Reveal(x) – Network Detection and Response for a secure company


Complete transparency. Real-time threat detection. Intelligent Defense.

Cloud adoption, cluttered tools and increasingly complex encryption methods present resource-poor security teams with the tricky challenge of how to leave outdated solutions and workflows behind and accelerate operations in their hybrid enterprises.

ExtraHop Reveal(x) is an industry-leading solution for Network Detection and Response (NDR) that provides complete visibility, real-time threat detection within the network perimeter, and options for intelligent response at any scale. Reveal(x) outperforms Darktrace, Vectra and other security tools:

Throughput100 Gbps6 Gbps10 Gbps(Flow data only)20 Gbps
Enterprise Application Protocols70+58None10 Gbps
Decryption (on premise and in the cloud)SSL/TLS 1.3SSLLimitedNoNo
Prioritization of critical assetsYesNoNoNoServer/Clients
Investigation automationDetection, CorrelationNoLimited detectionLimited detectionLimited detection
Indexation of transactionsYesNoNoLimitedPrice according to volume
ForensicsContinuous Packet CaptureMinimum Packet CaptureContinuous Packet CaptureNo PCAP, only data enrichmentMinimum Packet Capture
Integration partners30+14+30Under 5Approx. 14
Extensibility (customized dashboards, universal payload analysis)YesNoOnly prefabricatedLimitedYes
AMI deploymentYesNoNoNoNo
Cloud scale25 Gbps sustainable5 GbpsNot published(Flow data only)2 Gbps
Cloud integrations (Azure, AWS, GCP)YesYesYesYesYes
Cloud-native securityYesNoNoYesNo

Threat detection. Nothing is left in the dark.

ExtraHop Reveal(x) analyses data streams to automatically capture and classify all transactions, sessions, devices and resources in your company at up to 100 Gbps. The tool also decodes over seventy company logs and extracts more than 4,800 characteristics for accurate and precise evaluation using machine learning. Take advantage of our NDR solution for the hybrid cloud with Reveal(x) Cloud and Reveal(x) for Azure.

  • New, suspicious and unmanaged devices on the network are automatically detected, so you always have an overview of all active resources.
  • Advanced attacks are fully detected thanks to ML-based behavioral analysis, rules and user-defined mechanisms.
  • Relevant contextual information and evidence is evaluated with just a few clicks, enabling analysts to resolve incidents effectively and reliably.

Insight instead of data trash

  • Automated Inventory: Reveal(x) maintains an up-to-date inventory by automatically recording and classifying all network activity without the need for manual intervention.
  • Matching with peer groups: By automatically dividing devices into precise peer groups, Reveal(x) detects abnormal behavior with only a few false positives.
  • PFS Decryption: Reveal(x) passively decrypts SSL and TLS 1.3 in real time, enabling you to meet compliance requirements and fully disclose encrypted threats.
  • Advanced Machine Learning: Machine Learning and over 5,000 extracted characteristics allow Reveal(x) to identify, prioritize, and highlight threats to your critical assets.
  • Automated examinations: Reveal(x) adds valuable contextual information about the nature and severity of the risk to identified threats based on the entire transaction, allowing you to better coordinate your response.
  • Convincing orchestration of your response: Reveal(x) takes care of threat detection and investigation, while powerful integration with solutions such as Phantom and Palo Alto Networks enables automated countermeasures

Threat detection and response

Tracking active threats may be the first thing people think of when they imagine the SOC at work, but there are few fully trained threat hunters. This is not due to a lack of talent. It’s because many SecOps teams rely on a combination of firewall logs, server logs and signature-driven alerts that lead to a flood of false positives rather than actionable intelligence.

By combining rule-based and behavioral analysis, ExtraHop Reveal(x) can help your SOC stand out from the noise to identify real threats faster – and automate data collection and correlation for radically more efficient investigation. Reveal(x) is the industry leader in Network Detection and Response (NDR) with enterprise-class network traffic analysis that helps you identify suspicious behavior, prioritize investigations of the most risky threats, and automate response.

  • Complete Visibility: Reveal(x) eliminates dark space in your network by converting raw network traffic (including SSL/TLS encrypted traffic) into line data with up to 100 Gbps sustained throughput This gives you real-time visibility into every device, user and asset in your enterprise.
  • Real-time detection: With full-spectrum detection based on a blend of machine learning and rule-based analysis, Reveal(x) intercepts threats that signature-based detection alone is likely to overlook, such as insiders, rogue and low-and-slow attacks
  • Intelligent Response: In addition to one-click exams for each detection, Reveal(x) automatically prioritizes your most important assets so you can easily focus your time and energy. Integration with Phantom, Palo Alto Networks, Nessus, Anomali, Splunk, and others enables lean security teams to respond quickly and confidently to the most important threats.

Turn Tier 1 analysts into Tier 3 experts

Reveal(x) automatically detects and classifies every device on the network and then analyzes every transaction. Even SSL/TLS encrypted traffic is no match for the 70+ enterprise protocols that Reveal(x) can decrypt at up to 100Gbps. In addition to dramatically accelerating detection so that you can reduce the time threats stay in your environment from the current 101-day average to none at all, Reveal(x) offers one-click scanning for every detection.

