Log In
vendor-logo

ExtraHop Networks Cybersecurity Comparison, Review, Use Cases, News, Pros & Cons

Schedule a Zoom demo
Local sales contact
Request contact

All the tools you need to compare SD WAN vendors. Here's how to start using them now.

  • Use the quick assessment tool and find your perfect SD WAN match
  • View the Marketplace and read extensive research across 30+ solutions
  • Book a Zoom call with an advisor

Learn more about the SD WAN Marketplace, quick assessment and free advisory.

Get everything you need →

Focus

Proposition Focus

17.5%
35%
30%
17.5%
Managed Detection and Response
Network Detection and Response
Cloud Security
Endpoint Security

Cloud Focus

40%
30%
30%
AWS
Azure
Google Cloud

Other Focus

30%
15%
25%
30%
Remote Users
ZTNA
FWaaS
Other Products and Services

Summary

Analyst: Thomas Stroude Contact: tstroude@netify.co.uk 

If you have questions about ExtraHop Networks and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com 

(Please use the UK email for ROW - Rest of the World - questions or enquiries)

 

 

Categories: 

  • Network Detection and Response (NDR) Provider

Sub-categories:

  • Cloud-native NDR
  • Managed Detection and Response (MDR)
  • Cybersecurity Solutions 

Pros:

  • ExtraHop offers Internet of Things (IoT) security services. This helps to reduce the attack surface by securing both managed and unmanaged devices and providing visibility into the network through Service Layer Discovery and Detection for IoT.

  • Comprehensive solution offered as one single product with multiple optional add-on services. These include: SIEM, IoT, Reveal(x) Advisor, SOC Optimisation, Deployment, Application Mapping, Risk Optimisation as well as Business Automation & Transformation service. 

Cons:

  • Do not currently offer full SASE - instead offer endpoint protection via a partnership with CrowdStrike.
     
  • Many of ExtraHop’s technology offerings are via a partnership with a third party company - potentially creating a complex solution. 

Netify Review:

ExtraHop offer a comprehensive Network Detection and Response (NDR) solution with cloud capabilities. The solution has options for cloud-security (AWS, Azure, Google Cloud) and security for remote users, along with MDR solutions and managed services provided by one of ExtraHop’s authorised Managed Services provider partners. ExtraHop is recommended for companies looking for granular NDR and cloud security services. 

However, offerings such as firewalls, Next Generation Firewalls (NGFW), Managed Detection and Response (MDR), Extended Detection and Response (XDR), and managed services are all offered via partnerships with third-party companies. This allows ExtraHop to provide granular and featured services due to collaboration with expertise from other companies. Although this could have the potential to  create a complex solution due to the high number of third-party companies that are involved. 

Contents:

  • About ExtraHop Networks 
  • ExtraHop Networks Products and Services
  • ExtraHop Networks SASE
  • What ZTNA (Zero Trust Network Access) Solution is Supported by ExtraHop Networks? 
  • What CASB (Cloud Access Security Broker) Solution is Supported by ExtraHop Networks?
  • What SWG (Secure Web Gateway) Solution is Supported by ExtraHop Networks?
  • What FWaaS (Firewall as a Service) Solution is Supported by ExtraHop Networks?
  • What MDR (Managed Detection and Response) Solution is Supported by ExtraHop Networks?
  • What NDR (Network Detection and Response) Solution is Supported by ExtraHop Networks?
  • What XDR (Extended Detection and Response) Solution is Supported by ExtraHop Networks?
  • How does ExtraHop Networks Deliver Cloud Security? 
  • What is the ExtraHop Networks Managed, Co-managed and DIY Services Solution?
  • What Reporting and Management is Available via the ExtraHop Networks Portal?
  • How Does ExtraHop Networks Support Remote Users?
  • What is the ExtraHop Networks SLA?
  • Integration Solution Partners
  • Additional Notes

About ExtraHop Networks: 

ExtraHop were founded in 2007, and have their Global Headquarters in Seattle, Washington, North America. Their EMEA Headquarters located in London, United Kingdom and their APAC Headquarters can be found in Singapore. Their Primary focus is on Network Detection and Response. ExtraHop were named as  Leaders in the 2019 Gartner Magic Quadrant for Network Performance Monitoring and Diagnostics and in 2020 they are a Representative Vendor in the Gartner Market Guide for Network Detection and Response. 

