We were seeking a solution that can effectively identify security incidents within our networks, providing a level of visibility that surpasses what other products with agents currently offer. Additionally, we have a critical need for robust asset management capabilities. Traditional agent-based products fall short in comparison to what we can automatically glean from our network. Our third priority lies in network hardening. We aim to rapidly identify vulnerabilities and weaknesses, a task that has historically been time-consuming or, in some cases, nearly impossible. The ability to receive comprehensive information within a mere three minutes is crucial for enhancing our network security posture.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
68 reviews
from
and
External reviews are not included in the AWS star rating for the product.
RevealX from a daily user perspective
What do you like best about the product?
Overall, RevealX is easy to use and provides great visibility into the network. ExtraHop has very thorough documentation and if you can't find what you're looking for the support and training teams are always willing to help. I've experienced a quick turnaround for questions around the product. The training team is excellent at maintain user engagement in a virtual setting. The product is also super customizable which is great for unique use and abuse cases.
I use RevealX almost daily, my top three pros from a technical perspective are the increased visibility of the network, customizing doesn't mean learning a new language, and low barrier to entry for analysts who are new to networking and security.
I use RevealX almost daily, my top three pros from a technical perspective are the increased visibility of the network, customizing doesn't mean learning a new language, and low barrier to entry for analysts who are new to networking and security.
What do you dislike about the product?
My top three cons for the product are that when adjusting baseline metrics, the baseline completely resets and there is a 3-4 week period before the baseline is calculated. Going off the above, it does not perform "lookback" searches for detections, meaning I can't craft a detection today and then see if the logic matches any stored data in the tool. Some of the customization areas need a bit of work so that they tie into the other features of the product.
What problems is the product solving and how is that benefiting you?
ExtraHop enables us to have better visibility. This has resulted in us making configuration changes on hardware and network devices to decrease our attack surface.
ExtraHOP provides visibility to quickly resolve performance and security issues
What do you like best about the product?
ExtraHOP provides great visibility for performance and security issues in our environment. Many of the detections, dashboards, and device groups provide easy starting points for learning to use extraHOP. Then, building custom dashboards and detections is very simple. We use extraHOP every day to assist us resolving problemes. The customer support and partnership we have with extraHOP has been key to our success.
What do you dislike about the product?
You need to really understand your environment from the network layer to the application layers. extraHOP provides many options, but you need to determine what works best for your environment. It does take some time for planning the implementation properly but the planning and design time is worth it.
What problems is the product solving and how is that benefiting you?
extraHOP has helped us solve authentication issues, storage issues, server issues, network performance issues, security problems and other application problems. We had many blind spots and extraHOP has helped us gain visibility to many of our services.
you get what you pay for
What do you like best about the product?
We've tested the product using reputable 3rd party pentesters manual and automated. And we've compared it with other products. The difference between seeing that you are being compromised and not seeing it is huge. How do you choose a competitive product that is cheaper if it doesn't see that you are being compromised? Or how do you rest at night knowing that you've done everything you can to safeguard your network? Extrahop's visibility is far above the rest.
What do you dislike about the product?
It is pricey. So if you are Misinformed and think that backups, firewalls, and anti-virus solutions are going to save you then you aren't going to understand the price of this product.
What problems is the product solving and how is that benefiting you?
Mainly keeping our company from experiencing a ransomware event. We have staff dedicated to keeping their eye on the product and chasing down alerts 24/7/365.
One stop shop for network detections and notifications Easy to use and easy to understand.
What do you like best about the product?
I like that ExtraHop identifies the alert in a mannert that is easy to follow. It gives the risk level of the alert, shows the metrics, breaks down the records for the incident, shows the packets involved, and even includes a pcap of the packets that can be used in WireShark to analyze further. It also gives the Mitre techniques as well as mitigation options to mitigate the attack.
What do you dislike about the product?
I haven't found to many things I dislike about ExtraHop. It is not an automated system that will block an attack as it is happening, but it does e-mail out alerts so that I have the ability to begin investigating the incident as soon as possible leading to a faster mitigation scenario.
What problems is the product solving and how is that benefiting you?
As an ISP our network security is very important. ExtraHop is a tool to help ensure we are seeing any attack in realtime, giving us the ability to troubleshoot and mitigate the issue in a speedy manner. We have the abilty to isolate traffic quickly when an issue arises.
Overall good product but needs more flexibility.
What do you like best about the product?
1. Seamless monitoring.
2. Simple and straightforward rule tuning.
3. Dashboard capabilities
2. Simple and straightforward rule tuning.
3. Dashboard capabilities
What do you dislike about the product?
1. Lot of false positives.
2. Machine learning model is not flexible to the requirements.
3. Sometimes performance issues.
2. Machine learning model is not flexible to the requirements.
3. Sometimes performance issues.
What problems is the product solving and how is that benefiting you?
Its providing detections that are required to ensure all the permiters are covered.
ExtraHop - Executive Network monitoring tool
What do you like best about the product?
With ExtraHop deployed in our network we now have real-time visibiltity and insights into network traffice and performance. Helps us troubleshoot, optimize and secure the network. ExtraHop platform is very easy to use, and has an intuitive easy to follow layout helping us review detections quickly. ExtraHop delivered on promises and provided excelent customer service. This is a tool that I use everyday to keep on eye on the network security. Deploying the devices in the infrastructure can be as simple as connecting to the network and mirroing all traffic to the device. This allows quick visability on the overall network performance and health.
