ExtraHop Reveal(x) 360 Reviews

I use ExtraHop Reveal(x) 360 as our cloud-native NDR platform, with primary use cases including monitoring real-time network traffic across the north-south environment. While we do not currently focus on east-west traffic, we have plans to enable that capability in our roadmap for upcoming quarters. Additionally, we address advanced threats such as lateral movement and insider threats. We also use the platform for visibility of all encrypted traffic deployed with endpoint agents, supporting incident response investigations integrated with our SIEM and cross-functional threat intelligence sources.

Our SOC team has highlighted several scenarios demonstrating how ExtraHop Reveal(x) 360 helps with incident response investigations. One major threat involved an open port that was not supposed to be part of our standards, which was detected and resolved.

ExtraHop Reveal(x) 360 offers AML-based behavioral detection, good integration with SIEM and SOAR platforms such as Splunk and QRadar, and contextual metadata for faster triage through alerting mechanisms. The platform provides agentless traffic analysis for packet-level visibility and features a cloud-native SaaS architecture that eliminates the need for heavy on-premises management, making these features stronger compared to competitors in the market.

The behavioral detection that our SIEM identified was enhanced by ExtraHop Reveal(x) 360, providing an in-depth summary of a specific host. The process was quicker than expected, consuming less than a day for complete approvals, isolation, and resolution.

One challenge with ExtraHop Reveal(x) 360 is its pricing, which tends to be comparatively high in the marketplace. Initial setup requires significant effort to get the platform tuned up to speed, which can be difficult. Additionally, the dashboards could benefit from enriched customizations, advanced features for learning, and detailed documentation to assist with complex integrations.

I have been using ExtraHop Reveal(x) 360 for close to three and a half years, deploying it in our cloud environments, specifically in Azure and AWS, while we maintain a different solution on-premises for our cloud detection and response needs.

ExtraHop Reveal(x) 360 performs stably under high traffic loads. While there is a cost associated with the load sent, the cloud-hosted analytics layer alleviates infrastructure-related performance bottlenecks, enhancing visibility into encrypted traffic and making the platform more suitable for hybrid and large enterprise networks such as ours.

The platform has proven to be stable and performs consistently even under high traffic loads. Quick auto-upgrade solutions for sensors prevent any major disruptions and mitigate infrastructure-related performance bottlenecks.

ExtraHop Reveal(x) 360's scalability is well-defined, facilitating ease of growth for enterprise environments. The cloud-native architecture manages large traffic volumes across distributed settings without significant performance degradation, allowing us to add more sensors as needed.

The support we receive from ExtraHop is very good, responsive, and knowledgeable.

ExtraHop support provides dedicated engineers who check in bi-weekly, demonstrating knowledge and responsiveness. They address technical gaps by consulting their internal engineering team to deliver solutions during onboarding and tuning.

We did not use any solution prior to ExtraHop Reveal(x) 360, but we evaluated a few options including Vectra AI. We recognized ExtraHop's stronger depth in packet-level visibility and encrypted traffic analysis as the key factors in our choice.

One challenge with ExtraHop Reveal(x) 360 is its pricing, which tends to be comparatively high in the marketplace. Initial setup requires significant effort to get the platform tuned up to speed, which can be difficult.

I evaluated Vectra AI and another solution, likely involving Cisco. However, ExtraHop's depth of packet-level visibility and encrypted traffic analysis made it the standout option.

We have covered most of the features over the past three years and look forward to discovering more as we work closely with the ExtraHop technical team, who are open to sharing what they have developed.

Pricing is on the higher side, typically based on load, volume of traffic, and deployment scale. The advanced detection capabilities provide significant value in reducing investigation time, making the licensing and pricing acceptable for larger organizations.

ExtraHop Reveal(x) 360 has undeniably improved our security posture, reduced manual investigation efforts, and facilitated fast threat detection mechanisms, which all help prevent costly potential breaches in enterprise environments.

ExtraHop Reveal(x) 360's SaaS environment is well-suited for cloud, on-premises, and hybrid environments, effectively addressing real-life scenarios involving east-west and north-south traffic. The platform is recommended for large organizations in need of comprehensive detection capabilities. I would rate this product overall as an 8 out of 10.

We were seeking a solution that can effectively identify security incidents within our networks, providing a level of visibility that surpasses what other products with agents currently offer. Additionally, we have a critical need for robust asset management capabilities. Traditional agent-based products fall short in comparison to what we can automatically glean from our network. Our third priority lies in network hardening. We aim to rapidly identify vulnerabilities and weaknesses, a task that has historically been time-consuming or, in some cases, nearly impossible. The ability to receive comprehensive information within a mere three minutes is crucial for enhancing our network security posture.

We only used it on PoV. But we have already easily identified the places that need attention. So we can say that the product starts bringing valuable data to the company from the very first minutes of use.

Additionally, I would like to mention the option to purchase an additional NPM licence which enables the statistics and network metrics module for NOC. For example, this solution will help in troubleshooting network and AD.

