ExtraHop Reveal(x) OverviewUNIXBusinessApplication

ExtraHop Reveal(x) is the #5 ranked solution in Network Traffic Analysis tools and top Network Detection and Response (NDR) tools. PeerSpot users give ExtraHop Reveal(x) an average rating of 9.0 out of 10. ExtraHop Reveal(x) is most commonly compared to Darktrace: ExtraHop Reveal(x) vs Darktrace. ExtraHop Reveal(x) is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.
ExtraHop Reveal(x) Buyer's Guide

Download the ExtraHop Reveal(x) Buyer's Guide including reviews and more. Updated: December 2022

What is ExtraHop Reveal(x)?

Reveal(x) provides the visibility, insights, and answers that security analysts need to respond quickly and confidently to the highest priority threats against their organization's critical assets. It starts by automatically discovering and classifying every device communicating across the network, and using machine-learning driven behavioral analysis to detect anomalous and malicious activity.

ExtraHop Reveal(x) was previously known as Reveal(x), Revealx.

ExtraHop Reveal(x) Customers

Wood County Hospital

ExtraHop Reveal(x) Video

ExtraHop Reveal(x) Pricing Advice

What users are saying about ExtraHop Reveal(x) pricing:
  • "I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
  • "I would rate the price a three out of five. It could be less expensive."
  • ExtraHop Reveal(x) Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    John Boake - PeerSpot reviewer
    Senior monitoring engineer at a financial services firm with 10,001+ employees
    Real User
    Top 5
    Does full decryption at 100 Gbps, reduces our MTTR, and has great analytics
    Pros and Cons
    • "It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network."
    • "Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."

    What is our primary use case?

    It's used by application owners and network engineers for troubleshooting application performance issues or network performance issues.

    It's a hybrid solution. We have on-prem sensors and trace appliances and a cloud control appliance.

    How has it helped my organization?

    It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network.

    It's useful for different teams in our organization. The cybersecurity team uses it because it has got great analytics for anomaly detection, malware detection, and ransomware. It's used by the networking people because it's great to be able to get the three-way handshake between systems to see how your network is doing. 

    The microservices for DNS use it because they like to be able to see how their DNS services are operating and how many DNS requests are being rejected, denied, or dropped. Application people love it because it fully decrypts their traffic. On the server side, they can see what's going on, how many methods are running, and which users are doing it. If there is a long-running process, what the SSL handshake looks like and how long does it take to figure out which cipher suite you're going to use and get it working.

    What is most valuable?

    I like their dashboards. It has machine learning, and it has great analytics for security, network, and microservice performance.

    Out of the box, with very little configuration, it does more than all the other tools. The features that other vendors promise to be available within six months to a year of purchase are already available in this product.

    What needs improvement?

    Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting.

    The beautiful thing about the company that runs ExtraHop is that when we go to them with feature requests or with things that we would like to see, they're really good at getting them added. The most recent one that we're looking for is being able to limit the packets that users can download. So, if you're an administrator, you should be able to download a full packet capture with the full packet, but if you're just an engineer or an application person just looking at your application header traffic, you don't need to see any payload data. We want to be able to limit that traffic. We want to limit who can see the payload, and we can do that. The vendor is putting that into the tool for us. It's going to be done before the end of the year.

    Buyer's Guide
    ExtraHop Reveal(x)
    December 2022
    Learn what your peers think about ExtraHop Reveal(x). Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    656,474 professionals have used our research since 2012.

    For how long have I used the solution?

    Our company has been using it for eight or nine years. I've been using it for five years, and I've been the subject matter expert over it for the last two years.

    What do I think about the stability of the solution?

    One series of hardware that we ordered with the same sequential serial numbers has issues, but the rest of the hardware is rock solid. The operating system they put on this, the firmware, the versions, and everything that they run is pretty good. I don't have an issue with the appliances, but the initial release of these new 10k appliances has had some issues.

    What do I think about the scalability of the solution?

    It's very scalable. I have close to a thousand users who use this tool or have access to the tool. They are DBAs, application people, networking people, and security people. It's used by all of them. It's a great tool.

    It's being used globally. We always have plans to increase the usage. The more people use it, the harder it's to get rid of it.

    How are customer service and support?

