RevealX NDR is the core cybersecurity module of the RevealX platform. It enables organizations to reduce risk and identify threats other tools like EDR and SIEM miss. By ingesting and analyzing network telemetry, RevealX NDR provides OSI Layer 2–Layer 7 visibility and real-time detection while providing streamlined investigation workflows for faster, more confident response across on-premises, remote, hybrid, and multicloud environments. For more information, visit the RevealX NDR overview page.

While both core modules are critical for risk reduction and the business resiliency of your network, RevealX NDR is focused on cybersecurity, and RevealX NPM is focused on performance. RevealX NDR proactively detects potential cyber threats across the attack surface, while RevealX NPM actively monitors potential network and application performance issues. For more information, visit the RevealX NPM overview page.

RevealX NDR takes a full-spectrum detection approach that combines real-time detection of the latest CVEs and continuous behavioral machine learning to catch stealthy, post-compromise attacker tactics, techniques, and procedures. For a deeper dive into ExtraHop’s detections, read our Detections White Paper.

ExtraHop extracts features from network packets and then securely transports those features to ExtraHop Cloud Services, where we train and execute advanced machine learning (ML) models to deliver accurate detections and insights to RevealX NDR users. For more detailed information, read this blog.

The RevealX platform enables users to integrate modules for Intrusion Detection System (IDS) and Packet Forensics with a scalable packet capture (PCAP) repository.

IDS and Packet Forensics modules are add-on modules to the RevealX platform’s core NDR module and cannot be purchased as standalone products.

RevealX NDR is available as a managed security service via trusted partners such as Binary Defense. For more information, visit Managed Service Provider Partner Program.

ExtraHop products and services are GDPR compliant. ExtraHop engages with a third party for annual SOC 2 and SOC 3 audits and is a member of the U.S. Privacy Shield program. For more information, visit ExtraHop Security and Compliance.

The RevealX platform consists of a set of components based on your environmental needs: sensors, packetstores, recordstores, and a console for centralized management and unified data views. All components are available in physical, virtual, and cloud-based options that are sized based on your needs.

You can deploy RevealX NDR in on-premises, remote, and cloud environments. For more information, visit ExtraHop Deployment.

The ExtraHop Deployment Service ensures RevealX NDR is set up, receiving and processing inbound data, and ready for operational and management handoff. The ExtraHop team can also assist with onboarding. To learn more, read this brief.

Yes. RevealX NDR can decrypt SSL/TLS (including TLS 1.3) network traffic. It also has decodes 70+ protocols, including common Microsoft protocols such as SMBv3, Kerberos, Active Directory, and MSRPC to provide full visibility into encrypted traffic across the attack surface.

RevealX NDR uses a port mirror or tap to passively monitor unstructured packets. ExtraHop conducts real-time stream processing of network traffic data and transforms the unstructured packets into structured wire data for analysis.

The ExtraHop Customer Success team is a dedicated resource for all ExtraHop customers and can help with success planning, operational assessments, product aid, and more.

ExtraHop offers a credit-based system for professional services, including deployments, training, integrations, support, and more. To learn more, visit ExtraHop Services.

ExtraHop has several integrations with leading vendors, including CrowdStrike, Splunk, Netskope, AWS, Microsoft, Gigamon, and more. Every ExtraHop customer has access to CrowdStrike Falcon Intelligence. To learn more, visit ExtraHop Integrations and Automations.

RevealX NDR offers robust query and investigation workflows within its user interface, but you can also integrate ExtraHop wire data metrics with other data stores. The RevealX NDR Open Data Stream allows you to merge data from multiple sources into a single, rich set that can be queried and visualized using whatever tools your team prefers. RevealX NDR data can also be sent to data lakes.

You can purchase RevealX NDR directly from ExtraHop, through trusted channel partners and distributors, or via transactable listings on marketplaces such as the AWS Marketplace. For more information, Contact Us.

RevealX is sold as either a virtual or physical sensor under subscription-based pricing and has two deployment models: SaaS-based RevealX 360 and on-premises RevealX Enterprise. RevealX 360 pricing is based on the number of devices and daily record ingest capacity. ReveaX Enterprise pricing is based on the number of devices and does not include record capacity. Customers can bundle modules for each deployment model to fit functional and capacity needs. For more information, Contact Us.

Each device that is discovered by a single ExtraHop sensor and which has a unique identifier counts towards your licensed device capacity. If a device is discovered by multiple sensors, that device is counted towards the device capacity for each unique sensor, and counts towards your total device capacity.

If you exceed your allotment of daily device and/or records ingest capacity, you may be billed for overages. After you purchase RevealX, you will have a 90-day grace period before ExtraHop begins to act on overages incurred. Monthly notifications will serve as an opportunity for you to budget for payment of overages. Invoices will be sent on a quarterly basis for overages incurred in all prior months within the quarter.