Darktrace vs ExtraHop Reveal(x) comparison

You must select at least 2 products to compare!
Darktrace Logo
10,772 views|6,445 comparisons
93% willing to recommend
ExtraHop Networks Logo
3,622 views|2,664 comparisons
100% willing to recommend
Comparison Buyer's Guide
Executive Summary
Updated on Jan 17, 2024

We compared ExtraHop Reveal(x) and Darktrace based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:

  • Ease of Deployment: According to user feedback, ExtraHop Reveal(x) has a more involved setup process that requires coordination among different teams, hardware installation, and configuration. On the other hand, Darktrace is described as easy and straightforward, with some users reporting quick installation times. However, Darktrace might need additional customization and configuration for optimal performance.
  • Features: ExtraHop Reveal(x) is highly praised for its extensive security capabilities, analytics functionalities, and advanced threat hunting capabilities. Meanwhile, Darktrace stands out for its exceptional ability to autonomously detect and monitor threats, utilize AI-driven pattern detection, and provide in-depth insights into network activity.
  • Room for Improvement: Regarding ExtraHop Reveal(x), users suggest focusing on agent management, expanding cloud capabilities, increasing integration partners, and offering user certifications or training programs. Meanwhile, for Darktrace, there is room for improvement in reducing false positives, enhancing pricing flexibility, strengthening integration capabilities, and prioritizing usability and user-friendliness.
  • Pricing and ROI: ExtraHop Reveal(x) has varying setup costs, including discounts for educational institutions, but there are extra charges for integration and hardware. In comparison, Darktrace is often regarded as costly, particularly for smaller businesses, though it does provide negotiation possibilities for a potentially reduced expense. Both products offer different pricing structures and considerations in terms of affordability. ExtraHop Reveal(x) has demonstrated a clear positive effect on operations, leading to faster troubleshooting and efficient problem isolation. It enables quick issue identification, facilitating prompt resolution and improving overall service and productivity. In contrast, Darktrace proves useful in identifying system vulnerabilities and defending against attacks, ensuring user protection. However, accurately measuring its return on investment presents difficulties.
  • Service and Support: Both ExtraHop Reveal(x) and Darktrace have received positive feedback for their customer service and support. Users have praised ExtraHop Reveal(x) for excellent troubleshooting and Darktrace for their responsiveness and helpfulness. However, concerns have been raised regarding the sporadic quality and response time of ExtraHop Reveal(x), while suggestions for improvement have been made for Darktrace in terms of complex deployments and response speed.

Comparison Results: Based on the comparisons between ExtraHop Reveal(x) and Darktrace, ExtraHop Reveal(x) has a more complex setup process requiring coordination and involving multiple teams, while Darktrace's setup is generally considered simple and straightforward. ExtraHop Reveal(x) is praised for its advanced features and user-friendly interface, while Darktrace's biggest strength lies in its ability to autonomously detect and monitor threats. ExtraHop Reveal(x) could improve in terms of agent management, integration partners, and pricing, while Darktrace could benefit from reducing false positives and enhancing usability. Darktrace is often seen as expensive, whereas pricing reviews for ExtraHop Reveal(x) vary. ExtraHop Reveal(x) has had a significant positive impact on operations and offers strong customer support, while Darktrace excels in monitoring, protection, and providing insights into network activity, with customers expressing satisfaction with its customer service.

To learn more, read our detailed Darktrace vs. ExtraHop Reveal(x) Report (Updated: May 2024).
772,127 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The product can scale.""In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.""The most valuable feature has been the behavioral analytics that allows us to monitor all the traffic.""The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise.""I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it.""The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.""We have found the product to be stable and issue-free.""The product offers us a very good user interface and we've found the network visibility to be very good so far."

More Darktrace Pros →

"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies.""Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server.""The solution works well for sending sensors.""We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well.""Setting up the solution is relatively easy.""ExtraHop Reveal(x) is one of the tools that works out of the box when it comes to threat hunting.""The security features of this solution are the most valuable.""The solution's ability to decrypt SSL traffic is its most valuable feature."

More ExtraHop Reveal(x) Pros →

"The price point for the product was too high for what our possible use case could be.""It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.""Upper management wasn't sold on the value proposition.""Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product.""In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from.""I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint.""The product doesn't have an endpoint agent that can react to triggers set on the device,""Needs to improve its collaboration with local partners."

More Darktrace Cons →

"Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data.""There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that""ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x).""The solution’s pricing could be improved.""They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot.""The solution should include more support protocols.""I think the tuning capabilities could be improved. We're working on minimizing false positives. Apart from that, everything seems fine to me.""I would like to see more cloud capability."

