RevealX NDR is the core cybersecurity module of the RevealX platform. It enables organizations to reduce risk and identify threats other tools like EDR and SIEM miss. By ingesting and analyzing network packets, RevealX NDR provides OSI Layer 2–Layer 7 visibility and real-time detection while providing streamlined investigation workflows for faster, more confident response across on-premises, remote, hybrid, and multicloud environments. For more information, visit the RevealX NDR overview page.

While both core modules are critical for risk reduction and the business resiliency of your network, RevealX NDR is focused on cybersecurity, and RevealX NPM is focused on performance. RevealX NDR proactively detects potential cyber threats across the attack surface, while RevealX NPM actively monitors potential network and application performance issues. For more information, visit the RevealX NPM overview page.

RevealX NDR takes a full-spectrum detection approach that combines real-time detection of the latest CVEs and continuous behavioral machine learning to catch stealthy, post-compromise attacker tactics, techniques, and procedures. For a deeper dive into ExtraHop’s detections, read our Detections White Paper.

ExtraHop creates structured records from raw network packets and then securely transports those records to ExtraHop Cloud Services, where we use them to train advanced machine learning (ML) models to deliver accurate detections and insights to RevealX NDR users. For more detailed information, read this blog.

The RevealX platform enables users to integrate modules for Intrusion Detection System (IDS) and Packet Forensics with a scalable packet capture (PCAP) repository.

IDS and Packet Forensics modules are add-on modules to the RevealX platform’s core NDR module and cannot be purchased as standalone products.

RevealX NDR is available as a managed security service via trusted partners such as Binary Defense. For more information, visit Managed Service Provider Partner Program.

ExtraHop products and services are GDPR compliant. ExtraHop engages with a third party for annual SOC 2 and SOC 3 audits and is a member of the U.S. Privacy Shield program. For more information, visit ExtraHop Security and Compliance.

The RevealX platform consists of a set of components based on your environmental needs: sensors, recordstores, and a console for centralized management and unified data views. All components are available in physical, virtual, and cloud-based options that are sized based on your needs.

You can deploy RevealX NDR in on-premises, remote, and cloud environments. For more information, visit ExtraHop Implementation.

The ExtraHop Deployment Service ensures RevealX NDR is set up, receiving and processing inbound data, and ready for operational and management handoff. The ExtraHop team can also assist with onboarding. To learn more, read this brief.

Yes. RevealX NDR can decrypt SSL/TLS (including TLS 1.3), NTLM, Kerberos, and SMBv3 network traffic. This is a key difference between RevealX and other solutions. Most other solutions only look at the 3 way TLS handshake as well as metadata about the session. No other solution does TLS decryption as well as decryption of NTLM, Kerberos, and SMBv3 traffic in real-time, which are critical for detecting many kinds of Active Directory based attacks. It also decodes 90+ protocols, including common Microsoft protocols such as SMBv3, Kerberos, Active Directory, and MSRPC to provide full visibility into encrypted traffic across the attack surface.

When you think of a typical client/server conversation over the network, you can think of the network protocol as the language they are speaking. Without speaking the language, all you really know is that one person called the other and said a certain number of words over time, but it’s very hard to tell if the nature of that conversation was “good” or “bad.” RevealX can serve as your translator for over 90 network protocols, making it easy for you to tell the difference between normal and malicious activity across your on-premise and multi-cloud networks.

RevealX NDR uses a port mirror or tap to passively ingest network traffic. ExtraHop conducts real-time stream processing of network traffic data and transforms the unstructured packets into structured wire data for deep analysis.

The ExtraHop Customer Success team is a dedicated resource for all ExtraHop customers and can help with success planning, operational assessments, product aid, and more.

ExtraHop offers a credit-based system for professional services, including deployments, training, integrations, support, and more. To learn more, visit ExtraHop Services.

ExtraHop has several integrations with leading vendors, including CrowdStrike, Splunk, Netskope, AWS, Microsoft, Gigamon, and more. Every ExtraHop customer has access to CrowdStrike Falcon Intelligence. To learn more, visit ExtraHop Integrations and Automations.

RevealX NDR offers robust query and investigation workflows within its user interface, but you can also integrate ExtraHop enriched network data with other back-ends like EDR and SIEM. The RevealX NDR Open Data Stream allows you to merge data from multiple sources into a single, rich set that can be queried and visualized using whatever tools your team prefers. RevealX NDR data can also be sent to data lakes.

You can purchase RevealX NDR directly from ExtraHop, through trusted channel partners and distributors, or via transactable listings on marketplaces such as the AWS Marketplace. For more information, Contact Us.

RevealX is sold as either a virtual or physical sensor under subscription-based pricing and has two deployment models: SaaS-based RevealX 360 and on-premises RevealX Enterprise. RevealX 360 pricing is based on the number of Discovered Devices, daily record ingest capacity, and record lookback period (30, 90, or 180 days). RevealX Enterprise pricing is based on the number of Discovered Devices and does not include record capacity. Customers can bundle modules for each deployment model to fit functional and capacity needs. For more information, Contact Us.

Each device that is discovered by a single ExtraHop sensor and which has a unique identifier counts towards your licensed device capacity. If a device is discovered by multiple sensors, that device is counted towards the device capacity for each unique sensor, and counts towards your total device capacity.