Building your Cybersecurity or SD WAN vendor shortlist? Try our online quick assessments for recommendations.

ExtraHop Cybersecurity Solutions

Sector, Company Type, and Location:Healthcare  |  Retail  |  Public Sector  |  Financial Services  |  Professional Services Partner  |  Asia  |  UK  |  North America
Tags & Search Filters:XDR  |  MDR  |  SIEM

ExtraHop offer comprehensive Network Detection and Response (NDR) solutions with strong cloud security offerings. Their extensive product range offers services such as Internet of Things (IoT) security and SIEM services.


ExtraHop Cybersecurity Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about ExtraHop and how their capability is aligned to your needs, email the Netify research team. UK: North America:

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Resources and Downloadable Content

Request the very latest ExtraHop cybersecurity sales PDF directly from your local account team. Please check your junk folder if not received.

Complete your details to arrange a demo of ExtraHop cybersecurity. You will receive contact requesting available dates and times - please check your junk folder if not received.

Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.


Netify Review

ExtraHop offer a comprehensive Network Detection and Response (NDR) solution with cloud capabilities. The solution has options for cloud-security (AWS, Azure, Google Cloud) and security for remote users, along with MDR solutions and managed services provided by one of ExtraHop’s authorized managed services provider partners. ExtraHop is recommended for companies looking for granular NDR and cloud security services. 

However, offerings such as firewalls, Next Generation Firewalls (NGFW), Managed Detection and Response (MDR), Extended Detection and Response (XDR), and managed services are all offered via partnerships with third-party companies. This allows ExtraHop to provide granular and featured services due to collaboration with expertise from other companies. Although this could have the potential to  create a complex solution due to the high number of third-party companies that are involved.

Marketplace Assistance

Are you an IT decision maker building your own SASE Cybersecurity or SD WAN shortlist?

Take our 90 second assessment quiz to find out which top 3 vendors or managed providers are a match for your answers.


About ExtraHop

ExtraHop were founded in 2007, and have their Global Headquarters in Seattle, Washington, North America. Their EMEA Headquarters located in London, United Kingdom and their APAC Headquarters can be found in Singapore. Their Primary focus is on Network Detection and Response. ExtraHop were named as  Leaders in the 2019 Gartner Magic Quadrant for Network Performance Monitoring and Diagnostics and in 2020 they are a Representative Vendor in the Gartner Market Guide for Network Detection and Response.

Technology Partners

ExtraHop Technology Partners

Netify have listed the technology partners used by ExtraHop.

Filter by tag, location, and service type:
(Select any number of tags)

AsiaUKNorth AmericaXDRMDREndpoint protectionFile analysisIoT securityVulnerability assessmentSecurity and complianceSIEMCloud workload protectionIdentity governance, access managementInstant communications securityIntegrationsWorkflow automationAnalyticsReporting and statistics (SD WAN)SaaSCompliance reporting

There are no results matching your selection.

See all ExtraHop Cybersecurity Solutions Partners

Pros & Cons

What are the pros and cons of ExtraHop SASE Cybersecurity?

List of the pros and cons associated with ExtraHop Cybersecurity.


  • ExtraHop offers Internet of Things (IoT) security services. This helps to reduce the attack surface by securing both managed and unmanaged devices and providing visibility into the network through Service Layer Discovery and Detection for IoT.
  • Comprehensive solution offered as one single product with multiple optional add-on services. These include: SIEM, IoT, Reveal(x) Advisor, SOC Optimization, Deployment, Application Mapping, Risk Optimization as well as Business Automation & Transformation service.


  • Do not currently offer full SASE - instead offer endpoint protection via a partnership with CrowdStrike.
  • Many of ExtraHop’s technology offerings are via a partnership with a third party company - potentially creating a complex solution.

Comparison: ExtraHop vs Darktrace cybersecurity

Consider the points below to compare ExtraHop vs Darktrace cybersecurity.


  • ExtraHop is recommended for clients who require granular Network Detection and Response services with cloud security. 
  • Offers Managed Detection and Response, Extended Detection and Response and Next Generation Firewalls via technology partnerships. 
  • Offers cloud security for AWS, Azure and Google Cloud. 


  • Darktrace is a good choice for clients with pre-existing SASE and SD WAN solutions, as it provides added security solutions. 
  • Offers AI Threat Detection and Response services to compliment an existing cybersecurity perimeter. 
  • Offers cloud security for AWS, Azure and Google Cloud. 