 

ExtraHop Networks Products and Services: 

NDR/MDR:

  • Reveal(x) 360: ExtraHop provide cloud security for AWS, Azure and Google Cloud via their Reveal(x) 360 Network Detection and Response product (see, How does ExtraHop Networks deliver cloud security?)
  • ExtraHop Discover: ExtraHop provide a range of appliances including the “Discover” Series which can be deployed physically or to virtual environments such as via VMware, AWS, Microsoft Hyper-V, Google Cloud and Linux kernel-based virtual machine (KVM).
  • Enterprise Internet of Things (IoT) Security: ExtraHop provide IoT security via their Reveal(x) 360 platform. The service leverages machine learning and offers service-layer discovery and detection, threat detection and IoT device identification and profiling. Devices are automatically profiled, detecting for violations and threats for quick remediation
  • Integrated NDR and Security Information and Event Management (SIEM): ExtraHop allows clients to integrate NDR and SIEM solutions for zero-trust and extended detection and response (XDR). The solution works with Security Orchestration Automation and Response tools (SOAR) for automated response, whilst Reveal(x) decrypts data for instant access to correlated forensics, whilst offering remediation techniques using a combination of rule-and-behaviour-based analytics, with guided investigations for tier 1 analysts. 

Cybersecurity Products & Services:

  • Reveal(x) Advisor: Offered in 5-tier Advisor plans, ExtraHop Reveal(x) Advisor offers Threat Intelligence and Proactive Threat Hunting from dedicated ExtraHop Security Engineers, Threat Analysts and Incident Response Technologists. This service offers threat detection reports and briefings, proactive tuning of Reveal(x) and coaching in investigation and response. Support for corporate IT teams is offered by reducing Analyst fatigue, accelerating threat response and reducing security ticket queues. This helps to distribute the network security workload and amplify enterprise security teams when required to ensure threats are not missed and to prevent losses and incident response costs. Reveal(x) Advisor is an optional, on-demand monthly or annual subscription service. 
  • Risk Optimisation Services: ExtraHop offer services to help mitigate risks that can include operational risks, network and application security risks and risks to reputation. ExtraHop Risk Optimisation services can be used on cloud, on premises or as a hybrid to provide insights into risks and vulnerabilities across all aspects of the company network. 
  • Business Automation & Transformation Services: Provides migration, integration and enterprise adoption programmes and allows Reveal(x) customers to automate incident response through integrations. This service also allows enterprises to complete cloud and datacentre migrations accurately, with no defects and ExtraHop Accelerate can help Customers adopt the Reveal(x) platform across all aspects of the enterprise 
  • Deployment Services: ExtraHop deployment services offer a Solutions Architect, Project Coordinator, Trainer and Practice Manager to understand enterprise requirements and set the foundation through an implementation project plan as well as a customer journey map outlining how best to meet customer outcomes. 
  • Application Mapping Services: Uses ExtraHop experts to augment a wide array of enterprise  IT teams to improve application performance monitoring, investigation, triage and application security. 
  • Security Operations Centre (SOC) Optimisation Services: This service provides training, reports, consulting and dashboards to enterprise SOC analysts, offering guidance on how to best utilise the Reveal(x) solution and boost SOC productivity. Enterprise SOC teams can also be further supported through ExtraHops Reveal(x) Advisor solution. 

ExtraHop Networks SASE:

ExtraHop do not offer a SASE solution. However, they offer real-time network and endpoint threat detection in partnership with CrowdStrike. The solution integrates ExtraHop Reveal(x), and CrowdStrike Falcon Insight to offer clients a combination of endpoint security, network visibility, remediation, and machine learning behavioural threat detection. ExtraHop SASE works as Reveal(x) detects threats that are only visible on the network and automatically notifies CrowdStrike, where compromised devices will be contained. Analysts will use endpoint data collected from CrowdStrike and network data collected from ExtraHop to investigate, validate and appropriately respond to threats. 

What ZTNA (Zero Trust Network Access) Solution is Supported by ExtraHop Networks?

