURST and Kerberos GoldenTicket attacks. Cloud based machine learning means you can process larger, more complex datasets to ensure seamless detection of even the newest attacks.
Investigation & Threat Hunting
Real-time and historical data for all observed communications
Data is limited to detection-driven investigations
Why It Matters
To answer the question "Are we impacted by
Unified Console: NetOps + SecOps + CloudOps
Single console for network, security and cloud teams
Security only use cases
Why It Matters
A single source of truth provides faster resolution for security, performance, cloud and hygiene use cases increasing efficiency, decreasing response time, and providing the opportunity to simplify tool portfolios.
Full Continuous Packet Capture (PCAP)
Always-on continuous PCAP
Precision PCAP
Why It Matters
Always-on, continuous PCAP guarantees availability of relevant packets. A reliance on Precision PCAPs means you will miss details critical to determining the severity of an incident.
VIDEO: Packet Capture
with ExtraHop Reveal(x)
Enterprise Scalability & Real-time Analysis
To scale to the needs of the enterprise, your traffic analysis must deliver real-time insights by monitoring every asset communicating across your hybrid environment. Reveal(x) leverages the cloud to constantly adapt to the demands of your network, providing analysts instant access to the data they need to respond to threats.
Scale: Raw Throughput Per-Sensor
Up to 100Gbps
Up to 55Gbps
Why It Matters
Raw throughput is not the only governing factor to determine the scale of monitoring but it is an important one. Higher throughput ensures cost efficiency when scaling to the needs of your organization.
Scale: IP Monitoring
Up to 1 Million assets
Up to 300,000 assets
Why It Matters
Scaling to 1M assets ensures a single investigative console to rapidly correlate asset activity without data fragmentation for all your threat hunting needs.
Scale: Machine Learning
Cloud-based Machine Learning
Appliance-based Machine Learning
Why It Matters
Cloud-based machine learning ensures you immediately have the most up-to-date detection capabilities while simultaneously scaling on-demand to ensure no detection is missed. Appliance based ML is limited to available system resources.
Tunable Data Streaming to SIEM
Pick the data you want to store.
All or nothing approach.
Why It Matters
Sending all data to your SIEM is both expensive and inefficient. Tuning your NDR to stream only the most important data to your SIEM saves time and money.
Visibility & Decryption
Visibility requires a complete picture of every asset connected to the network and its function. This challenge combined with the rapid adoption of encryption has hampered visibility industry wide. Reveal(x) provides complete visibility augmented by decryption into every asset (including IoT), application and user communicating on the hybrid network. Decryption is required to detect the most advanced threats.
Decryption and Encrypted Traffic Analysis (ETA)
ETA + Out of band line-rate decryption (up to and including TLS 1.3)
ETA only. Vectra claims: "Decryption violates privacy laws."
Why It Matters
As TLS 1.3 reaches ubiquity it becomes increasingly necessary to decrypt traffic to catch threats like SQL injection, cross-site scripting, SSRF, and Kerberos Golden Ticket attacks.
BLOG: Five Reasons You Need to Decrypt Traffic for SecOps Analysis
Asset Classification
Complete asset inventory with role-based classification including IoT
IP address based asset inventory with no asset classification
Why It Matters
You need to classify an assets role to provide needed context to rapidly determine if observed behaviors align with the assets intended function ex. DNS, VOIP, AD, SQL, IoT etc.
VIDEO: Asset Classification
with ExtraHop Reveal(x)
Historical Lookback
Up to 90 days of customizable historical data included
Up to 14 days of Zeek formatted historical data with a fee for additional storage
Why It Matters
When advanced attacks like SUNBURST are disclosed, answering the question "Were we impacted?" requires you have the maximum amount of historical data for investigation.
SECURITY REPORT: Lessons Learned Investigating the SUNBURST Attack
Hybrid, Multi Cloud & SaaS
Cloud-native security and flexible deployment models are central to the needs of modern enterprises. Reveal(x) leverages its AWS expertise to provide frictionless on-demand deployments to secure your cloud infrastructure.
Flexible Deployment Cloud
Hybrid, Multi-Cloud, and SaaS deployment models, in one interface. Support for AWS, Azure, GCP
No SaaS: Deploy VM's in cloud instances. No Google Cloud support.
Why It Matters
Deployment models must meet with your business requirements for scale and efficiency. ExtraHop Reveal(x) 360 is a true SaaS solution and provides flexibility to adapt to your future security needs.
AWS Competency
AWS Security Competency
None
Why It Matters
Certification by AWS demonstrates that vendors have deep technical expertise and proven customer success securing every stage of cloud
Cloud Throughput
Up to 25Gbps
Up to 10Gbps
Why It Matters
Raw throughput is not the only governing factor to determine the scale of monitoring but it is an important one. Higher throughput ensures cost efficiency when scaling to the needs of your organization.