• Home
  • Darktrace vs. ExtraHop Reveal(x)

Darktrace vs ExtraHop Reveal(x) comparison

Cancel
You must select at least 2 products to compare!
Darktrace Logo

Darktrace

Read 65 Darktrace reviews
11,000 views|6,596 comparisons
93% willing to recommend
ExtraHop Networks Logo

ExtraHop Reveal(x)

Read 12 ExtraHop Reveal(x) reviews
3,661 views|2,676 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Darktrace vs. ExtraHop Reveal(x)
March 2024
Executive Summary
Updated on Jan 17, 2024

We compared ExtraHop Reveal(x) and Darktrace based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:

  • Ease of Deployment: According to user feedback, ExtraHop Reveal(x) has a more involved setup process that requires coordination among different teams, hardware installation, and configuration. On the other hand, Darktrace is described as easy and straightforward, with some users reporting quick installation times. However, Darktrace might need additional customization and configuration for optimal performance.
  • Features: ExtraHop Reveal(x) is highly praised for its extensive security capabilities, analytics functionalities, and advanced threat hunting capabilities. Meanwhile, Darktrace stands out for its exceptional ability to autonomously detect and monitor threats, utilize AI-driven pattern detection, and provide in-depth insights into network activity.
  • Room for Improvement: Regarding ExtraHop Reveal(x), users suggest focusing on agent management, expanding cloud capabilities, increasing integration partners, and offering user certifications or training programs. Meanwhile, for Darktrace, there is room for improvement in reducing false positives, enhancing pricing flexibility, strengthening integration capabilities, and prioritizing usability and user-friendliness.
  • Pricing and ROI: ExtraHop Reveal(x) has varying setup costs, including discounts for educational institutions, but there are extra charges for integration and hardware. In comparison, Darktrace is often regarded as costly, particularly for smaller businesses, though it does provide negotiation possibilities for a potentially reduced expense. Both products offer different pricing structures and considerations in terms of affordability. ExtraHop Reveal(x) has demonstrated a clear positive effect on operations, leading to faster troubleshooting and efficient problem isolation. It enables quick issue identification, facilitating prompt resolution and improving overall service and productivity. In contrast, Darktrace proves useful in identifying system vulnerabilities and defending against attacks, ensuring user protection. However, accurately measuring its return on investment presents difficulties.
  • Service and Support: Both ExtraHop Reveal(x) and Darktrace have received positive feedback for their customer service and support. Users have praised ExtraHop Reveal(x) for excellent troubleshooting and Darktrace for their responsiveness and helpfulness. However, concerns have been raised regarding the sporadic quality and response time of ExtraHop Reveal(x), while suggestions for improvement have been made for Darktrace in terms of complex deployments and response speed.

Comparison Results: Based on the comparisons between ExtraHop Reveal(x) and Darktrace, ExtraHop Reveal(x) has a more complex setup process requiring coordination and involving multiple teams, while Darktrace's setup is generally considered simple and straightforward. ExtraHop Reveal(x) is praised for its advanced features and user-friendly interface, while Darktrace's biggest strength lies in its ability to autonomously detect and monitor threats. ExtraHop Reveal(x) could improve in terms of agent management, integration partners, and pricing, while Darktrace could benefit from reducing false positives and enhancing usability. Darktrace is often seen as expensive, whereas pricing reviews for ExtraHop Reveal(x) vary. ExtraHop Reveal(x) has had a significant positive impact on operations and offers strong customer support, while Darktrace excels in monitoring, protection, and providing insights into network activity, with customers expressing satisfaction with its customer service.

To learn more, read our detailed Darktrace vs. ExtraHop Reveal(x) Report (Updated: March 2024).
Download the complete report
767,995 professionals have used our research since 2012.
Featured Review
Serena Bryson
Useful traffic tracing, good support, and beneficial anomaly alerts
Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic... Read more →
Seksan Srisakorn
Researched Darktrace but chose ExtraHop Reveal(x): Stable and works well for sending sensors but is expensive
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The product offers us a very good user interface and we've found the network visibility to be very good so far.""The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff.""I find it very good in the way that they show the past events, including the attack history.""It provides a comprehensive, detailed view of network activity and whatever is happening inside it.""I am impressed with the product's ability to give insights into network traffic.""I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network.""In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.""We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."