ExtraHop do not offer a ZTNA solution, however their Reveal(x) 360 NDR solution enables the visibility required to support the roll out of ZTNA to the network at any phase. The risks and lead time of ZTNA deployment can be reduced when working in tangent with Reveal(x) 360, as the single management pane provides real time insights into users, assets, cloud workloads and across the network. 

What CASB (Cloud Access Security Broker) Solution is Supported by ExtraHop Networks? 

ExtraHop do not offer a CASB solution, however, Reveal(x) 360 extends NDR to the cloud, offering multi-cloud security solutions for AWS, Azure and Google Cloud (see, How does ExtraHop Networks deliver cloud security?). 

What SWG (Secure Web Gateway) Solution is Supported by ExtraHop Networks?

ExtraHop do not offer a SWG solution, however this may be available from a third-party company.  

What FWaaS (Firewall as a Service) Solution is Supported by ExtraHop Networks?

ExtraHop offer their partnership with Palo Alto to provide a bundle service which allows users to quarantine compromised devices in Panorama or on a client’s pre-existing Palo Alto firewall. This is carried out in real-time as the ExtraHop Discover appliance identifies alerts. Included in the bundle are two triggers, one for alerts and one for detections. Clients can choose which alerts and detections that they wish to be monitored, as well as the address group where they will be quarantined. The bundle comes with a dashboard that shows clients how many detection and alert events have been sent to the firewall, as well as the IP address of related devices. The bundle also supports Panorama, which is a centralised management system that supports global visibility and allows clients to control multiple Palo Alto Next Generation Firewalls (NGFW) via their web-based interface. The bundle includes:

  • Palo Alto as an application
  • The Palo Alto Remediation dashboard
  • Two triggers: Palo Alto Firewall Remediation - Alerts, and Palo Alto Firewall Remediation - Detections

In order to use this bundle, clients must ensure that they reach the following requirements:

  • ExtraHop firmware version 7.5 or later
  • An administrator account for Palo Alto firewall or Panorama - Palo Alto recommend that users create admin accounts for API access
  • Access to the discover appliance with an account that has Unlimited privileges 

Installation advice is available on the ExtraHop website. 

What MDR (Managed Detection and Response) Solution is Supported by ExtraHop Networks?

ExtraHop do not offer MDR directly. However, they are one of MDR provider Datashield’s premier partners. The partnership combines the ExtraHop Reveal(x) NDR platform with Datashield’s MDR services, leveraging Datashield’s Security Operations Centre (SOC). The solution also integrates with ExtraHop Reveal(x) 360, to bring MDR to the cloud, and offer scalability for client’s looking to move to the cloud. Datashield keep an up-to-date record of all devices that are inside a corporate network. This is augmented by the ExtraHop Network Discovery feature, which learns the behaviour of devices within the network to help to identify them. Datashield also offers constant monitoring via their SOC, which is combined with ExtraHop NDR for Threat Detection capabilities. 

What NDR (Network Detection and Response) Solution is Supported by ExtraHop Networks?

Reveal(x) Enterprise is a self-managed NDR solution for hybrid network architectures, cloud and containerised applications. The solution helps companies to detect advanced threats, analyse breaches and deliver improved responses through automation and network visibility. This enables network security improvements such as critical asset discovery, hygiene and compliance and automated responses via SOAR as well as performance improvements including real time application analytics, machine learning anomaly detection and more. Please see below for a features breakdown for the ExtraHop NDR solution:

  • Automated Inventory: Uses auto discovery to classify all network communications to ensure the inventory is current at all times. 
  • Automated Investigation: Supports responses to detected threats by offering expert guidance for next steps, as well as attack background, context and risk scoring. 
  • Confident Response Orchestration: Response workflows can be automated and augmented by integrations such as Palo Alto and Phantom whilst Reveal(x) provides investigative tools and detection of threats. 
  • Cloud-scale Machine Learning: Reveal(x) uses 5,000+ features covering Layers 2 to 7 to offer predictive modelling and cloud-scale machine learning to protect critical assets by identifying, examining and prioritising threats. 
  • Perfect Forward Secrecy Decryption: Uses decryption of SSL/TLS 1.3 with PFS passively to provide real-time monitoring of encrypted traffic to hunt and identify concealed threats. 
  • Peer Group Detections: Reduces the number of false positive detections when an anomaly is detected as devices are automatically assigned to specific Peer Groups. 