Similar Cybersecurity Vendors

Top 3 Similar Cybersecurity Vendors

Click the vendor logo to find out more about each respective cybersecurity solution.

Products & Services

What are ExtraHop's Solutions?


  • Reveal(x) 360: ExtraHop provide cloud security for AWS, Azure and Google Cloud via their Reveal(x) 360 Network Detection and Response product (see, How does ExtraHop Networks deliver cloud security?).
  • ExtraHop Discover: ExtraHop provide a range of appliances including the “Discover” Series which can be deployed physically or to virtual environments such as via VMware, AWS, Microsoft Hyper-V, Google Cloud and Linux kernel-based virtual machine (KVM).
  • Enterprise Internet of Things (IoT) Security: ExtraHop provide IoT security via their Reveal(x) 360 platform. The service leverages machine learning and offers service-layer discovery and detection, threat detection and IoT device identification and profiling. Devices are automatically profiled, detecting for violations and threats for quick remediation.
  • Integrated NDR and Security Information and Event Management (SIEM): ExtraHop allows clients to integrate NDR and SIEM solutions for zero-trust and extended detection and response (XDR). The solution works with Security Orchestration Automation and Response tools (SOAR) for automated response, Reveal(x) decrypts data for instant access to correlated forensics, whilst also offering remediation techniques using a combination of rule and behavior based analytics, with guided investigations for tier 1 analysts. 

Cybersecurity Products & Services:

  • Reveal(x) Advisor: Offered in 5-tier Advisor plans, ExtraHop Reveal(x) Advisor offers Threat Intelligence and Proactive Threat Hunting from dedicated ExtraHop Security Engineers, Threat Analysts and Incident Response Technologists. This service offers threat detection reports and briefings, proactive tuning of Reveal(x) and coaching in investigation and response. Support for corporate IT teams is offered by reducing Analyst fatigue, accelerating threat response and reducing security ticket queues. This helps to distribute the network security workload and amplify enterprise security teams when required to ensure threats are not missed and to prevent losses and incident response costs. Reveal(x) Advisor is an optional, on-demand monthly or annual subscription service. 
  • Risk Optimization Services: ExtraHop offer services to help mitigate risks that can include operational risks, network and application security risks and risks to reputation. ExtraHop Risk Optimization services can be used on cloud, on premises or as a hybrid to provide insights into risks and vulnerabilities across all aspects of the company network. 
  • Business Automation & Transformation Services: Provides migration, integration and enterprise adoption programmes and allows Reveal(x) customers to automate incident response through integrations. This service also allows enterprises to complete cloud and datacentre migrations accurately, with no defects and ExtraHop Accelerate can help Customers adopt the Reveal(x) platform across all aspects of the enterprise.
  • Deployment Services: ExtraHop deployment services offer a Solutions Architect, Project Coordinator, Trainer and Practice Manager to understand enterprise requirements and set the foundation through an implementation project plan as well as a customer journey map outlining how best to meet customer outcomes. 
  • Application Mapping Services: Uses ExtraHop experts to augment a wide array of enterprise  IT teams to improve application performance monitoring, investigation, triage and application security. 
  • Security Operations Center (SOC) Optimization Services: This service provides training, reports, consulting and dashboards to enterprise SOC analysts, offering guidance on how to best utilize the Reveal(x) solution and boost SOC productivity. Enterprise SOC teams can also be further supported through ExtraHops Reveal(x) Advisor solution.

What is the ExtraHop SASE security solution?

ExtraHop do not offer a SASE solution. However, they offer real-time network and endpoint threat detection in partnership with CrowdStrike. The solution integrates ExtraHop Reveal(x), and CrowdStrike Falcon Insight to offer clients a combination of endpoint security, network visibility, remediation, and machine learning behavioral threat detection. ExtraHop SASE works as Reveal(x) detects threats that are only visible on the network and automatically notifies CrowdStrike, where compromised devices will be contained. Analysts will use endpoint data collected from CrowdStrike and network data collected from ExtraHop to investigate, validate and appropriately respond to threats. 

What ZTNA (Zero Trust Network Access) Solution is Supported by ExtraHop Networks?

ExtraHop do not offer a ZTNA solution, however their Reveal(x) 360 NDR solution enables the visibility required to support the roll out of ZTNA to the network at any phase. The risks and lead time of ZTNA deployment can be reduced when working in tangent with Reveal(x) 360, as the single management pane provides real time insights into users, assets, cloud workloads and across the network. 