More Darktrace Pros →

"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment.""The security features of this solution are the most valuable.""We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well.""The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies.""The solution's initial setup process is easy.""Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server.""Setting up the solution is relatively easy.""ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting."

More ExtraHop Reveal(x) Pros →

Cons
"Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection.""This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious.""I think there is some MSSP missing.""They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity.""Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.""One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network.""A reporting portal could be a great addition to help customize reports.""The pricing is a bit high for the region."

More Darktrace Cons →

"The solution should include more support protocols.""Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data.""They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot.""ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x).""I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me.""The solution is expensive and gets more expensive if a company needs to scale it.""The solution’s pricing could be improved.""There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"

More ExtraHop Reveal(x) Cons →

Pricing and Cost Advice
  • "It is inexpensive considering what it can do and the competition."
  • "The pricing is a little high compared to the competition."
  • "Our customers feel that the price of Darktrace is quite high compared to other solutions."
  • "The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
  • "When it comes to large installations, it can be expensive, but for small accounts it's fine."
  • "It is a very expensive product."
  • "It is expensive. I don't have the price for other competitors."
  • "This solution is expensive."

    • More Darktrace Pricing and Cost Advice →

  • "I would rate the price a three out of five. It could be less expensive."
  • "I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
  • "The solution is based on an annual subscription model and is expensive."
  • "I rate the price of ExtraHop Reveal(x) a seven on a scale of one to ten, where one is a high price, and ten is a low price."

    • More ExtraHop Reveal(x) Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    See Recommendations
    767,995 professionals have used our research since 2012.
    Questions from the Community
    How does Crowdstrike Falcon compare with Darktrace?
    Top Answer:Both of these products perform similarly and have many outstanding attributes CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
    Which is better - SentinelOne or Darktrace?
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
    Read all 7 answers   →
    What do you like most about Darktrace?
    Top Answer:A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time.
    Read all 44 answers   →
    What is the best network monitoring software for large enterprises?
    Top Answer:We just did an assessment for our 47 datacenters around North America. The top two enterprise-level network monitoring solutions were ExtraHop first, Riverbed SteelCenter second. Their negotiated cost… more »
    Read all 18 answers   →
    What open source tool can one use to measure bandwidth from one's upstrea...
    Top Answer:One I am looking closely at is AppNeta. They have an appliance that can digest the flow and do a better job than Netflow The other one we are using is ExtraHop.  This has both a Datacenter… more »
    Read all 5 answers   →
    What do you like most about ExtraHop Reveal(x)?
    Top Answer:With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer… more »
    Read all 10 answers   →
    Ranking
    1st
    out of 24 in Network Traffic Analysis (NTA)
    Views
    11,000
    Comparisons
    6,596
    Reviews
    30
    Average Words per Review
    407
    Rating
    8.2
    5th
    out of 24 in Network Traffic Analysis (NTA)
    Views
    3,661
    Comparisons
    2,676
    Reviews
    9
    Average Words per Review
    543
    Rating
    8.6
    Comparisons
    Also Known As
    Reveal(x), Revealx
    Learn More
    Darktrace
    ExtraHop Networks
    Overview

    Darktrace is a leading cybersecurity solution that leverages artificial intelligence and machine learning to provide advanced threat detection, response, and risk management capabilities. Many reviewers find Darktrace's AI and machine-learning capabilities to be valuable. They appreciate its ability to detect anomalies and threats that might go unnoticed by traditional security tools. Overall, the general sentiment towards Darktrace from reviewers is positive. Users seem to appreciate its scalability, stability, AI capabilities, visibility, and ease of use.