The ExtraHop NDR solution is available in various different tiers dependent on enterprise size and cloud capabilities: 

  • ExtraHop Reveal(x) Essential 
  • ExtraHop Reveal(x) for Midsize Enterprises 
  • ExtraHop Reveal(x) Enterprise 
  • ExtraHop Reveal(x) 360

What XDR (Extended Detection and Response) Solution is Supported by ExtraHop Networks?

ExtraHop Networks do not currently offer a full XDR solution, however their Reveal(x) NDR platform can be integrated with Exabeam Fusion XDR or Exabeam Fusion SIEM to provide faster threat response and develop a more rounded XDR solution. ExtraHop is the only NDR vendor within the XDR Alliance, an open cybersecurity ecosystem of vendors. 

How does ExtraHop Networks Deliver Cloud Security?

ExtraHop deliver multi-cloud security solutions for Amazon Web Services (AWS), Microsoft Azure and Google Cloud through their Reveal(x) 360 solution, which extends NDR services to the cloud. The solution features deep visibility into SSL/TLS encrypted traffic, and offers intelligence across multi-cloud, remote work, IoT and hybrid environments. Cloud-based machine learning detects anomalous behaviour and malicious activity to protect APIs and misconfigurations, accelerating threat hunting. Clients can deploy ExtraHop sensors in the cloud, data centres and remote sites to decrypt and process network data. The data is extracted and is sent to Reveal(x) 350 for analysis, investigation and real-time threat detection. This data can be accessed via the Reveal(x) 360 user interface. 

  • AWS: Reveal(x) 360 offers a SaaS-based Detwork Detection and Response (NDR), which allows clients to utilise a cloud-native solution for securing hybrid enterprises - even for workloads deployed in orchestration platforms such as Amazon Elastic Container Service (ECS), containers such as Amazon Elastic Kubernetes Service (EKS) and compute engines such as AWS Fargate. The ExtraHop sensors will analyse and decrypt network traffic, collecting metadata for further analysis, investigation and real-time threat detection. Clients are also offered a cloud-based record warehouse which allows for query, index record search, and drill-down investigation in all areas of the hybrid environment. Sensors with continuous packet capture (PCAP) enable detailed forensics services for Reveal(x) 360 for AWS. The service is further able to integrate with Amazon VPC Traffic Mirroring for agent-less visibility, to improve the efficiency of DevOps processes. Reveal(x) offer intelligent response, integrated with services such as Amazon CloudWatch, AWS EC2, Amazon CloudTrail, Amazon Lambda, S3 and Amazon VPC Flow Logs. 
  • Microsoft Azure: ExtraHop’s Reveal(x) 360 cloud-native NDR platform protects Azure, AKS and hybrid environments, with automated discovery and asset classification, as well as machine learning to provide threat detection and investigation. The service offers complete visibility into all assets in the cloud environment, helping to defend misconfigurations and insecure APIs and prevent unauthorised access, whilst offering full payload analysis which includes SSL/TLS encrypted traffic in real-time. Real-time detection and intelligent response offer real-time analysis of security threats. 
  • Google Cloud: Security for Google Cloud is available from ExtraHop Reveal(x) 360. It has the capability to protect containers such as Google Kubernetes Engine (GKE), and offers deep visibility as well as detection using machine-learning. The service also offers native integration with Google Cloud Packet Mirroring to improve the efficiency of the DevOps processes. This service includes: complete visibility with out-of-band decryption for SSL/TLS encrypted traffic, real-time detection to protect misconfigurations and insecure APIs and intelligent response. 
  • Cloud Record Store: Offers 90-day lookback,with the capability to purchase more capacity whilst leveraging on-demand pricing. 
  • Unified Security: Supports remote and on-premises users by being accessible from anywhere, using a secure, web-based UI which enables unified security in a single management pane. 
  • Global Intelligence: Reveal(x) 360 is able to analyse petabytes of anonymised threat telemetry, which is collected every day from 15 million devices and workloads worldwide. 
  • Line-Rate Decryption: The solution is capable of decrypting SSL/TLS 1.3 encrypted traffic - which includes cipher suites that support Perfect Forward Secrecy (PFS). 
  • Continuous PCAP: Packet capture enables detailed forensic investigation, powered by Reveal(x) 360 Ultra Sensors. 
  • Automated Inventory: Reveal(x) 360 automatically and continuously provides classification, asset discovery and dependency mapping across all environments. 