More ExtraHop Reveal(x) Cons →

Pricing and Cost Advice
  • "It is inexpensive considering what it can do and the competition."
  • "The pricing is a little high compared to the competition."
  • "Our customers feel that the price of Darktrace is quite high compared to other solutions."
  • "The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
  • "When it comes to large installations, it can be expensive, but for small accounts it's fine."
  • "It is a very expensive product."
  • "It is expensive. I don't have the price for other competitors."
  • "This solution is expensive."
  • More Darktrace Pricing and Cost Advice →

  • "I would rate the price a three out of five. It could be less expensive."
  • "I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
  • "The solution is based on an annual subscription model and is expensive."
  • "I rate the price of ExtraHop Reveal(x) a seven on a scale of one to ten, where one is a high price, and ten is a low price."
  • More ExtraHop Reveal(x) Pricing and Cost Advice →

    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    772,127 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Both of these products perform similarly and have many outstanding attributes CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a… more »
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
    Top Answer:A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time.
    Top Answer:We just did an assessment for our 47 datacenters around North America. The top two enterprise-level network monitoring solutions were ExtraHop first, Riverbed SteelCenter second. Their negotiated cost… more »
    Top Answer:One I am looking closely at is AppNeta. They have an appliance that can digest the flow and do a better job than Netflow The other one we are using is ExtraHop.  This has both a Datacenter… more »
    Top Answer:With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    Reveal(x), Revealx
    Learn More

    Darktrace is a leading cybersecurity solution that leverages artificial intelligence and machine learning to provide advanced threat detection, response, and risk management capabilities. Many reviewers find Darktrace's AI and machine-learning capabilities to be valuable. They appreciate its ability to detect anomalies and threats that might go unnoticed by traditional security tools. Overall, the general sentiment towards Darktrace from reviewers is positive. Users seem to appreciate its scalability, stability, AI capabilities, visibility, and ease of use.

    Darktrace offers a proactive and intelligent approach to cybersecurity. It utilizes AI algorithms to learn and understand the 'pattern of life' for every user and device within a network. This understanding enables it to detect anomalies that could signify a cyber threat, from subtle insider threats to more obvious ransomware attacks.

    Its adaptability, autonomous response features, and comprehensive network visibility make it a top-tier solution for different sizes of organizations and across many industries. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021 and protects over 8,800 organizations globally from advanced cyber threats.

    Darktrace Cyber AI Loop

    The Darktrace Cyber AI Loop introduces an advanced artificial intelligence-based system for cybersecurity, designed to build a self-improving defense mechanism. This system functions like a closed loop, where each stage feeds information and insights into the next, amplifying the overall effectiveness of the platform.

    The key components of the loop are:

    • DETECT - An AI engine that monitors your network and endpoints for anomalous activity, constantly learning the normal behavior of your users and devices. It identifies suspicious patterns and potential threats in real-time, even from never-before-seen attacks.
    • PREVENT - This proactive arm analyzes vulnerabilities and identifies weaknesses in your IT infrastructure. It prioritizes patching and configuration changes to harden defenses before attackers can exploit those vulnerabilities.
    • RESPOND - When DETECT identifies a threat, RESPOND takes immediate action to contain and neutralize it. This can involve isolating compromised devices, disrupting attacker activity, and automatically escalating critical incidents to human analysts.
    • HEAL - This newest addition to the loop focuses on post-incident recovery. It automatically restores compromised systems, cleans infected files, and helps to prevent the attack from spreading further.

    Darktrace's AI algorithms can identify threats that traditional security tools might miss. It continuously learns and updates its understanding of what is normal for each environment, ensuring that it can quickly detect and respond to unusual activities that could indicate a breach. Darktrace's Antigena module can autonomously respond to threats in real time. This is particularly crucial in containing fast-moving threats like ransomware, where every second counts. 

      Darktrace's solution provides unparalleled visibility into all parts of the network, including cloud services, IoT devices, and industrial control systems. This comprehensive coverage ensures that no part of the network is left unprotected. However, while the Darktrace Cyber AI Loop offers a robust solution, it is not a complete cure-all and requires careful implementation and integration with existing security frameworks.Darktrace offers a comprehensive and unified approach to cybersecurity. It provides continuous protection against known and unknown threats, regardless of where they emerge. Darktrace's solutions provide visibility into your cloud infrastructure, continuous monitoring of application usage and communication patterns (e.g., identification of suspicious actions like unauthorized data access), comprehensive email security that goes beyond traditional spam and phishing filters, real-time protection for endpoints, and continuous monitoring of network traffic and device activity.

      Darktrace also provides specialized coverage to secure your zero-trust architecture. Identifies compromised identities, unauthorized access attempts, and risky data exfiltration within a least-privilege environment. Finally, it has a dedicated solution for safeguarding industrial control systems and critical infrastructure. Monitors communication patterns, device behavior, and physical access within OT environments, protecting against operational disruptions and cyberattacks.