    They're great. I would rate them a ten out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    At this company, I did not use any other solution.

    How was the initial setup?

    It was pretty straightforward. After you've done it once or twice, it's pretty simple and straightforward.

    It was really easy and straightforward for me. The problem is that there are so many bits and pieces that are required on the outside in order to get the inside working. It reads packet data. So, I have to somehow get the packets to the appliances. The complexities come in when you are trying to create the packet stuff on the outside. 

    It has taken us two years to do this implementation. The hardware is easy to put in, but I work with so many other groups that it's difficult to get the time and resources to get hardware racked, get IP addresses, and get cabling done. It's all done by different teams. Our company makes it difficult. If I was at my previous company, it would be a breeze because I would just order the hardware, and I would rack it myself. I would cable it myself, IP it myself, hook it up at the switch myself, and do all the configuration myself, but because I have to go through so many other teams and groups, it's much more difficult now.

    What about the implementation team?

    It was done in-house. I'm the only person who takes care of its deployment and maintenance.

    What was our ROI?

    It reduces our MTTR. The mean time to repair is reduced dramatically because you can quickly isolate where the problem is. I can quickly say the problem is not a network-related problem. It’s a server-related problem or an application-related problem. The return on investment on this one is probably seen in the first year of purchase.

    We have some fairly hefty applications. We're a finance company. So, we're constantly processing banking information, credit card information, and online transactional information. It's constantly running through our mainframes or data centers. So, it's invaluable that we keep the lights on and these applications running as smoothly and as efficiently as possible.

    Which other solutions did I evaluate?

    We've done our due diligence and research on other products such as Riverbed and NetScout. This product is by far the supreme leader. It does full decryption currently at a hundred gigabits per second on a single appliance. Their next generational appliances are going up to 400 gigabits per second. That's full decrypt, which means a consistent rate. So, it can decrypt packets and store over 4,000 metrics from these packets. It's an invaluable tool.

    What other advice do I have?

    I would say absolutely go for it. It's a well-rounded product. The company is nimble enough to be able to implement change.

    I would rate it a nine out of ten because there is always room for improvement.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Henry-Steinhauer - PeerSpot reviewer
    Systems Engineer at LifePoint Health
    Real User
    Top 5Leaderboard
    It enabled us to create dynamic triggers that allow us to inspect packet flow in real-time.
    Pros and Cons
    • "When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
    • "They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."

    What is our primary use case?

    We are a healthcare organization with more than 80 facilities, but I'm the only one who uses ExtraHop. When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment.

    We set up a number of traffic sources that are typically either ERSPANs or TAPs and place ExtraHop appliances at critical places within the network. That traffic is typically fed into a packet. We have four small devices designed to go into small data centers. We're continually rotating those around to different facilities to help identify issues. They have helped us to understand what's going on.

    The ExtraHop appliance enables you to do what an expert using Wireshark can do. However, it's all in the firmware, so you can do real-time analysis without the need to boil terabytes worth of data to find out what's happening.

    How has it helped my organization?

    We've been able to leverage the information to show other vendors we use that there are issues with the SaaS solution they provide to our EMR physicians. At the top of every hour, they were doing a data recovery operation in the event of an outage of some sort. That was preventing our physicians from using the application. 

    It only lasted about five minutes, but the physicians had to stop working. Of course, when they called the support desk and finally reached a support person, the vendor insisted it was our problem, not theirs. This data helped to prove it was their problem. They eventually brought in some other consultants from the hardware vendor and corrected the issue.

    What is most valuable?

    ExtraHop enables us to create dynamic triggers that allow us to inspect packet flow in real-time.

    What needs improvement?

    They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot. 

    For how long have I used the solution?

    We've been using ExtraHop for seven years, but the Reveal process has only been available for around three years.

    What do I think about the stability of the solution?

    They do routine updates of their firmware roughly every month, so they're continually adding more ability to decode and analyze the traffic flow.

    What do I think about the scalability of the solution?

    ExtraHop is highly scalable. However, you may exceed the capacity of a small device and need to upgrade to a larger one. The smaller devices have worked well for us, but you might need to upgrade to a newer one, so they've been aggressive on their pricing.

    How are customer service and support?

    I rate ExtraHop support nine out of 10. I've frequently worked with ExtraHop them, and they've always been excellent. 

