Network Traffic Analysis

Comprehensive network visibility is the linchpin for successful IT security.

Your Network Is Already a Security Platform

Every threat travels on the network. To maintain a consistently strong security posture in the face of advanced threats, you need full visibility into network behavior in real time.

Today's Security Tools Are Fighting Yesterday's Battles

Security tools like firewalls and old-school antivirus rely on profiles of known threats: they only watch for what they've already seen. Network traffic analysis alerts you to malicious behavior as it occurs and allows you to dig up forensic evidence of past attacks.

Network Security Tools of Today

I don't know what the next threat will be, but I guarantee you one thing: It will involve two hosts communicating over the network.

John Smith Principal Solutions Architect ExtraHop

What Does ExtraHop Bring to the Table?

Total Visibility

Comprehensive Visibility

Enterprise networks are big, complex, and multifaceted. To take advantage of the security potential in your network, you need to be able to see into every transaction that passes across it, including the "east-west" traffic between hosts and tiers within your network.

Real Time Insights

Real-Time Insight

Looking at the details of individual transactions is useful in after-the-fact forensics, but it won't help you spot a threat in the first place. Machine learning-driven analysis of structured L2—L7 wire data is the key to real-time threat detection at any stage of the attack lifecycle.

Deep Analytics

Deep Analytics with Long Lookback

Threat actors don't just break in and immediately trash the place. They wait for the perfect moment to strike. You need deep analytics going back months to understand the source of threats, the scope of an incident, and how to root attackers out for good.

Advanced Analytics Backed by Machine Learning

No matter how you run your shop, we'll put money on one universal truth: you don't want more data. You want an easier way to get more value from the data you already have. Enter ExtraHop Addy, the first machine learning service for the network.

Addy takes real-time network analytics and applies advanced algorithms, heuristics, and crowd-sourced feedback to build continuous baselines for every device, system, and application. Always on and always learning, Addy surfaces anomalous behavior so your team can act the moment a threat touches your network.

Observed Behavior

  • Detect anomalous events based on actual traffic in your environment
  • See malicious behavior as it happens, even zero-day attacks
  • Record all network activity, not only flagged events or signatures

Risk Identification

  • Identify sensitive data passed in the clear or use of banned ports, protocols, and services (PPS)
  • Continuously monitor activity such as movement of data between zones and privileged user accounts
  • Simplify audit reporting with continuous and pervasive monitoring of network activity

Threat Response

  • Immediately and automatically receive deep analytics surrounding suspicious events
  • Access forensic data going back months to easily investigate the full scope and nature of an attack
  • Empower security analysts and threat-hunt teams with real-time visibility into all activity on the network

Customer Success


With ExtraHop and the SIEM we've built around it, our security guys have—at most—two windows they need to look at. One tells them what's going on, the other one tells them what has gone down and how to fix it. My goal is always to be within four clicks of any incident.

Mike Sheward Principal Security Architect

How ExtraHop Fits

No team is an island ... but it often feels that way. When your network comes under attack, however, every minute spent struggling to communicate across monitoring interfaces and data silos gives bad actors more time to wreak havoc. ExtraHop removes that stress by adapting to your workflow and streamlining the processes you're already comfortable with.

Tool Integration

  • Automate intelligent firewall and Network Access Control (NAC) actions with a REST API
  • Stream real-time analytics to SIEM platforms for correlation and forensic investigation
  • Auto-generate and assign tickets in platforms like ServiceNow based on anomaly alerts from ExtraHop

Cross-Team Collaboration

  • Instantly share rich, comprehensive analytics between teams
  • Investigate suspicious behavior down to the transaction level across all applications, devices, and networks within a single UI
  • Enable multiple teams to customize analytics and metrics in real time

Customer Success


Practice Fusion

For EHR provider Practice Fusion, ensuring the security of their application and the data it contains is critical. Senior Network Engineer Alan Shortz and his team use ExtraHop to track the use of industry standard protocols and cipher suites across devices as well as integration partners to ensure they are maintaining the highest security standards. The team also uses the ExtraHop platform's network traffic analysis to identify security incidents like Shellshock in their environment before they can turn into costly breaches.

See ExtraHop in Action

Explore the interactive demo to see how quickly you can find insights that move your IT environment—and your business—forward.

Additional Resources

Use Cases