What I like most about ExtraHop is the ability to monitor and analyze all traffic passing through the network. Generally, companies have strong endpoint controls through tools like EDR; however, network is often limited to firewalls with intrusion detection and intrusion prevention rules. Where I find ExtraHop excels is through complete network visibility by mapping assets, learning network traffic and spotting anomalies, and giving Security Operations teams visibility into what is occurring on their network.

ExtraHop is easy to deploy through either and appliance on physical networks our through a virtual appliance in the cloud. The Customer Success teams are deeply knowledgable and provide great support to customers. Review collected by and hosted on G2.com.

Not a dislike but a feature I would like to see is ExtraHop move towards prevention. Currently, the product is good at identifying and detecting suspicious or malicious activity. Prevention can be achieved through integration with tools but it would be nice to have these native to ExtraHop. Review collected by and hosted on G2.com.

I like that ExtraHop identifies the alert in a mannert that is easy to follow. It gives the risk level of the alert, shows the metrics, breaks down the records for the incident, shows the packets involved, and even includes a pcap of the packets that can be used in WireShark to analyze further. It also gives the Mitre techniques as well as mitigation options to mitigate the attack. Review collected by and hosted on G2.com.

I haven't found to many things I dislike about ExtraHop. It is not an automated system that will block an attack as it is happening, but it does e-mail out alerts so that I have the ability to begin investigating the incident as soon as possible leading to a faster mitigation scenario. Review collected by and hosted on G2.com.

Overall, RevealX is easy to use and provides great visibility into the network. ExtraHop has very thorough documentation and if you can't find what you're looking for the support and training teams are always willing to help. I've experienced a quick turnaround for questions around the product. The training team is excellent at maintain user engagement in a virtual setting. The product is also super customizable which is great for unique use and abuse cases.

I use RevealX almost daily, my top three pros from a technical perspective are the increased visibility of the network, customizing doesn't mean learning a new language, and low barrier to entry for analysts who are new to networking and security. Review collected by and hosted on G2.com.

My top three cons for the product are that when adjusting baseline metrics, the baseline completely resets and there is a 3-4 week period before the baseline is calculated. Going off the above, it does not perform "lookback" searches for detections, meaning I can't craft a detection today and then see if the logic matches any stored data in the tool. Some of the customization areas need a bit of work so that they tie into the other features of the product. Review collected by and hosted on G2.com.

ExtraHOP provides great visibility for performance and security issues in our environment. Many of the detections, dashboards, and device groups provide easy starting points for learning to use extraHOP. Then, building custom dashboards and detections is very simple. We use extraHOP every day to assist us resolving problemes. The customer support and partnership we have with extraHOP has been key to our success. Review collected by and hosted on G2.com.

You need to really understand your environment from the network layer to the application layers. extraHOP provides many options, but you need to determine what works best for your environment. It does take some time for planning the implementation properly but the planning and design time is worth it. Review collected by and hosted on G2.com.

We've tested the product using reputable 3rd party pentesters manual and automated. And we've compared it with other products. The difference between seeing that you are being compromised and not seeing it is huge. How do you choose a competitive product that is cheaper if it doesn't see that you are being compromised? Or how do you rest at night knowing that you've done everything you can to safeguard your network? Extrahop's visibility is far above the rest. Review collected by and hosted on G2.com.

It is pricey. So if you are Misinformed and think that backups, firewalls, and anti-virus solutions are going to save you then you aren't going to understand the price of this product. Review collected by and hosted on G2.com.

With ExtraHop deployed in our network we now have real-time visibiltity and insights into network traffice and performance. Helps us troubleshoot, optimize and secure the network. ExtraHop platform is very easy to use, and has an intuitive easy to follow layout helping us review detections quickly. ExtraHop delivered on promises and provided excelent customer service. This is a tool that I use everyday to keep on eye on the network security. Deploying the devices in the infrastructure can be as simple as connecting to the network and mirroing all traffic to the device. This allows quick visability on the overall network performance and health. Review collected by and hosted on G2.com.

It can be expensive to deploy, can generate many false positives and has limited integrations into other tools and platforms. Review collected by and hosted on G2.com.

1. Seamless monitoring.

2. Simple and straightforward rule tuning.

3. Dashboard capabilities Review collected by and hosted on G2.com.

1. Lot of false positives.

2. Machine learning model is not flexible to the requirements.

3. Sometimes performance issues. Review collected by and hosted on G2.com.

ExtraHop provides valuable insight into network activities and alerts on anomalies that you can't get from just monitoring logs. Review collected by and hosted on G2.com.

Number one issue with ExtraHop is SIEM integration if there is no native connector available. building it through a java script trigger is not user friendly.

Number two issue is threat feeds. We have a high-fidelity threat feed we'd like to add, but we have to make a cludgey system where we download the feed, gzip it, then upload it back to ExtraHop. Please build in native STIX/TAXII feeds to the product.

I'd say trigger complexity is also a downside to ExtraHop. Not many security analysts will be able to understand and write the java code necessary for triggers. It would be nice to have a building block method for triggers where novices could build out most of it with pre-defined blocks fo code, something like a visual workflow. Review collected by and hosted on G2.com.

Extrahop looks at both on-prem and cloud traffic. It analyzes packets for security anomalies at a scale that I have not seen happen before. It also does application performance at a level that gives a very detailed visibility Review collected by and hosted on G2.com.

I do hope they would come up with their proprietary agents for the cloud nodes instead of using rpcapd, which I find can be a bit unstable especially in high-traffic scenarios Review collected by and hosted on G2.com.

Extrahop provides East-West network visibility and can customize rules, providing deep packet inspection capability to our security team. Extrahop Packet capturing feature plays a vital role in network forensics. Review collected by and hosted on G2.com.

Extrahop should extend its partnership with threat researchers and vendors to enrich its intel feeds and database for actionable intel on detections. Also, extend its partnership for API integration with tools like Tanium/SCCM, PAN firewalls etc Review collected by and hosted on G2.com.