    Which solution did I use previously and why did I switch?

    We considered using Riverbed's analysis tools for this type of process, but it never panned out. It was always a problem to get into the right spot to grab the data we needed, but that was always challenging with their devices.

    How was the initial setup?

    Setting up ExtraHop is complex because we needed a nuanced understanding of the data flows into our data center. We need to know where things are coming into the environment versus where we thought they were entering. It's a complicated process of setting up the network taps and sending the data into a packet broker that forwards it to our ExtraHop device.

    The packet broker was required because we had so many different taps bringing data into the ExtraHop. ExtraHop only had four interfaces to receive data, yet we had 20 different taps that had been placed. Some of those taps required two interfaces each to absorb the data that was tapped.

    What about the implementation team?

    We did it all in-house.

    What was our ROI?

    ExtraHop has improved our service drastically. In that sense, it has saved us money because we can quickly identify problems. 

    What's my experience with pricing, setup cost, and licensing?

    I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments.

    What other advice do I have?

    I rate ExtraHop Reveal(x) 12 out of 10. My advice to new users is to learn Wireshark first. You'll better understand what ExtraHop can do for you.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    ExtraHop Reveal(x)
    December 2022
    Learn what your peers think about ExtraHop Reveal(x). Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    656,474 professionals have used our research since 2012.
    Jordan Swanson - PeerSpot reviewer
    Information Security Assurance Engineer at School District of Lee County
    Real User
    Top 5
    It helps you visualize how data moves across your network
    Pros and Cons
    • "Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
    • "There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"

    What is our primary use case?

    Initially, we deployed Reveal as a standalone solution for network detection and response. It provided us with data and analytics on server-to-server enterprise networking. We used it to gain visibility into the amount of traffic and where it's going. For example, it will say that 28 gigs of data went to Google and break that down based on all the sites that have been visited. 

    It also tells you about the authentication data and helps you visualize how data moves across your network. Based on that, you can adjust the routing tables to make things work a little more evenly. It will also help you identify specific types of malware and how it moves across devices, what protocols and ports it uses, etc.

    Unlike Crowdstrike, Reveal(x) doesn't require you to deploy sensors. CrowdStrike puts a sensor on the computer, so I know exactly how many devices are going through it. It's roughly 50,000. Those aren't people using it. Those are just devices that exist in the world. ExtraHop just looks at traffic, so each device connected to the network goes through it, and that's around 230,000 devices, and it's monitoring all the traffic to and from the internet.

    How has it helped my organization?

    We have a lot of other devices that do more analytics based on utilization instead of the actual configuration and management, but Reveal X gives us insight from a security standpoint into uptime, downtime, data aggregation, types of data, suspicious activity, etc.

    What is most valuable?

    Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server.

    It's a ton of data. CrowdStrike looks at anything that's on the machine and the network. Instead of having hard points on your network core switches with some antivirus on it or your firewall or rules at your internet service provider or things managing your cloud for access control, this lets you see actual traffic and it's a little bit more fluid in what you're allowed to see.

    What needs improvement?

    There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that

    For how long have I used the solution?

    I have been using Reveal X for a little less than a year. 

    What do I think about the stability of the solution?

    Reveal(x)'s stability is excellent. 

    What do I think about the scalability of the solution?

    Reveal(x) covers every bit of our network just fine. We started off small to see what it could do. It didn't matter. We opened up the floodgates, and it handled the traffic well.

    How was the initial setup?

    The console is a cloud product. There's also an on-prem server that collects and aggregates the data and sends it to your cloud instance. There's an appliance and a cloud console. Deployment and maintenance require only one person. 

    What was our ROI?

    It picks up on real issues. It alerts you quickly, so you can clean them up. 

    What's my experience with pricing, setup cost, and licensing?

    We get discounts because we're an educational institution, but I think this solution was $150,000 a year. That isn't terrible considering the amount of traffic we're pushing through it. We also need to pay for a separate license to integrate Reveal with CrowdStrike. I think there is a separate charge for hardware, too. 

    What other advice do I have?

    I rate ExtraHop Reveal(x) 10 out of 10. This is more of a nice-to-have rather than a must-have solution. Something like a CrowdStrike or a next-gen AV is an essential product, whereas NDR is more of a nice-to-have thing. If you only have a little bit of traffic, you're probably not going to get anything out of it.

