ExtraHop RevealX

ExtraHop offers a platform, RevealX, that delivers network detection and response (NDR), network performance monitoring (NPM), intrusion detection (IDS) and packet forensics from a single, all-in-one hardware or virtual appliance. Available in on-premises or SaaS-based deployments, RevealX It enables customers to observe network traffic, detect threats, and investigate and respond to security incidents and performance issues. ExtraHop recently unveiled a further expansion of its integration with the CrowdStrike Falcon platform, giving joint customers the option to use CrowdStrike Falcon LogScale next-gen SIEM for its record store with on-premises deployments. Furthermore, it has unveiled a major partnership to expand the use of CrowdStrike solutions – endpoint detection and response (EDR), security information and event management (SIEM), and threat intelligence – to enable RevealX to conduct even more extensive investigations. Integrations with other partners‘ EDR and SIEM solutions have also recently been (and will continue to be) enhanced.

Customer Quotes

“We had tested a number of solutions but none of them offered us deep visibility without compromising on performance until we evaluated ExtraHop.”
Romain Verginol, CISO, Cegedim

“The benefit is clear – the ability to troubleshoot and get to the root cause of the problem ten times faster with ExtraHop allows us to quickly demonstrate its value back to the business.”
Steve Bamford, Senior network engineer, IG Group

“We had instant confidence in the tool. The ability to essentially plug and play meant we started to see returns on our investment almost right away.”
Richard Stepanek, CIO, Central Oregon Radiology Associates

ExtraHop’s technology is cloud-native and extremely scalable. For customers requiring on-premises deployment, RevealX can be supplied on hardware appliances, with throughput of up to 100Gbps (including decryption) where needed.

RevealX enables threats to be detected throughout the on-premises, hybrid, and multi-cloud network, including endpoints and traffic flows into and out of the network. It can deal with the details of almost 100 protocols used across IT applications, including some very niche examples
(e.g. HL7, which is used to connect MRI scanners to other medical systems). It has recently expanded its offerings with some important new capabilities. Its Smart Investigations capabilities enable automatic identification and generation of investigations of threats that have been detected, aided by contextual awareness of the customer’s environment. By correlating detections, it points analysts to the most critical events on which to focus, enabling greater efficiency and accelerating investigations to improve response times. Detection, investigations, and threat hunting also enable analysis of complex issues relating to potential problems with files found on networks, across a range of file types and their use by threat actors. The RevealX platform utilises a large language model to provide security analysts with a natural language query capability they can use to quickly find vulnerable devices and proactively hunt for threats. This reduces complexity for analysts and enables faster identification and resolution of security issues. RevealX has long used machine learning to enable analysis and better identify outlier conditions, and a ‘big data’ approach is used to improve the performance of analysis tasks.

The partnership with CrowdStrike takes advantage of CrowdStrike’s threat intelligence capabilities, providing real-time network indicators and metadata to ExtraHop customers. It uses behavioural analysis to better detect threats and provide context related to the severity of the threat encountered and to accelerate investigations (including mapping to MITRE and OWASP, as appropriate).

ExtraHop has a long heritage in the markets it serves, shows high levels of innovation and has a strong roadmap, with enhancements released every quarter. Its product components are tightly integrated into its RevealX platform and it has a wide roster of partnerships for added capabilities. Its features make it easy to use and its strong technology make it fit for its intended purposes. It reports high levels of growth and is well suited to a wide range of customers, from small companies to large multinationals for which it is highly scalable to meet their needs.

The bottom line

ExtraHop is positioned as a Champion in the NDR Market Updates published by Bloor Research. It is considered to be a leading player in the market, offering good value and performance.