    Darktrace offers a proactive and intelligent approach to cybersecurity. It utilizes AI algorithms to learn and understand the 'pattern of life' for every user and device within a network. This understanding enables it to detect anomalies that could signify a cyber threat, from subtle insider threats to more obvious ransomware attacks.

    Its adaptability, autonomous response features, and comprehensive network visibility make it a top-tier solution for different sizes of organizations and across many industries. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021 and protects over 8,800 organizations globally from advanced cyber threats.

    Darktrace Cyber AI Loop

    The Darktrace Cyber AI Loop introduces an advanced artificial intelligence-based system for cybersecurity, designed to build a self-improving defense mechanism. This system functions like a closed loop, where each stage feeds information and insights into the next, amplifying the overall effectiveness of the platform.

    The key components of the loop are:

    • DETECT - An AI engine that monitors your network and endpoints for anomalous activity, constantly learning the normal behavior of your users and devices. It identifies suspicious patterns and potential threats in real-time, even from never-before-seen attacks.
    • PREVENT - This proactive arm analyzes vulnerabilities and identifies weaknesses in your IT infrastructure. It prioritizes patching and configuration changes to harden defenses before attackers can exploit those vulnerabilities.
    • RESPOND - When DETECT identifies a threat, RESPOND takes immediate action to contain and neutralize it. This can involve isolating compromised devices, disrupting attacker activity, and automatically escalating critical incidents to human analysts.
    • HEAL - This newest addition to the loop focuses on post-incident recovery. It automatically restores compromised systems, cleans infected files, and helps to prevent the attack from spreading further.

    Darktrace's AI algorithms can identify threats that traditional security tools might miss. It continuously learns and updates its understanding of what is normal for each environment, ensuring that it can quickly detect and respond to unusual activities that could indicate a breach. Darktrace's Antigena module can autonomously respond to threats in real time. This is particularly crucial in containing fast-moving threats like ransomware, where every second counts. 

      Darktrace's solution provides unparalleled visibility into all parts of the network, including cloud services, IoT devices, and industrial control systems. This comprehensive coverage ensures that no part of the network is left unprotected. However, while the Darktrace Cyber AI Loop offers a robust solution, it is not a complete cure-all and requires careful implementation and integration with existing security frameworks.Darktrace offers a comprehensive and unified approach to cybersecurity. It provides continuous protection against known and unknown threats, regardless of where they emerge. Darktrace's solutions provide visibility into your cloud infrastructure, continuous monitoring of application usage and communication patterns (e.g., identification of suspicious actions like unauthorized data access), comprehensive email security that goes beyond traditional spam and phishing filters, real-time protection for endpoints, and continuous monitoring of network traffic and device activity.

      Darktrace also provides specialized coverage to secure your zero-trust architecture. Identifies compromised identities, unauthorized access attempts, and risky data exfiltration within a least-privilege environment. Finally, it has a dedicated solution for safeguarding industrial control systems and critical infrastructure. Monitors communication patterns, device behavior, and physical access within OT environments, protecting against operational disruptions and cyberattacks.

      ExtraHop Reveal(x) is a highly effective network traffic analysis (NTA) solution that leverages a cloud-native architecture to empower organizations to overcome a world filled with increasingly sophisticated threats. It identifies 25% more threats than its competitors. Additionally, organizations that employ Reveal(x) say they resolve issues 77% percent faster than they would if they were using other similar solutions.

      ExtraHop Reveal(x) Benefits

      Some of the ways that organizations can benefit by choosing to deploy ExtraHop Reveal(x) include:

      • Total network visibility. Reveal(x) gives users the ability to view every component of their network and devices connected to it in real time. It can automatically recognize and classify the devices that are communicating across an organization’s network. These devices are scanned by powerful decryption software that reveals hidden threats and the details of critical transactions without compromising privacy or compliance rules. Organizations are given full East-West visibility across both physical data centers and cloud environments. Threats that are on the periphery are brought to the attention of the administrators tasked with watching out for them.
      • Identify threats in real time. Reveal(x) extracts more than 5,000 features from the L2-L7 security layers at any given time, feeds them into its machine learning engine, and presents them to its rule-based detection feature. These features make it possible for the solution to identify the most severe threats. Users can conduct a threat triage and address the threats that their system detects in the order of severity that these threats represent.
      • Ease of use. Users of Reveal(x) can easily make full use of its event remediation features without expending long periods of time learning them. Its workflows are designed so that administrators can go from a security event to the cause of the event in only a couple of clicks. What would normally take hours can be completed in moments.