What do you dislike about the product?
It can be expensive to deploy, can generate many false positives and has limited integrations into other tools and platforms.
What problems is the product solving and how is that benefiting you?
ExtraHop is helping us monitor network security, identify bottlenecks and improve overal performance and security related to overall network hygine.
A competitive choice for network detection and response with exceptional user interface, ease of implementation and minimal false positives
What is our primary use case?
How has it helped my organization?
We only used it on PoV. But we have already easily identified the places that need attention. So we can say that the product starts bringing valuable data to the company from the very first minutes of use.
Additionally, I would like to mention the option to purchase an additional NPM licence which enables the statistics and network metrics module for NOC. For example, this solution will help in troubleshooting network and AD.
What is most valuable?
It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management. Its strengths lie in its outstanding user interface, streamlined implementation, and efficient ongoing support. With a commendably low false positive rate, it minimizes operational efforts, allowing for quick comprehension and configuration. A notable advantage is its licensing based on MAC addresses, providing a more accurate representation of real devices and potential cost savings.
What needs improvement?
The NDR feature analyzes network traffic, creating records with connection details. While these records offer insights, there's a limitation in investigating payloads directly. ExtraHop provides an option for an additional server to save payloads, but its temporary storage has constraints. Unlike some competitors, it lacks an automatic payload-saving feature for each detection, presenting an improvement opportunity. Suggested enhancement involves the main sensor prompting payload storage for specific detections, streamlining the investigation process, and contributing to a more efficient workflow. A drawback includes packet storage limitations for payload data, necessitating timely extraction for thorough investigations.
For how long have I used the solution?
I have been working with it for several weeks.
What do I think about the stability of the solution?
Occasionally, when I click on a link, I receive a page error, and after a few refreshes, it starts working again. I'm unsure whether the issue lies on my side or theirs, and we need to identify the cause. It's worth noting that this happens infrequently, and the rest of the system operates smoothly without any errors.
What do I think about the scalability of the solution?
The solution scales well, supports network traffic analysis in the cloud. Of course, it is limited due to the limitations of the cloud itself. The servers are very powerful. For example, a 1U server can handle 25 Gbps of traffic. When there are solutions that require 2 2U servers for such performance.
Which solution did I use previously and why did I switch?
We used LogRhythm NetMon, but it had reached its life cycle and had basic functionality.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
The implementation process was swift, taking only an hour. After receiving sign-up emails, I completed a questionnaire, discussed the architecture, and a dedicated environment with the correct naming was promptly set up. Upon receiving an invitation, I set a password, and enabled Multi-Factor Authentication, gaining full access to the client environment. A server arrived via post, and following documentation instructions, I installed it in our data center, handling all cabling. During a call with a technical engineer, we configured the server together, initiating data transmission to the cloud environment. In the cloud, I easily customized settings and added users and the essential setup was complete.
What's my experience with pricing, setup cost, and licensing?
The pricing is dependent on the network size, typically falling into the six-digit range. When compared to other solutions, it aligns with the market average, indicating a competitive pricing level.
Which other solutions did I evaluate?
Yes. LogRhythm NDR and DarkTrace.
What other advice do I have?
I recommend prioritizing demos over POCs when engaging with vendors. Organizing POCs involves significant time and resource investments for both parties. Instead, invest time in multiple demo sessions, exploring the product in various scenarios and comparing capabilities against a predefined list of success criteria. Create a detailed success criteria list initially. Identify a top vendor based on these criteria, saving time and resources. Overall, I would rate it nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Incomparable NDR in the Market
What do you like best about the product?
Using extrahop help us monitor our network to anything malicious or suspicious from the network level.
What do you dislike about the product?
So far i dont see any downside with regards to this Solution since it helps us monitor anything suspicious when it comes to our network (e.g file transfer bandwidth etc)
What problems is the product solving and how is that benefiting you?
Using this NDR solution help us cover anything that into networks. This solution resolve our issue that our EDR cannot detect.
Great network insights.
What do you like best about the product?
Discovery, performance information, and threat intelligence.
What do you dislike about the product?
Defining custom devices and searching through the myriad of options to find the attribute needed.
What problems is the product solving and how is that benefiting you?
Ability to diagnose and identify network performance issues and security threats.
Single Pane Visibility into the unknown parts of the network
What do you like best about the product?
Extrahop looks at both on-prem and cloud traffic. It analyzes packets for security anomalies at a scale that I have not seen happen before. It also does application performance at a level that gives a very detailed visibility
What do you dislike about the product?
I do hope they would come up with their proprietary agents for the cloud nodes instead of using rpcapd, which I find can be a bit unstable especially in high-traffic scenarios
What problems is the product solving and how is that benefiting you?
Extrahop was able to show us some east -west traffic that should not have been happening. We also had a constant stream of complaints about the datawarehouse being slow and always having the network blamed. But once we had Extrahop we were able to pin-point and prove that the delay was happening at the database level not at the network layer. We could never have seen this without Extrahop
showing 1 - 10