ExtraHop Reveal(x) uses stream processing to auto-discover and classify every transaction, flow, session, device, and asset in your enterpriseincluding data centers, cloud-hosted applications, remote branches, and IoTat up to 100 Gbps. Reveal(x) analyzes and extracts features from more than 50 enterprise protocols, including SSL/TLS encrypted traffic, to give your team the high-fidelity insights about your internal (east-west) environment that are vital to detecting and stopping sophisticated threats.
Analytics and Investigation for IT Operations
ExtraHop Reveal(x) Technical Architecture
Network file system and infrastructure
Use ExtraHops real-time anomaly detection and auto-discovery to automate incident response and update your CMDB in real time.
Reveal(x) vs. Darktrace in a Brute Force Attack
An attacker is progressively moving through your network from device to device in search of data and critical assets that are ultimately the target of their attack campaign. Reveal(x) detects unusual movement of users or data within your network.
Detecting Russian Cyber Attacks with ExtraHop Reveal(x)
Internet communications and telephony
451 Research: Reveal(x) SWOT Analysis
Modern security programs need a new source of insight, one that provides empirical evidence to help analysts rapidly triage, investigate, and remediate high risk threats.
Security and Performance for the Hybrid Enterprise
Reveal(x): Analytics and ML for the Modern SOC
Automatically correlate analytics from ExtraHop with Phantoms security orchestration for real-time threat response.
When Reveal(x) surfaces suspicious behavior, youll receive full context and precise packet details within seconds of detection. Automate anomaly-driven response workflows in SIEM platforms and management tools so you can quarantine infected systems, initiate containments, and focus human time and energy where its most valuable.
Strengthen your Splunk security posture with ExtraHops passive enterprise monitoring and real-time visibility.
Quickly prioritize human expertise and radically speed up investigations with full context and workflow automation
External communications and email servers
Authentication, authorization, and access control
Threat Visibility for Cyber Hunters
ExtraHop Reveal(x) is the only network traffic analyzer that combines automated asset discovery and classification with cloud-based machine learning, anomaly detection, and automated peer grouping with a focus on critical assets. Reveal(x) bakes risk scoring and threat correlation into the investigation workflow: no false positives, no alert cannon, just the deep context and high-fidelity insight your team needs to protect what matters most.
EMA Research: What Differentiates Reveal(x)
Reveal(x) vs. Darktrace: Product Comparison
ExtraHop Reveal(x) automatically detects and classifies everything communicating on the network, making it simple to identify the most critical assets in any environment, and focus on securing them. On top of that, Reveal(x) conducts deeper analysis on your most critical assets than any other security tool, providing timely insights when and where they matter most.
Visualize everything in a live activity map and click down into transaction records and even precise packet details
Auto-discover and classify everything in your enterprise with need-to-know decryption of encrypted traffic
Integrate CloudWatch and VPC NetFlow data into your ExtraHop wire data for complete visibility across your hybrid enterprise.
Machine learning is only as powerful as the data you give it. ExtraHop Reveal(x) processes over 1 PB of data per day and selectively guides its machine learning models with more than 4,600 wire data metrics, allowing for unmatched breadth, accuracy, and focus in behavioral analytics.
The Critical Assets Filter for the SOC
An attacker has compromised a device and is using it to learn about your network. The attacker is looking for potential targets (critical assets) and associated vulnerabilities. Reveal(x) detects when an internal device is performing suspicious scans of devices, ports, services, applications, or files on your network as well as attempts to gain direct control of resources.
Without ExtraHop, the investigation would have taken days or weeks, exposing [us] to potentially catastrophic risk. Even the FBI was impressed when they found out how quickly we identified and contained the threat!
Case Study: Wood County Hospital Hunts Ransomware
ExtraHop Reveal(x) is a network traffic analysis solution that provides crucial threat intelligence, ML, and investigation automation so security teams can act with confidence and speed.
A compromised device on your network is attempting to contact an attackers external Command and Control (C&C) server. Once a connection is established, the C&C server can send additional malware, instructions for remote remote execution, and/or payloads required to support the attack. Reveal(x) detects when an internal device is communicating to a suspicious system outside of your network in support of an attack.
An attacker is attempting an unauthorized transfer data from your network to a system the attacker controls. Reveal(x) detects unusual transfers of data from devices within your network to external systems.