      ExtraHop Reveal(x) Features

      • Integration suite. Reveal(x) enables users to utilize a robust suite of integrations. If users feel they are missing important capabilities, they can bolster their security feature toolbox with those offered by third-party solutions. Phantom, Splunk, and Palo Alto are three examples of solutions that Reveal(x) enables users to connect to in order to fill in a gap in their security capabilities.
      • Automated inventory. Reveal(x) automatically creates a detailed inventory of all of the devices that it discovers and classifies. This keeps an always up-to-date record of all of the devices that are communicating in a given network.

      • Machine learning. Reveal(x)’s real-time application analytics is driven by a machine learning engine. It detects anomalies in an organization’s network traffic, thus enabling users to keep ahead of any and all threats while reducing the number of false positives that administrators have to sort through.

      Reviews from Real Users

      ExtraHop Reveal(x) is a solution that stands out when compared to many other similar solutions. Two major advantages that it offers are its versatility and its ability to quickly identify the root cause of an application’s issues.

      John B., the senior monitoring engineer at a financial services firm, says, “It's useful for different teams in our organization. The cybersecurity team uses it because it has got great analytics for anomaly detection, malware detection, and ransomware. It's used by the networking people because it's great to be able to get the three-way handshake between systems to see how your network is doing. The microservices for DNS use it because they like to be able to see how their DNS services are operating and how many DNS requests are being rejected, denied, or dropped. Application people love it because it fully decrypts their traffic.

      Henry S., a systems engineer at LifePoint Health, writes, "When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."

      Sample Customers
      Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
      Wood County Hospital
      Top Industries
      REVIEWERS
      Financial Services Firm19%
      Computer Software Company13%
      Healthcare Company6%
      Manufacturing Company6%
      VISITORS READING REVIEWS
      Computer Software Company16%
      Financial Services Firm8%
      Government7%
      Comms Service Provider7%
      REVIEWERS
      Security Firm22%
      Computer Software Company22%
      Financial Services Firm22%
      Educational Organization11%
      VISITORS READING REVIEWS
      Computer Software Company15%
      Financial Services Firm15%
      Government7%
      Manufacturing Company6%
      Company Size
      REVIEWERS
      Small Business51%
      Midsize Enterprise20%
      Large Enterprise29%
      VISITORS READING REVIEWS
      Small Business29%
      Midsize Enterprise19%
      Large Enterprise52%
      REVIEWERS
      Small Business23%
      Midsize Enterprise23%
      Large Enterprise54%
      VISITORS READING REVIEWS
      Small Business20%
      Midsize Enterprise14%
      Large Enterprise66%
      Buyer's Guide
      Darktrace vs. ExtraHop Reveal(x)
      March 2024
      Free Report: Darktrace vs. ExtraHop Reveal(x)
      Find out what your peers are saying about Darktrace vs. ExtraHop Reveal(x) and other solutions. Updated: March 2024.
      DOWNLOAD NOW
      767,995 professionals have used our research since 2012.

      Darktrace is ranked 1st in Network Traffic Analysis (NTA) with 65 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews. Darktrace is rated 8.2, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Rapid7 InsightIDR, whereas ExtraHop Reveal(x) is most compared with Vectra AI, Corelight, Cisco Secure Network Analytics, Arista NDR and ExtraHop Reveal(x) 360. See our Darktrace vs. ExtraHop Reveal(x) report.

      See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.

      We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.