What is the ExtraHop Networks Managed, Co-managed and DIY Services Solution?

ExtraHop offer managed services via their service provider partners (see, Which service providers and partners do ExtraHop Networks support?). ExtraHop offer two forms of authorised managed services provider partners: ExtraHop Managed Services provider partners and ExtraHop MSP resale partners. 

Managed Services provider partners leverage SOCs, and regularly inspect integrations with ExtraHop. Typically these partners provide EDR and SIEM services, and often partner with SOAR vendors for managed remediation services. ExtraHop MSP Resale Partners differ because they typically do not have their own SOC. Instead, they are able to partner with High Wire Networks via ExtraHop to provide clients with ExtraHop Managed Service via SYNNEX - this is only available in North America. 

What Reporting and Management is Available via the ExtraHop Networks Portal?

The ExtraHop Customer Portal allows clients to report issues with their solution. There are two tiers of maintenance and support plans offered which are accessible via the Customer Portal: Gold, which offers support services that are active from Monday - Friday from 6am until 6pm local time; and Platinum, which offers constant support services, every day of the week for 24 hours a day. The portal also allows clients to deploy services such as the ExtraHop Trace Appliance in Azure and offers system notices. 

How does ExtraHop Networks Support Remote Users?

ExtraHop offer remote access security, which allows clients to monitor usage, maintain uptime and defend their distributed workforce against cyberattacks. The offering is part of the Reveal(x) NDR solution, creating visibility across on-premises, hybrid and cloud infrastructures. This includes:

  • Remote Access Tool Policies
  • Solve Remote Access and VPN Issues
  • Detect and Investigate Suspicious Logins
  • Monitor and Secure Active Directory
  • Correlate Performance Across Tiers 
  • Understand Resource Utilisation

What is the ExtraHop Networks SLA?

Below is a table displaying the main focus points of the ExtraHop Networks Service Level Agreement (SLA). 

Hardware Appliance Lifecycle and End-of-Life Policy:

Product Model 

End of Sale Date

End of Firmware Upgrades

End of Support 

Final Supported Firmware

EDA 1100

January 31, 2020

January 31, 2023

January 31, 2024

TBD

EXA 5100

December 31, 2018

December 31, 2021

December 31, 2022

8.7 (Q4 2021)

EDA 9100

September 30, 2018

September 30, 2021

September 30, 2022

8.7 (Q4 2021)

EDA 8100

September 30, 2018

September 30, 2021

September 30, 2022

8.7 (Q4 2021)

ETA 6150

September 30, 2018

September 30, 2021

June 30, 2023

8.7 (Q4 2021)

EDA 6100

July 26, 2018

September 30, 2021

September 30, 2022

8.7 (Q4 2021)

EDA 3100

June 30, 2018

June 30, 2021

June 30, 2022

8.7 (Q4 2021)

EH 3000

October 1, 2016

December 18, 2019

October 1, 2020

7.9

EH 8000

September 30, 2015

March 31, 2019 

September 30, 2019 

7.6

EH 6000

September 30, 2015

March 31, 2019 

September 30, 2019 

7.6

EH 5000

April 1, 2013

November 3, 2015

December 31, 2016

4.1

EH 2000

April 1, 2013

November 3, 2015

May 3, 2016

4.1

EH 2000 (1G)

December 31, 2010

June 30, 2014

September 30, 2015

3.1

EH 5000 (10G)

March 31, 2010

June 30, 2014

September 30, 2015

4.1

(ExtraHop Networks, 2021) Find out more at: https://www.extrahop.com/support/policies/ 

ExtraHop Support Plans:

Support

Platinum

Gold

Software Maintenance and Upgrade Assurance

24x7x365

Monday-Friday Standard business days 6AM-6PM local time

Initial Response Times (coverage hours)

Initial response time is the time between ExtraHop creating a support case and first contacting the client. 

