Item: ExtraHop Reveal(x)
Rating: 10
Author: Verified User

Overall Satisfaction with ExtraHop Reveal(x)

Use Cases and Deployment Scope

Extrahop has been an integral piece in our Security Operations Centre and has repeatedly uncovered suspicious activity earlier in the attack kill-chain than other tooling.

We purchased ExtraHop to enhance our network based detections and for their complimentary approach to Crowdstrike as an EDR. Crowdstrike provides strong visibility at the endpoint level; however, that assumes it is installed on all devices. ExtraHop analyzes all network traffic regardless if the device is corporate managed or what technologies exist on the endpoint. This results in clear visibility into what is actually occurring on the network.

Furthermore, we also have utilized ExtraHop quite extensively for other projects including mapping out network communication flows, and gaining insight into system dependencies through network communications prior to deccomissioning assets.

Overall, it has been a great purchase and become fundamental to our information security program.

Pros and Cons

Pros

Network discovery
Network based detections for suspicious/malicious activity and behaviour
Insight into data flow between systems
Visibility into network errors

Cons

Reporting
Prevention

Return on Investment

Increased visibility into network based attacks
Increase visibility into data flows aiding in data loss prevention capabilities
Assisting network infrastructure teams with visibility into network based performance metrics

Usability

Console is easy to use use and familiarize oneself with. Some points deducted as it can be annoying at times to have to drill down using the drop down menu, and then selecting tabs to get the data you want.

Alternatives Considered

Netskope CASB, Palo Alto Panorama, Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series, Palo Alto Networks Prisma Cloud, Zscaler Internet Access, Zscaler Private Access, Darktrace and Varonis Data Security Platform

I evaluated ExtraHop against Dark Trace. Against all criteria, ExtraHop had a clear edge including visibility, price, effectiveness, integrations, and more.

Key Insights

Do you think ExtraHop Reveal(x) delivers good value for the price?

Yes

Are you happy with ExtraHop Reveal(x)'s feature set?

Yes

Did ExtraHop Reveal(x) live up to sales and marketing promises?

Yes

Did implementation of ExtraHop Reveal(x) go as expected?

Yes

Would you buy ExtraHop Reveal(x) again?

Yes

Other Software Used

Netskope CASB, Zscaler Internet Access, Zscaler Private Access, Palo Alto Panorama, Palo Alto Networks Prisma Cloud, Palo Alto Networks Next-Generation Firewalls - PA Series, Microsoft Defender for Cloud Apps, Tenable Lumin, Tenable Cloud Security, Tenable Attack Surface Management, Tenable Vulnerability Management, Tenable Web App Scanning, Tenable Nessus, Snyk, Veracode, Microsoft Sentinel, Exabeam Fusion, ZeroFOX

Likelihood to Recommend

ExtraHop is a must have for on-premise environments where traffic passes through a physical data centre or network operations centre giving complete visibility into what is happening on the corporate network. This works flawlessly if business operations are in office. For hybrid or remote setups, the solution still works well by placing ExtraHop traffic between the VPN termination and firewall and setting up a span port.

ExtraHop works well for cloud based deployments as well with their virtual appliances; however, it does not have the same edge against competition as many CNAPP solutions can gather similar data using graph API's provided by the cloud service provider. That said, ExtraHop does provide some unique features that CNAPP's do not around network operations.

Comments

Please log in to join the conversation

Uncover attackers hiding on your network