    It's better for a medium-to-large enterprise. It's more appropriate for companies wh a massfootprints or industrial applications using use nonstandard devices. It's helpful for things that use SCADA, the Internet of Things, somethingings that don't fit neatly into other management categories. Itty common for industrial, construction, or maintenance devices to be a little lackluster in their security. 

    Major breaches like the Colonial Pipeline hack and attempted hacks on nuclear power plants all went through Internet of Things vulnerabilities and other devices where security wasn't part of their plan. This helps you cover yourself by monitoring the traffic. With something like  CrowdStrike, you need to put the CrowdStrike sensor on it, but Reveal(x) looks at everything on the network.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Serena Bryson - PeerSpot reviewer
    Information Security Program Manager at a non-profit with 11-50 employees
    Real User
    Top 10
    Useful detection, effective external IP risk mitigation, but longer activity look back needed
    Pros and Cons
    • "The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
    • "ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."

    What is our primary use case?

    We are using ExtraHop Reveal(x) for lateral movement and for behavioral analytics.

    How has it helped my organization?

    ExtraHop Reveal(x) has allowed us to triage the alerts as they're coming in. For example, as detections are noticed, being able to spot any issues within the application or failed access. 

    We also use ExtraHop Reveal(x) for endpoint detection. The ability it has to mitigate risk from external IP addresses has been a lifesaver for us.

    What is most valuable?

    The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies.

    What needs improvement?

    ExtraHop Reveal(x) could improve by allowing a longer look back in the feature.  Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x).

    For how long have I used the solution?

    I have been using ExtraHop Reveal(x) for approximately one year.

    What do I think about the stability of the solution?

    ExtraHop Reveal(x) is stable.

    What do I think about the scalability of the solution?

    The scalability of ExtraHop Reveal(x) is good it picks up the traffic along the network. It picks up everything within our tenant.

    We have approximately 10 people using the solution in my organization.

    We might increase the usage of this solution in the future.

    How are customer service and support?

    The support from ExtraHop Reveal(x) is sporadic, it can be good and it can be poor.

    I rate the support from ExtraHop Reveal(x) a three out of five.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I previously used Darktrace.

    What was our ROI?

    We have received a return on investment using this solution.

    What other advice do I have?

    We have approximately two people who do the maintenance of the solution.

    My advice to others is for them to make sure that ExtraHop Reveal(x) can see everything within their environment. Additionally, review the packet capture and look into the tuning features within it to tune your exceptions. They're pretty granular and don't tune them too broadly to where you exclude things that you want to see.

    I rate ExtraHop Reveal(x) a seven out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Ryan Barker - PeerSpot reviewer
    Technical Account Manager at a security firm with 501-1,000 employees
    Real User
    Top 20
    Secure, simple to install, and has helpful technical support

    What is most valuable?

    The security features of this solution are the most valuable.

    What needs improvement?

    I can't think of anything right now. They meet all of my customers' requirements.

    Additional integration partners would be beneficial.

    I would like to see more cloud capability.

    For how long have I used the solution?

    I have been working with ExtraHop Reveal(x) for four years.

    We are using the latest version.

    What do I think about the stability of the solution?

    ExtraHop Reveal(x) is very stable. We have not experienced any issues.

    I would rate the stability a nine out of ten.

    What do I think about the scalability of the solution?

    Sometimes ExtraHop Reveal(x) is easy to scale. We have had some issues with scalability.

    How are customer service and support?

    I would rate technical support a four out of five. There's a little room for improvement.

    How was the initial setup?

    The initial setup is simple.

    Maintenance requires very little personnel. For example, one person is required for every 100 people.

    What's my experience with pricing, setup cost, and licensing?

    I would rate the price a three out of five. It could be less expensive.

    Which other solutions did I evaluate?

    I have not compared ExtraHop Reveal (x) with other vendors.

    What other advice do I have?

    We are partners with ExtraHop.

    I would rate ExtraHop Reveal(x) a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free ExtraHop Reveal(x) Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2022
    Buyer's Guide
    Download our free ExtraHop Reveal(x) Report and get advice and tips from experienced pros sharing their opinions.