It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management. Its strengths lie in its outstanding user interface, streamlined implementation, and efficient ongoing support. With a commendably low false positive rate, it minimizes operational efforts, allowing for quick comprehension and configuration. A notable advantage is its licensing based on MAC addresses, providing a more accurate representation of real devices and potential cost savings.

The NDR feature analyzes network traffic, creating records with connection details. While these records offer insights, there's a limitation in investigating payloads directly. ExtraHop provides an option for an additional server to save payloads, but its temporary storage has constraints. Unlike some competitors, it lacks an automatic payload-saving feature for each detection, presenting an improvement opportunity. Suggested enhancement involves the main sensor prompting payload storage for specific detections, streamlining the investigation process, and contributing to a more efficient workflow. A drawback includes packet storage limitations for payload data, necessitating timely extraction for thorough investigations.

I have been working with it for several weeks.

Occasionally, when I click on a link, I receive a page error, and after a few refreshes, it starts working again. I'm unsure whether the issue lies on my side or theirs, and we need to identify the cause. It's worth noting that this happens infrequently, and the rest of the system operates smoothly without any errors.

The solution scales well, supports network traffic analysis in the cloud. Of course, it is limited due to the limitations of the cloud itself. The servers are very powerful. For example, a 1U server can handle 25 Gbps of traffic. When there are solutions that require 2 2U servers for such performance.

We used LogRhythm NetMon, but it had reached its life cycle and had basic functionality.

The initial setup was straightforward.

The implementation process was swift, taking only an hour. After receiving sign-up emails, I completed a questionnaire, discussed the architecture, and a dedicated environment with the correct naming was promptly set up. Upon receiving an invitation, I set a password, and enabled Multi-Factor Authentication, gaining full access to the client environment. A server arrived via post, and following documentation instructions, I installed it in our data center, handling all cabling. During a call with a technical engineer, we configured the server together, initiating data transmission to the cloud environment. In the cloud, I easily customized settings and added users and the essential setup was complete.

The pricing is dependent on the network size, typically falling into the six-digit range. When compared to other solutions, it aligns with the market average, indicating a competitive pricing level.

Yes. LogRhythm NDR and DarkTrace.

I recommend prioritizing demos over POCs when engaging with vendors. Organizing POCs involves significant time and resource investments for both parties. Instead, invest time in multiple demo sessions, exploring the product in various scenarios and comparing capabilities against a predefined list of success criteria. Create a detailed success criteria list initially. Identify a top vendor based on these criteria, saving time and resources. Overall, I would rate it nine out of ten.

The solution is primarily used for network detection and response. We collect network traffic with it.

We can use the solution for detection, which is quite helpful. We can see if some port is connected that shouldn't be. There's machine learning that helps with detection. 

The initial setup is very easy.

It is scalable.

The solution is very stable. 

There needs to be more support.

We'd like to see more protocols. There are some basic protocols, however, there needs to be more. 

I've used the solution for one and a half years. 

It's very stable. There are no bugs or glitches. It doesn't crash or freeze. You don't need to upgrade in order to get better performance. 

The solution is scalable. It's easy to expand the storage of the cloud as needed. Of course, it will cost extra if you expand.

We have 200 to 300 people using the solution. 

I haven't directly dealt with technical support. We just use the solution to detect and respond and reach out to the client if we see anything. The solution does seem to need more support in general. 

The solution is straightforward to implement. It's on the cloud, which makes it simple. We just send the traffic to the cloud.

It took about two to three days to have everything implemented. 

Before deployment, we just customized some desktops to provide more security. 

The licensing is paid annually. 

If a company wants to build a security operations center, this solution may help. 

I'd rate the solution eight out of ten. 

It is very easy to collect and handle data in ExtraHop Reveal(X) Cloud. Integration with Big Data is also easy. Many of our customers integrate it with Big Data platforms like Splunk or Elastic.

It is also easy to handle and easy to understand.

They can include integration with SAP. Currently, no vendor provides network performance monitoring in the SAP market. It is a very big market. We have around 400 customers for SAP in Korea. In the USA, there are more than 10,000 customers. 

I am a distributor. One of our customers started to use ExtraHop Reveal(X) Cloud three years ago. They are very satisfied with this product. They bought another one this year.

We have one more customer who bought this solution five years ago. They already have a very good impression of this solution. 

It is scalable. It is five times more scalable than other competitors like Riverbed. 

Their technical support is more effective and of better quality than other competitors. They have more people for service and distribution. 

Their professional service can be improved. Service is essential for customers.

It is easy to install and implement.

In Korea, game companies, telecom companies, and retail companies usually use cloud deployment. The finance and manufacturing companies use on-premises deployment.

Korean customers have a nice impression of this product. ExtraHop is a leading vendor in Korea. It may be number one in the Network Purpose Monitoring (NPM) market in Korea. They, however, are not a large cloud company. They don't have enterprise customers. They also don't have a large customer base in the cloud environment in countries like the USA. 

I would recommend this solution. ExtraHop is a technical company. ExtraHop CEO, CMO, and CTO are technical people. They are oriented towards technology and are developing their product features for customers. They have very good skills in providing product functionality to customers.

I would rate ExtraHop Reveal(X) Cloud an eight out of ten.