SecOps teams can click directly into transaction details and even complete packages from anywhere in the Reveal(x) interface. Quick insights help you act quickly and with confidence where human intelligence is needed, while deep integrations with partners such as Phantom, Azure, ServiceNow, Splunk and Palo Alto Networks allow you to automate response workflows such as blocking malicious IP addresses. To the point? Reveal(x) helps you make faster decisions based on more comprehensive knowledge, with far less effort.

Service level discovery and detection for IoT

The incredible proliferation of IoT devices has greatly increased the attack surface for businesses, but discovering, managing and protecting these devices by traditional means is a labor-intensive nightmare. At the same time, with the proliferation of applications and the exploding number and variety of devices on the network, security teams have the task of doing the near impossible: Prevent attackers from using these devices as entry points and attack vectors for lateral movement, on a large scale.

ExtraHop Reveal(x) provides a passive, scalable enterprise IoT solution that you can deploy right out of the box to identify and profile IoT devices, discover and detect the service level. With advanced machine learning that automatically profiles all devices, derives which services they belong to, and identifies violations and threats for rapid remediation, Reveal(x) makes it easy for security and IT teams to support and secure the technologies that drive business growth.

  • Complete visibility: ExtraHop Reveal(x) automatically identifies and profiles all assets on the network, including enterprise IoT devices such as printers, VoIP phones, smart TVs and more, and groups them based on observed behavior. In addition to providing a comprehensive and dynamic view of all IoT devices and services without agents or operational impact, Reveal(x) applies machine learning techniques such as peer group clustering to infer service levels and privilege levels without manual configuration.
  • Real-time detection: Monitoring and detection with Reveal(x) is passive and hands-free. When Reveal(x) detects threats and anomalous behavior, such as attackers attempting to gain access to IoT devices or moving sideways, Reveal(x) detects threats and anomalous behavior and alerts your team, providing full context, what device may have been compromised and why, what other assets are affected, and what the potential risk is. Because Reveal(x) extracts rich L2-L7 data from network traffic, it enables deeper analysis and continuous behavior monitoring and detection for IoT devices such as VoIP phones, printers, IP cameras, wearables and smartboards.
  • Intelligent Response: In addition to automatically correlating detections across the attack chain so that you can quickly and easily understand the extent of an ongoing attack, and providing recommended next steps for your investigation, Reveal(x) enables automatic policy enforcement based on derived device groups. For example, by integrating enforcement with your existing firewalls and NAC solutions, Reveal(x) allows you to immediately and automatically interrupt network communications following segmentation violations.

Automated audits, faster investigations, easier reporting

As environments become more complex and compliance and encryption regulations become stricter, SecOps is finding it increasingly difficult to answer questions such as “What hardware and software assets use weak encryption methods” or “Is the new device doing something malicious on our network and if so, what? Perimeter and endpoint monitoring can only answer these questions, and neither of them will help you proactively maintain hygiene and compliance on a large scale.

ExtraHop Reveal(x) provides the complete visibility, automated auditing and guided investigation capabilities that help SecOps teams keep a close eye on all the tools and systems at work in their hybrid infrastructures on a large scale. As the industry leader in Network Detection and Response (NDR), Reveal(x) gives you instant answers to complex questions without impacting performance and with far greater accuracy than protocols or humans combined.

  • Complete Visibility: Reveal(x) converts raw network traffic (including SSL/TLS encrypted traffic) into line data analysis with sustained throughput of up to 100 Gbps and automatically detects, classifies, and assigns each asset, device, and user in your environment in real time: no more visibility gaps.
  • Real-time detection: With machine learning trained on more than 5,000 line data metrics, there is no faster or more accurate source of information about what is really going on in your organization – and because Reveal(x) performs network traffic analysis out-of-band, there is no risk of network latency because Reveal(x) detects problems and threats.
  • Smart Response: Because Reveal(x) takes the heavy work out of security hygiene and compliance audits for you, it’s easy to answer questions about encryption strength, data security, and potential vulnerabilities as quickly as you can ask them. When a threat penetrates your security, you get not only the real-time insight you need to stop it quickly, but one-click investigation workflows that simplify and accelerate compliance reporting.

Analysis and automation for a more efficient SOC

The Internet Security Centre calls for various standards or controls for SecOps to keep their environments secure. Number one and two? Inventory and control of hardware and software assets. Reveal(x) does the first part for you by automatically detecting and classifying every device communicating over the network and analyzing over 70 enterprise protocols at up to 100Gbps.

On the control side, Reveal(x) goes all the way to parsing transactions at the application layer (L7) and automatically detects any weak ciphers used in your organization. Reveal(x) also alerts you when certificates are about to expire (or have already expired) and can automate audits for all types of compliance requests. You’ll know what’s on your network, what each device says, when new devices are connected, and exactly where you need to use human expertise.

Not only does Reveal(x) provide unmatched visibility into your environment, it’s also the only NDR solution that provides role-based, on-demand decryption for SSL/TLS 1.3 encrypted traffic: Decrypt only the exact packets you need to investigate a threat, while respecting data protection requirements.

Analysen und Automatisierung für ein effizienteres SOC


Data Sheet



We are happy to advise you and look forward to