What is our primary use case?
ExtraHop is basically an NDR solution - Network Detection and Response. It's a cloud-based offering.
If you want to look at real-time traffic to see what's happening in and out, in terms of malicious traffic throughout the network, you can reveal the suspicious activity using the ExtraHop NDR solution.
It maps the complete network topology so it looks for devices and it builds a complete network, builds a path. It looks for the misconfiguration of the devices and so on. It gives you full 360-degree visibility into your entire infrastructure. For example, it can show you what components are residing, what vulnerabilities it has, and so forth.
What is most valuable?
When it comes to ExtraHop, it has a very useful feature. Not only can you look at the protocol import level. It also has a live PCAP analysis. Therefore, even if you have PCAP files, Packet Capture files, you can run and have a live recording of the PCAP. That's something this is unique. Otherwise, it's very similar to NetBrain. I wouldn't call it an NDR, however, ExtraHop is mainly comparable to an NDR provider.
The solution is stable.
The setup is simple.
What needs improvement?
The solution could get more aggressive in the discounting of the overall cost.
Support could be better. We'd like to see a local presence within the region in order to have seamless service whether it's the support, the implementation, or professional services.
For how long have I used the solution?
As resellers, we've proposed this product on a number of projects.
Buyer's Guide
IT Operations Analytics
January 2023
Find out what your peers are saying about ExtraHop Networks, Splunk, Moogsoft and others in IT Operations Analytics. Updated: January 2023.
670,400 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable and reliable. There are no bugs or glitches and it doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution is scalable in the sense the appliance is size-based on the throughput - how much traffic pipe you want to ingest. It's a license-based product and the way it is set up makes it scalable.
For example, if you got an appliance of GB, and, after one year, if you wanted to increase the throughput of that appliance, you could simply buy the original license. It's a software upgrade.
How are customer service and support?
In terms of support, it's always being backed from HQ. A lot of these vendors nowadays, such as ExtraHop or Fidelis, don't have a local support center here based in like UAE. I'm based in UAE. However, they enable using the support through HQ (which is not in UAE).
With the first level of support, you will receive help from the sales engineer and through your partners or distributors who are based within the specific region. They will guide you. However, in case of a disaster, a software upgrade, or malfunctioning of the software, then you will have the proper technical support that's based somewhere in the US.
Support doesn't have to be faster as this solution is not a very critical solution. It will not impact or bring down your production. It's an out-of-the-box solution. Even if it is down for eight hours, there is no downtime or impact on the production networks. Therefore a lot of vendors are providing the standard support that's basically the next business day or the same day.
Which solution did I use previously and why did I switch?
I'm also familiar with NetBrain, which is more of an NDR solution.
How was the initial setup?
The product offers a simple, straightforward setup. It's not overly complex or difficult.
What's my experience with pricing, setup cost, and licensing?
Price-wise, it's head to head in cost compared to the other competitors. They're not selling their product at a premium. It's comparable to the market competitors. It's in the same range. It's also subscription-based licensing. The terms can last up to three years.
What other advice do I have?
We are a reseller. The solution can be used both on the cloud and on-premises.
I'd recommend the solution in general.
I'd rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: