Darktrace vs ExtraHop Reveal(x) comparison

Cancel
You must select at least 2 products to compare!
Darktrace Logo
11,713 views|6,859 comparisons
ExtraHop Networks Logo
3,732 views|2,708 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Jan 17, 2024

We compared ExtraHop Reveal(x) and Darktrace based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:

  • Ease of Deployment: According to user feedback, ExtraHop Reveal(x) has a more involved setup process that requires coordination among different teams, hardware installation, and configuration. On the other hand, Darktrace is described as easy and straightforward, with some users reporting quick installation times. However, Darktrace might need additional customization and configuration for optimal performance.
  • Features: ExtraHop Reveal(x) is highly praised for its extensive security capabilities, analytics functionalities, and advanced threat hunting capabilities. Meanwhile, Darktrace stands out for its exceptional ability to autonomously detect and monitor threats, utilize AI-driven pattern detection, and provide in-depth insights into network activity.
  • Room for Improvement: Regarding ExtraHop Reveal(x), users suggest focusing on agent management, expanding cloud capabilities, increasing integration partners, and offering user certifications or training programs. Meanwhile, for Darktrace, there is room for improvement in reducing false positives, enhancing pricing flexibility, strengthening integration capabilities, and prioritizing usability and user-friendliness.
  • Pricing and ROI: ExtraHop Reveal(x) has varying setup costs, including discounts for educational institutions, but there are extra charges for integration and hardware. In comparison, Darktrace is often regarded as costly, particularly for smaller businesses, though it does provide negotiation possibilities for a potentially reduced expense. Both products offer different pricing structures and considerations in terms of affordability. ExtraHop Reveal(x) has demonstrated a clear positive effect on operations, leading to faster troubleshooting and efficient problem isolation. It enables quick issue identification, facilitating prompt resolution and improving overall service and productivity. In contrast, Darktrace proves useful in identifying system vulnerabilities and defending against attacks, ensuring user protection. However, accurately measuring its return on investment presents difficulties.
  • Service and Support: Both ExtraHop Reveal(x) and Darktrace have received positive feedback for their customer service and support. Users have praised ExtraHop Reveal(x) for excellent troubleshooting and Darktrace for their responsiveness and helpfulness. However, concerns have been raised regarding the sporadic quality and response time of ExtraHop Reveal(x), while suggestions for improvement have been made for Darktrace in terms of complex deployments and response speed.

Comparison Results: Based on the comparisons between ExtraHop Reveal(x) and Darktrace, ExtraHop Reveal(x) has a more complex setup process requiring coordination and involving multiple teams, while Darktrace's setup is generally considered simple and straightforward. ExtraHop Reveal(x) is praised for its advanced features and user-friendly interface, while Darktrace's biggest strength lies in its ability to autonomously detect and monitor threats. ExtraHop Reveal(x) could improve in terms of agent management, integration partners, and pricing, while Darktrace could benefit from reducing false positives and enhancing usability. Darktrace is often seen as expensive, whereas pricing reviews for ExtraHop Reveal(x) vary. ExtraHop Reveal(x) has had a significant positive impact on operations and offers strong customer support, while Darktrace excels in monitoring, protection, and providing insights into network activity, with customers expressing satisfaction with its customer service.

To learn more, read our detailed Darktrace vs. ExtraHop Reveal(x) Report (Updated: March 2024).
763,955 professionals have used our research since 2012.
Featured Review
Irwin Gibson
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.""We have found the product to be stable and issue-free.""What I like about Darktrace, is that you can quickly identify threats.""The product can scale.""The most valuable features of Darktrace are its full capabilities. You have visibility of everything.""Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.""It provides a comprehensive, detailed view of network activity and whatever is happening inside it.""It has helped the organization to detect any malware affecting the machines...The network monitoring and the email monitoring features are very valuable for us."

More Darktrace Pros →

"It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network.""We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well.""ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting.""The solution's ability to decrypt SSL traffic is its most valuable feature.""With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer. This can be helpful for detecting network attacks. Additionally, I really like the customizable dashboards and reports. The incident dashboard and alerts provide a good summary initially, and diving deeper into them gives more detailed information. It's also great for analyzing specific attacks and victim logs. The feature that tracks the full attack chain makes it easier to monitor the progress of attacks. Plus, it's connected to the Netria.com app, which I find useful for certain tasks.""The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies.""The security features of this solution are the most valuable.""The solution works well for sending sensors."

More ExtraHop Reveal(x) Pros →

Cons
"I would like for the product to work on the endpoints as well. I would like to see enhanced visibility into the endpoints and network but this solution only sits on the network itself.""I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there.""The product doesn't have an endpoint agent that can react to triggers set on the device,""It could build in integrations for some complementary products, but it has an assistant plugin so this is not really a big deal.""The pricing is a bit high for the region.""I believe their network monitoring device licensing module could use some improvement.""The program is quite expensive.""The solution would benefit from automation. Currently, you have to know what you are searching for."

More Darktrace Cons →

"The solution is expensive and gets more expensive if a company needs to scale it.""The solution's reporting part and GUI are areas with certain shortcomings where improvements are required.""Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting.""There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that""They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot.""ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x).""The solution’s pricing could be improved.""It needs integration with more security vendors."

