FAQs
About RevealX Network Detection and Response
What is RevealX Network Detection and Response (NDR)?
RevealX NDR is the core cybersecurity module of the RevealX platform. It enables organizations to reduce risk and identify threats other tools like EDR and SIEM miss. By ingesting and analyzing network telemetry, RevealX NDR provides OSI Layer 2–Layer 7 visibility and real-time detection while providing streamlined investigation workflows for faster, more confident response across on-premises, remote, hybrid, and multicloud environments. For more information, visit the RevealX NDR overview page.
How does RevealX NDR differ from RevealX Network Performance Monitoring (NPM)?
While both core modules are critical for risk reduction and the business resiliency of your network, RevealX NDR is focused on cybersecurity, and RevealX NPM is focused on performance. RevealX NDR proactively detects potential cyber threats across the attack surface, while RevealX NPM actively monitors potential network and application performance issues. For more information, visit the RevealX NPM overview page.
How does ExtraHop RevealX NDR detect threats?
RevealX NDR takes a full-spectrum detection approach that combines real-time detection of the latest CVEs and continuous behavioral machine learning to catch stealthy, post-compromise attacker tactics, techniques, and procedures. For a deeper dive into ExtraHop’s detections, read our Detections White Paper.
How does ExtraHop’s machine learning work?
ExtraHop extracts features from network packets and then securely transports those features to ExtraHop Cloud Services, where we train and execute advanced machine learning (ML) models to deliver accurate detections and insights to RevealX NDR users. For more detailed information, read this blog.
In addition to NDR, what other security modules are available for the RevealX platform?
The RevealX platform enables users to integrate modules for Intrusion Detection System (IDS) and Packet Forensics with a scalable packet capture (PCAP) repository.
Can I purchase IDS and/or Packet Forensics modules as standalone products?
IDS and Packet Forensics modules are add-on modules to the RevealX platform’s core NDR module and cannot be purchased as standalone products.
Does ExtraHop offer RevealX NDR as a managed security service?
RevealX NDR is available as a managed security service via trusted partners such as Binary Defense. For more information, visit Managed Service Provider Partner Program.
What security and compliance certifications does ExtraHop have?
ExtraHop products and services are GDPR compliant. ExtraHop engages with a third party for annual SOC 2 and SOC 3 audits and is a member of the U.S. Privacy Shield program. For more information, visit ExtraHop Security and Compliance.
RevealX NDR Details
How do I deploy ExtraHop RevealX NDR?
The RevealX platform consists of a set of components based on your environmental needs: sensors, packetstores, recordstores, and a console for centralized management and unified data views. All components are available in physical, virtual, and cloud-based options that are sized based on your needs.
Where can I deploy ExtraHop RevealX NDR?
You can deploy RevealX NDR in on-premises, remote, and cloud environments. For more information, visit ExtraHop Deployment.
Does ExtraHop offer deployment assistance?
The ExtraHop Deployment Service ensures RevealX NDR is set up, receiving and processing inbound data, and ready for operational and management handoff. The ExtraHop team can also assist with onboarding. To learn more, read this brief.
Can RevealX NDR decrypt encrypted network traffic to identify threats?
Yes. RevealX NDR can decrypt SSL/TLS (including TLS 1.3) network traffic. It also decodes 90+ protocols, including common Microsoft protocols such as SMBv3, Kerberos, Active Directory, and MSRPC to provide full visibility into encrypted traffic across the attack surface.
How does RevealX NDR monitor network traffic?
RevealX NDR uses a port mirror or tap to passively monitor unstructured packets. ExtraHop conducts real-time stream processing of network traffic data and transforms the unstructured packets into structured wire data for analysis.
As an ExtraHop customer, would I have a dedicated customer support and/or success team?
The ExtraHop Customer Success team is a dedicated resource for all ExtraHop customers and can help with success planning, operational assessments, product aid, and more.
What professional services are available for ExtraHop RevealX customers?
ExtraHop offers a credit-based system for professional services, including deployments, training, integrations, support, and more. To learn more, visit ExtraHop Services.
Integrations
What cybersecurity integrations are available with ExtraHop RevealX NDR?
ExtraHop has several integrations with leading vendors, including CrowdStrike, Splunk, Netskope, AWS, Microsoft, Gigamon, and more. Every ExtraHop customer has access to CrowdStrike Falcon Intelligence. To learn more, visit ExtraHop Integrations and Automations.
Can I integrate RevealX NDR with other data stores, querying tools, and analytics platforms in my stack?
RevealX NDR offers robust query and investigation workflows within its user interface, but you can also integrate ExtraHop wire data metrics with other data stores. The RevealX NDR Open Data Stream allows you to merge data from multiple sources into a single, rich set that can be queried and visualized using whatever tools your team prefers. RevealX NDR data can also be sent to data lakes.
Purchasing and Billing
Where can I purchase ExtraHop RevealX NDR?
You can purchase RevealX NDR directly from ExtraHop, through trusted channel partners and distributors, or via transactable listings on marketplaces such as the AWS Marketplace. For more information, Contact Us.
What is the pricing model for ExtraHop RevealX?
RevealX is sold as either a virtual or physical sensor under subscription-based pricing and has two deployment models: SaaS-based RevealX 360 and on-premises RevealX Enterprise. RevealX 360 pricing is based on the number of Discovered Devices, daily record ingest capacity, and record lookback period (30, 90, or 180 days). ReveaX Enterprise pricing is based on the number of Discovered Devices and does not include record capacity. Customers can bundle modules for each deployment model to fit functional and capacity needs. For more information, Contact Us.
How does ExtraHop determine my number of Discovered Devices and record ingest?
Each device that is discovered by a single ExtraHop sensor and which has a unique identifier counts towards your licensed device capacity. If a device is discovered by multiple sensors, that device is counted towards the device capacity for each unique sensor, and counts towards your total device capacity.