   

Severity 1

Phone or Web

1 3

Email 

4 12
Severity 2

Phone or Web

2 3

Email 

4 12
Severity 3/4

Phone or Web

4 8

Email

12 Next coverage day

Communication Cadence (coverage hours) 

Communication cadence and priority levels are mutually established by client and ExtraHop on a case-by-case basis. 

   

Priority 1 

Critical 

4 12

Priority 2 

High

24 Next coverage day

Priority 3 

Medium 

72

3 coverage days

Priority 4 

Low

120

5 coverage days

Hardware Replacement 

Subject to ExtraHop authorisation and ExtraHop’s End-of-Life Policy, replacements will be shipped same day if authorised by 12PM PST, otherwise next business day PST

 

Subject to ExtraHop authorisation and ExtraHop’s End-of-Life Policy, replacements will be shipped within 3 coverage days

(ExtraHop Networks, 2021) Find out more at: https://www.extrahop.com/support/

Which service providers and partners do ExtraHop Networks support?

ExtraHop’s Channel partners are part of the Panorama Partner Programme and can be Authorised, Gold or Platinum partners. Partnership opportunities include: MSP Resale Partners, Global Alliance Partners, Managed Services Providers (MSPs) and Value Added Reseller (VAR) Partners. 

Overwatch Managed NDR provides ExtraHop Reveal(x) 360 as a managed service and is offered by High Wire Networks. 

Integration Solution Partners: 

Featured Integrations:

  • Anomali 
  • Palo Alto Networks 
  • Phantom 
  • Servicenow 
  • Splunk 

Application Analytics:

  • Amazon Web Services (AWS)
  • Ansible
  • APCON
  • Appdynamics
  • Big switch networks 
  • Cerner
  • Cisco 
  • Citrix
  • CHEF
  • Garland
  • Gigamon 
  • Keysight Technologies 
  • Microsoft
  • Puppet
  • Servicenow 
  • Slack 
  • Splunk

Cloud-native Security:

  • Alien Vault
  • Amazon Web Services (AWS)
  • Anomali 
  • Ansible
  • APCON
  • ArcSight
  • Big switch networks 
  • Cerner 
  • CHEF
  • Check Point 
  • Cisco 
  • Crowdstrike
  • Garland
  • Gigamon 
  • IBM QRadar
  • Keysight technologies 
  • LogRhythm 
  • Microsoft 
  • Palo Alto Networks 
  • Phantom 
  • Puppet
  • Servicenow
  • Slack
  • Splunk

Network Performance:

  • Amazon Web Services (AWS)
  • Ansible
  • APCON
  • Appdynamics
  • Big switch networks
  • Cerner 
  • CHEF
  • Cisco 
  • Citrix
  • Garland 
  • Gigamon
  • Keysight technologies
  • Microsoft 
  • Puppet 
  • Servicenow
  • Slack
  • Splunk

Security Operations:

  • Alien Vault
  • Amazon Web Services (AWS)
  • Anomali 
  • Ansible
  • APCON
  • ArcSight
  • Big switch networks 
  • Cerner 
  • CHEF
  • Check Point 
  • Cisco 
  • Crowdstrike
  • Garland
  • Gigamon 
  • IBM QRadar
  • Keysight technologies 
  • LogRhythm 
  • Microsoft 
  • Palo Alto Networks 
  • Phantom 
  • Puppet
  • Servicenow
  • Slack
  • Splunk

Additional Notes:

ExtraHop Networks offer specialised solutions for the following industry verticals:

  • e-Commerce and Retail 
  • Financial Services
  • Healthcare 
  • U.S. Public Sector

Comparisons

Current Vendor
ExtraHop Networks

Add to Compare

Additional Vendors

Add to Compare

VeloCloud

Add to Compare

Aryaka

Add to Compare

ExtraHop Networks

Once you have submitted, Netify will use your IP location to put you in touch with your local ExtraHop contact.

Once you have submitted, ExtraHop will be in contact to provide availability. Your data will not be shared outside of ExtraHop and you will not be added to any mailing lists.

Please provide the following details:

Compare Vendors
Compare
Remove All