Cloud-Native Security

ExtraHop Reveal(x) AMI


Threat Detection, Investigation, and Response for AWS

Secure Data and Workloads in AWS

Security teams have the difficult task of keeping up with the speed of cloud while ensuring data, applications, and workloads are secure. In order to stay ahead, SecOps needs visibility and control across the hybrid enterprise, including AWS cloud environments.

ExtraHop Reveal(x) AMI uses Amazon VPC Traffic Mirroring to provide the network detection and response (NDR) capabilities that make Gartner's SOC Visibility Triad in the cloud possible. With real-time detection, guided investigation workflows, cloud-native packet capture (PCAP), and built-in response automation capabilities, Reveal(x) AMI gives your team the flexibility to take control of your hybrid and cloud security.

Reveal(x) AMI is a virtual appliance you deploy into an Amazon VPC, making it easy to scale and enabling SecOps to confidently detect, investigate, and respond to threats. AWS customers can also choose our SaaS-based solution, ExtraHop Reveal(x) Cloud.

Complete Visibility


Automatically discover and classify every asset in your cloud infrastructure, including rogue instances. Understand the relationships between applications with automated dependency mapping. Unlike logs or agent-based solutions, Reveal(x) AMI gives you east-west visibility across all AWS workloads—including into SSL/TLS encrypted traffic—in real time and at scale.

Real-Time Detection


Harden your attack surface by improving cloud hygiene and compliance with real-time detection of behaviors that infer misconfigurations, anomalous behavior, and malicious activity. Reveal(x) AMI uses cloud-based machine learning that leverages more than 5,000 wire data features to accurately identify threats whenever they occur within or across cloud workloads.

Guided Investigation


Get to forensic-level evidence in clicks. Reveal(x) AMI automates the first several steps of the investigation workflow, and you can correlate real-time detections from ExtraHop with data from AWS EC2 and S3, Amazon CloudTrail and CloudWatch, plus Amazon VPC Flow Logs and other tools to give your team comprehensive insight across the hybrid attack surface.

 Image

Quote Icon

With Reveal(x) Cloud, ExtraHop is delivering a purpose-built solution designed to enable AWS customers to take full advantage of network traffic for better cloud visibility, detection, and response.

Dave Brown Vice President, EC2 Compute & Networking Services, Amazon Web Services, Inc.

Uphold Your Half of the Shared Responsibility Model

CSPs, with their deep security budgets and rosters of talent, do an excellent job of securing their side of the Shared Responsibility Model, but many cloud customers struggle to uphold their half. Through 2022, Gartner predicts 95% of the cloud security failures will have occurred on the customer side of the Shared Responsibility Model.

A new integration between ExtraHop Reveal(x) AMI and AWS supports a response automation to quarantine compromised AWS workloads as they're detected. Plus, the integration enables security teams to create custom automations for ticketing, tagging, blocking, and more. With cloud-native continuous packet capture, Reveal(x) AMI enables analysts to gather forensic-level evidence.

Reveal(x) AMI also provides the complete visibility, real-time detection, and guided investigations necessary to secure your cloud investment. Learn more about how ExtraHop helps organizations fulfill their half of the shared responsibility model here.

Test your knowledge by taking our interactive shared responsibility quiz!

Ready to Learn How It Works?

Explore Reveal(x) Cloud
Demo Image

Launch the Demo

Stop data exfiltration, insider threats, and more with your live, interactive demo.

Start Demo