We performed a comparison between Corelight and ExtraHop Reveal(x) based on real PeerSpot user reviews.
Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is easy to deploy and easy to handle."
"It's easy to create additional dashboards specific to supporting specific tasks."
"The most valuable feature is the embedded IDS from Suricata."
"Corelight is easy to use."
"It's an easy way for us to get visibility in a client's environment."
"The solution works well for sending sensors."
"With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks."
"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"Setting up the solution is relatively easy."
"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
"The security features of this solution are the most valuable."
"We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well."
"Machine learning could be a good improvement, but it's very costly."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"Corelight hasn’t added features in a long time."
"In the next release, building a graphical user interface would be helpful."
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"It needs integration with more security vendors."
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."
"There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"
"I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me."
"Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data."
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"The solution is expensive and gets more expensive if a company needs to scale it."
Corelight is ranked 7th in Network Traffic Analysis (NTA) with 5 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews. Corelight is rated 9.0, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Corelight writes "An open-source solution that gave us insight into our clients' network traffic flow ". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". Corelight is most compared with Darktrace, Vectra AI, Cisco Secure Network Analytics, Arista NDR and SolarWinds NetFlow Traffic Analyzer, whereas ExtraHop Reveal(x) is most compared with Darktrace, Vectra AI, Cisco Secure Network Analytics, Arista NDR and ExtraHop Reveal(x) 360. See our Corelight vs. ExtraHop Reveal(x) report.
See our list of best Network Traffic Analysis (NTA) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.