How It Works
Integrations and Automations
What is Network Detection and Response (NDR)?
Cloud-Native Security Solutions
Reveal(x) Enterprise: Self-Managed NDR
With the power of machine learning, gain the insight you need to solve pressing challenges.
Stand up to threats with real-time detection and fast response.
Learn More >
Gain complete visibility for cloud, multi-cloud, or hybrid environments.
Share information, boost collaboration without sacrificing security.
Featured Customer Story
Wizards of the Coast Delivers Frictionless Security for Agile Game Development with ExtraHop
See All Customer Stories >
Our customers stop cybercriminals in their tracks while streamlining workflows. Learn how or get support.
Our partners help extend the upper hand to more teams, across more platforms.
Featured Integration Partner
Detect network attacks. Correlate threat intelligence and forensics. Auto-contain impacted endpoints. Inventory unmanaged devices and IoT.
See All Integration Partners >
Get hands-on with ExtraHop's cloud-native NDR platform in a capture the flag style event.
Cloud-native visibility, detection, and response for the hybrid enterprise.
Customer resources, training,case studies, and more.
Partner resources and information about our channel and technology partners.
See what sets ExtraHop apart, from our innovative approach to our corporate culture.
Get the latest news and information.
We believe in what we're doing. Are you ready to join us?
Find white papers, reports, datasheets, and more by exploring our full resource archive.
Network attacks are techniques used by threat actors to achieve goals in their target infrastructure. Learn how these attacks work and what you can do to protect against them.
Brute force attacks are a way for attackers to gain account access through trial and error when a password, encryption key, or hidden webpage is unknown.
C2 beaconing is a type of malicious communication between a command and control server and malware on an infected host.
Cross-site scripting is an application-layer attack exploiting communications between users and applications to gain access to sensitive data or take over applications.
Cryptomining malware, or 'cryptojacking,' is a malware attack that co-opts the target's computing resources to mine cryptocurrency.
In a DCSync attack, threat actors pretend to be a domain controller (DC) to get user credentials from another DC.
A denial-of-service attack is a tactic for overloading a machine or network to make it unavailable by sending more traffic than the target can handle, causing it to fail.
DNS tunneling is a difficult-to-detect attack that routes DNS requests to the attackers server, allowing them to get data.
HTTP request smuggling is a web application attack that hijacks HTTP requests to bypass security measures.
Port scanning is a method attackers use to scope out their target environment by sending packets to specific ports on a host and using the responses to find vulnerabilities and understand running services.
Ransomware is a type of malicious software which encrypts files, making them inaccessible until a ransom is paid.
Remote services exploitation is a technique that hijacks remote access tools to access a network's internal systems.
A SQL injection is a common hacking technique which can compromise a database.