More ExtraHop Reveal(x) Cons →

Pricing and Cost Advice
  • "It is inexpensive considering what it can do and the competition."
  • "The pricing is a little high compared to the competition."
  • "Our customers feel that the price of Darktrace is quite high compared to other solutions."
  • "The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
  • "When it comes to large installations, it can be expensive, but for small accounts it's fine."
  • "It is a very expensive product."
  • "It is expensive. I don't have the price for other competitors."
  • "This solution is expensive."
  • More Darktrace Pricing and Cost Advice →

  • "I would rate the price a three out of five. It could be less expensive."
  • "I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
  • "The solution is based on an annual subscription model and is expensive."
  • "I rate the price of ExtraHop Reveal(x) a seven on a scale of one to ten, where one is a high price, and ten is a low price."
  • More ExtraHop Reveal(x) Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    763,955 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Both of these products perform similarly and have many outstanding attributes CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
    Top Answer:A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time.
    Top Answer:We just did an assessment for our 47 datacenters around North America. The top two enterprise-level network monitoring solutions were ExtraHop first, Riverbed SteelCenter second. Their negotiated cost… more »
    Top Answer:One I am looking closely at is AppNeta. They have an appliance that can digest the flow and do a better job than Netflow The other one we are using is ExtraHop.  This has both a Datacenter… more »
    Top Answer:With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer… more »
    Ranking
    Views
    11,713
    Comparisons
    6,859
    Reviews
    30
    Average Words per Review
    407
    Rating
    8.2
    Views
    3,732
    Comparisons
    2,708
    Reviews
    9
    Average Words per Review
    543
    Rating
    8.6
    Comparisons
    Also Known As
    Reveal(x), Revealx
    Learn More
    Overview

    Darktrace is a leading cybersecurity solution that leverages artificial intelligence and machine learning to provide advanced threat detection, response, and risk management capabilities. Many reviewers find Darktrace's AI and machine-learning capabilities to be valuable. They appreciate its ability to detect anomalies and threats that might go unnoticed by traditional security tools. Overall, the general sentiment towards Darktrace from reviewers is positive. Users seem to appreciate its scalability, stability, AI capabilities, visibility, and ease of use.

    Darktrace offers a proactive and intelligent approach to cybersecurity. It utilizes AI algorithms to learn and understand the 'pattern of life' for every user and device within a network. This understanding enables it to detect anomalies that could signify a cyber threat, from subtle insider threats to more obvious ransomware attacks.

    Its adaptability, autonomous response features, and comprehensive network visibility make it a top-tier solution for different sizes of organizations and across many industries. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021 and protects over 8,800 organizations globally from advanced cyber threats.

    Darktrace Cyber AI Loop

    The Darktrace Cyber AI Loop introduces an advanced artificial intelligence-based system for cybersecurity, designed to build a self-improving defense mechanism. This system functions like a closed loop, where each stage feeds information and insights into the next, amplifying the overall effectiveness of the platform.

    The key components of the loop are:

    • DETECT - An AI engine that monitors your network and endpoints for anomalous activity, constantly learning the normal behavior of your users and devices. It identifies suspicious patterns and potential threats in real-time, even from never-before-seen attacks.
    • PREVENT - This proactive arm analyzes vulnerabilities and identifies weaknesses in your IT infrastructure. It prioritizes patching and configuration changes to harden defenses before attackers can exploit those vulnerabilities.
    • RESPOND - When DETECT identifies a threat, RESPOND takes immediate action to contain and neutralize it. This can involve isolating compromised devices, disrupting attacker activity, and automatically escalating critical incidents to human analysts.
    • HEAL - This newest addition to the loop focuses on post-incident recovery. It automatically restores compromised systems, cleans infected files, and helps to prevent the attack from spreading further.

    Darktrace's AI algorithms can identify threats that traditional security tools might miss. It continuously learns and updates its understanding of what is normal for each environment, ensuring that it can quickly detect and respond to unusual activities that could indicate a breach. Darktrace's Antigena module can autonomously respond to threats in real time. This is particularly crucial in containing fast-moving threats like ransomware, where every second counts. 

      Darktrace's solution provides unparalleled visibility into all parts of the network, including cloud services, IoT devices, and industrial control systems. This comprehensive coverage ensures that no part of the network is left unprotected. However, while the Darktrace Cyber AI Loop offers a robust solution, it is not a complete cure-all and requires careful implementation and integration with existing security frameworks.Darktrace offers a comprehensive and unified approach to cybersecurity. It provides continuous protection against known and unknown threats, regardless of where they emerge. Darktrace's solutions provide visibility into your cloud infrastructure, continuous monitoring of application usage and communication patterns (e.g., identification of suspicious actions like unauthorized data access), comprehensive email security that goes beyond traditional spam and phishing filters, real-time protection for endpoints, and continuous monitoring of network traffic and device activity.