      ExtraHop Reveal(x) is a highly effective network traffic analysis (NTA) solution that leverages a cloud-native architecture to empower organizations to overcome a world filled with increasingly sophisticated threats. It identifies 25% more threats than its competitors. Additionally, organizations that employ Reveal(x) say they resolve issues 77% percent faster than they would if they were using other similar solutions.

      ExtraHop Reveal(x) Benefits

      Some of the ways that organizations can benefit by choosing to deploy ExtraHop Reveal(x) include:

      • Total network visibility. Reveal(x) gives users the ability to view every component of their network and devices connected to it in real time. It can automatically recognize and classify the devices that are communicating across an organization’s network. These devices are scanned by powerful decryption software that reveals hidden threats and the details of critical transactions without compromising privacy or compliance rules. Organizations are given full East-West visibility across both physical data centers and cloud environments. Threats that are on the periphery are brought to the attention of the administrators tasked with watching out for them.
      • Identify threats in real time. Reveal(x) extracts more than 5,000 features from the L2-L7 security layers at any given time, feeds them into its machine learning engine, and presents them to its rule-based detection feature. These features make it possible for the solution to identify the most severe threats. Users can conduct a threat triage and address the threats that their system detects in the order of severity that these threats represent.
      • Ease of use. Users of Reveal(x) can easily make full use of its event remediation features without expending long periods of time learning them. Its workflows are designed so that administrators can go from a security event to the cause of the event in only a couple of clicks. What would normally take hours can be completed in moments.

      ExtraHop Reveal(x) Features

      • Integration suite. Reveal(x) enables users to utilize a robust suite of integrations. If users feel they are missing important capabilities, they can bolster their security feature toolbox with those offered by third-party solutions. Phantom, Splunk, and Palo Alto are three examples of solutions that Reveal(x) enables users to connect to in order to fill in a gap in their security capabilities.
      • Automated inventory. Reveal(x) automatically creates a detailed inventory of all of the devices that it discovers and classifies. This keeps an always up-to-date record of all of the devices that are communicating in a given network.

      • Machine learning. Reveal(x)’s real-time application analytics is driven by a machine learning engine. It detects anomalies in an organization’s network traffic, thus enabling users to keep ahead of any and all threats while reducing the number of false positives that administrators have to sort through.

      Reviews from Real Users

      ExtraHop Reveal(x) is a solution that stands out when compared to many other similar solutions. Two major advantages that it offers are its versatility and its ability to quickly identify the root cause of an application’s issues.

      John B., the senior monitoring engineer at a financial services firm, says, “It's useful for different teams in our organization. The cybersecurity team uses it because it has got great analytics for anomaly detection, malware detection, and ransomware. It's used by the networking people because it's great to be able to get the three-way handshake between systems to see how your network is doing. The microservices for DNS use it because they like to be able to see how their DNS services are operating and how many DNS requests are being rejected, denied, or dropped. Application people love it because it fully decrypts their traffic.

      Henry S., a systems engineer at LifePoint Health, writes, "When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."

      Sample Customers
      Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
      Wood County Hospital
      Top Industries
      Financial Services Firm19%
      Computer Software Company13%
      Healthcare Company6%
      Manufacturing Company6%
      Computer Software Company16%
      Financial Services Firm8%
      Manufacturing Company7%
      Security Firm22%
      Computer Software Company22%
      Financial Services Firm22%
      Educational Organization11%
      Computer Software Company15%
      Financial Services Firm14%
      Manufacturing Company6%
      Company Size
      Small Business50%
      Midsize Enterprise20%
      Large Enterprise30%
      Small Business30%
      Midsize Enterprise19%
      Large Enterprise51%
      Small Business23%
      Midsize Enterprise23%
      Large Enterprise54%
      Small Business22%
      Midsize Enterprise14%
      Large Enterprise64%
      Buyer's Guide
      Darktrace vs. ExtraHop Reveal(x)
      May 2024
      Find out what your peers are saying about Darktrace vs. ExtraHop Reveal(x) and other solutions. Updated: May 2024.
      772,127 professionals have used our research since 2012.

      Darktrace is ranked 1st in Network Traffic Analysis (NTA) with 65 reviews while ExtraHop Reveal(x) is ranked 5th in Network Traffic Analysis (NTA) with 12 reviews. Darktrace is rated 8.2, while ExtraHop Reveal(x) is rated 8.6. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of ExtraHop Reveal(x) writes "It helps you visualize how data moves across your network". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Rapid7 InsightIDR, whereas ExtraHop Reveal(x) is most compared with Vectra AI, Corelight, Cisco Secure Network Analytics, Arista NDR and ExtraHop Reveal(x) 360. See our Darktrace vs. ExtraHop Reveal(x) report.

      See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.

      We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.