ExtraHop Reveal(x) uses stream processing to auto-discover and classify every transaction, flow, session, device, and asset in your enterpriseincluding data centers, cloud-hosted applications, remote branches, and IoTat up to 100 Gbps. Reveal(x) analyzes and extracts features from more than 50 enterprise protocols, including SSL/TLS encrypted traffic, to give your team the high-fidelity insights about your internal (east-west) environment that are vital to detecting and stopping sophisticated threats.

Analytics and Investigation for IT Operations

ExtraHop Reveal(x) Technical Architecture

Network file system and infrastructure

Use ExtraHops real-time anomaly detection and auto-discovery to automate incident response and update your CMDB in real time.

Reveal(x) vs. Darktrace in a Brute Force Attack

An attacker is progressively moving through your network from device to device in search of data and critical assets that are ultimately the target of their attack campaign. Reveal(x) detects unusual movement of users or data within your network.

Detecting Russian Cyber Attacks with ExtraHop Reveal(x)

ExtraHop uses cookies to improve your online experience. By using this website, you consent to the use of cookies.Learn More

Internet communications and telephony

451 Research: Reveal(x) SWOT Analysis

Modern security programs need a new source of insight, one that provides empirical evidence to help analysts rapidly triage, investigate, and remediate high risk threats.

Security and Performance for the Hybrid Enterprise

Reveal(x): Analytics and ML for the Modern SOC

Automatically correlate analytics from ExtraHop with Phantoms security orchestration for real-time threat response.

When Reveal(x) surfaces suspicious behavior, youll receive full context and precise packet details within seconds of detection. Automate anomaly-driven response workflows in SIEM platforms and management tools so you can quarantine infected systems, initiate containments, and focus human time and energy where its most valuable.

Strengthen your Splunk security posture with ExtraHops passive enterprise monitoring and real-time visibility.

Quickly prioritize human expertise and radically speed up investigations with full context and workflow automation

External communications and email servers

Authentication, authorization, and access control

Threat Visibility for Cyber Hunters

ExtraHop Reveal(x) is the only network traffic analyzer that combines automated asset discovery and classification with cloud-based machine learning, anomaly detection, and automated peer grouping with a focus on critical assets. Reveal(x) bakes risk scoring and threat correlation into the investigation workflow: no false positives, no alert cannon, just the deep context and high-fidelity insight your team needs to protect what matters most.

EMA Research: What Differentiates Reveal(x)

Reveal(x) vs. Darktrace: Product Comparison

ExtraHop Reveal(x) automatically detects and classifies everything communicating on the network, making it simple to identify the most critical assets in any environment, and focus on securing them. On top of that, Reveal(x) conducts deeper analysis on your most critical assets than any other security tool, providing timely insights when and where they matter most.

Visualize everything in a live activity map and click down into transaction records and even precise packet details

Auto-discover and classify everything in your enterprise with need-to-know decryption of encrypted traffic

Integrate CloudWatch and VPC NetFlow data into your ExtraHop wire data for complete visibility across your hybrid enterprise.

Machine learning is only as powerful as the data you give it. ExtraHop Reveal(x) processes over 1 PB of data per day and selectively guides its machine learning models with more than 4,600 wire data metrics, allowing for unmatched breadth, accuracy, and focus in behavioral analytics.

The Critical Assets Filter for the SOC

An attacker has compromised a device and is using it to learn about your network. The attacker is looking for potential targets (critical assets) and associated vulnerabilities. Reveal(x) detects when an internal device is performing suspicious scans of devices, ports, services, applications, or files on your network as well as attempts to gain direct control of resources.

Without ExtraHop, the investigation would have taken days or weeks, exposing [us] to potentially catastrophic risk. Even the FBI was impressed when they found out how quickly we identified and contained the threat!

Case Study: Wood County Hospital Hunts Ransomware

ExtraHop Reveal(x) is a network traffic analysis solution that provides crucial threat intelligence, ML, and investigation automation so security teams can act with confidence and speed.

A compromised device on your network is attempting to contact an attackers external Command and Control (C&C) server. Once a connection is established, the C&C server can send additional malware, instructions for remote remote execution, and/or payloads required to support the attack. Reveal(x) detects when an internal device is communicating to a suspicious system outside of your network in support of an attack.

An attacker is attempting an unauthorized transfer data from your network to a system the attacker controls. Reveal(x) detects unusual transfers of data from devices within your network to external systems.

Leave a Comment