      Darktrace also provides specialized coverage to secure your zero-trust architecture. Identifies compromised identities, unauthorized access attempts, and risky data exfiltration within a least-privilege environment. Finally, it has a dedicated solution for safeguarding industrial control systems and critical infrastructure. Monitors communication patterns, device behavior, and physical access within OT environments, protecting against operational disruptions and cyberattacks.

      ExtraHop Reveal(x) is a highly effective network traffic analysis (NTA) solution that leverages a cloud-native architecture to empower organizations to overcome a world filled with increasingly sophisticated threats. It identifies 25% more threats than its competitors. Additionally, organizations that employ Reveal(x) say they resolve issues 77% percent faster than they would if they were using other similar solutions.

      ExtraHop Reveal(x) Benefits

      Some of the ways that organizations can benefit by choosing to deploy ExtraHop Reveal(x) include:

      • Total network visibility. Reveal(x) gives users the ability to view every component of their network and devices connected to it in real time. It can automatically recognize and classify the devices that are communicating across an organization’s network. These devices are scanned by powerful decryption software that reveals hidden threats and the details of critical transactions without compromising privacy or compliance rules. Organizations are given full East-West visibility across both physical data centers and cloud environments. Threats that are on the periphery are brought to the attention of the administrators tasked with watching out for them.
      • Identify threats in real time. Reveal(x) extracts more than 5,000 features from the L2-L7 security layers at any given time, feeds them into its machine learning engine, and presents them to its rule-based detection feature. These features make it possible for the solution to identify the most severe threats. Users can conduct a threat triage and address the threats that their system detects in the order of severity that these threats represent.
      • Ease of use. Users of Reveal(x) can easily make full use of its event remediation features without expending long periods of time learning them. Its workflows are designed so that administrators can go from a security event to the cause of the event in only a couple of clicks. What would normally take hours can be completed in moments.

      ExtraHop Reveal(x) Features

      • Integration suite. Reveal(x) enables users to utilize a robust suite of integrations. If users feel they are missing important capabilities, they can bolster their security feature toolbox with those offered by third-party solutions. Phantom, Splunk, and Palo Alto are three examples of solutions that Reveal(x) enables users to connect to in order to fill in a gap in their security capabilities.
      • Automated inventory. Reveal(x) automatically creates a detailed inventory of all of the devices that it discovers and classifies. This keeps an always up-to-date record of all of the devices that are communicating in a given network.

      • Machine learning. Reveal(x)’s real-time application analytics is driven by a machine learning engine. It detects anomalies in an organization’s network traffic, thus enabling users to keep ahead of any and all threats while reducing the number of false positives that administrators have to sort through.

      Reviews from Real Users

      ExtraHop Reveal(x) is a solution that stands out when compared to many other similar solutions. Two major advantages that it offers are its versatility and its ability to quickly identify the root cause of an application’s issues.

      John B., the senior monitoring engineer at a financial services firm, says, “It's useful for different teams in our organization. The cybersecurity team uses it because it has got great analytics for anomaly detection, malware detection, and ransomware. It's used by the networking people because it's great to be able to get the three-way handshake between systems to see how your network is doing. The microservices for DNS use it because they like to be able to see how their DNS services are operating and how many DNS requests are being rejected, denied, or dropped. Application people love it because it fully decrypts their traffic.

      Henry S., a systems engineer at LifePoint Health, writes, "When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."

      Sample Customers
      Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
      Wood County Hospital
      Top Industries
      REVIEWERS
      Financial Services Firm19%
      Computer Software Company13%
      Healthcare Company6%
      Manufacturing Company6%
      VISITORS READING REVIEWS
      Computer Software Company16%
      Financial Services Firm8%
      Government7%
      Comms Service Provider7%
      REVIEWERS
      Security Firm22%
      Computer Software Company22%
      Financial Services Firm22%
      Educational Organization11%
      VISITORS READING REVIEWS
      Computer Software Company15%
      Financial Services Firm15%
      Government7%
      Manufacturing Company7%
      Company Size
      REVIEWERS
      Small Business51%
      Midsize Enterprise20%
      Large Enterprise29%
      VISITORS READING REVIEWS
      Small Business30%
      Midsize Enterprise19%
      Large Enterprise52%
      REVIEWERS
      Small Business23%
      Midsize Enterprise23%
      Large Enterprise54%
      VISITORS READING REVIEWS
      Small Business20%
      Midsize Enterprise14%
      Large Enterprise66%
      Buyer's Guide
      Darktrace vs. ExtraHop Reveal(x)
      March 2024
      Find out what your peers are saying about Darktrace vs. ExtraHop Reveal(x) and other solutions. Updated: March 2024.
      763,955 professionals have used our research since 2012.

      Darktrace is ranked 1st in Network Traffic Analysis (NTA) with 32 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 10 reviews. Darktrace is rated 8.2, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Darktrace writes "A stable, scalable, and valuable tool that provides excellent network monitoring". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "Does full decryption at 100 Gbps, reduces our MTTR, and has great analytics". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Rapid7 InsightIDR, whereas ExtraHop Reveal(x) is most compared with Vectra AI, Corelight, Cisco Secure Network Analytics, Arista NDR and Trend Micro Deep Discovery. See our Darktrace vs. ExtraHop Reveal(x) report.

      See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.

      We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.