What CASB (Cloud Access Security Broker) Solution is Supported by ExtraHop Networks? 

ExtraHop do not offer a CASB solution, however, Reveal(x) 360 extends NDR to the cloud, offering multi-cloud security solutions for AWS, Azure and Google Cloud (see, How does ExtraHop Networks deliver cloud security?). 

What SWG (Secure Web Gateway) Solution is Supported by ExtraHop Networks?

ExtraHop do not offer a SWG solution, however this may be available from a third-party company.  

What FWaaS (Firewall as a Service) Solution is Supported by ExtraHop Networks?

ExtraHop offer their partnership with Palo Alto to provide a bundle service which allows users to quarantine compromised devices in Panorama or on a client’s pre-existing Palo Alto firewall. This is carried out in real-time as the ExtraHop Discover appliance identifies alerts. Included in the bundle are two triggers, one for alerts and one for detections. Clients can choose which alerts and detections that they wish to be monitored, as well as the address group where they will be quarantined. The bundle comes with a dashboard that shows clients how many detection and alert events have been sent to the firewall, as well as the IP address of related devices. The bundle also supports Panorama, which is a centralized management system that supports global visibility and allows clients to control multiple Palo Alto Next Generation Firewalls (NGFW) via their web-based interface. The bundle includes:

  • Palo Alto as an application.
  • The Palo Alto Remediation dashboard.
  • Two triggers: Palo Alto Firewall Remediation - Alerts, and Palo Alto Firewall Remediation - Detections.

In order to use this bundle, clients must ensure that they reach the following requirements:

  • ExtraHop firmware version 7.5 or later.
  • An administrator account for Palo Alto firewall or Panorama - Palo Alto recommend that users create admin accounts for API access.
  • Access to the discover appliance with an account that has Unlimited privileges. 

Installation advice is available on the ExtraHop website. 

What MDR (Managed Detection and Response) Solution is Supported by ExtraHop Networks?

ExtraHop do not offer MDR directly. However, they are one of MDR provider Datashield’s premier partners. The partnership combines the ExtraHop Reveal(x) NDR platform with Datashield’s MDR services, leveraging Datashield’s Security Operations Center (SOC). The solution also integrates with ExtraHop Reveal(x) 360, to bring MDR to the cloud, and offer scalability for client’s looking to move to the cloud. Datashield keep an up-to-date record of all devices that are inside a corporate network. This is augmented by the ExtraHop Network Discovery feature, which learns the behavior of devices within the network to help to identify them. Datashield also offers constant monitoring via their SOC, which is combined with ExtraHop NDR for Threat Detection capabilities. 

What NDR (Network Detection and Response) Solution is Supported by ExtraHop Networks?

Reveal(x) Enterprise is a self-managed NDR solution for hybrid network architectures, cloud and containerized applications. The solution helps companies to detect advanced threats, analyze breaches and deliver improved responses through automation and network visibility. This enables network security improvements such as critical asset discovery, hygiene and compliance and automated responses via SOAR as well as performance improvements including real time application analytics, machine learning anomaly detection and more. Please see below for a features breakdown for the ExtraHop NDR solution:

  • Automated Inventory: Uses auto discovery to classify all network communications to ensure the inventory is current at all times.
  • Automated Investigation: Supports responses to detected threats by offering expert guidance for next steps, as well as attack background, context and risk scoring.
  • Confident Response Orchestration: Response workflows can be automated and augmented by integrations such as Palo Alto and Phantom whilst Reveal(x) provides investigative tools and detection of threats.
  • Cloud-scale Machine Learning: Reveal(x) uses 5,000+ features covering Layers 2 to 7 to offer predictive modeling and cloud-scale machine learning to protect critical assets by identifying, examining and prioritizing threats. 
  • Perfect Forward Secrecy Decryption: Uses decryption of SSL/TLS 1.3 with PFS passively to provide real-time monitoring of encrypted traffic to hunt and identify concealed threats. 
  • Peer Group Detections: Reduces the number of false positive detections when an anomaly is detected as devices are automatically assigned to specific Peer Groups. 

The ExtraHop NDR solution is available in various different tiers dependent on enterprise size and cloud capabilities: 

  • ExtraHop Reveal(x) Essential 
  • ExtraHop Reveal(x) for Midsize Enterprises 
  • ExtraHop Reveal(x) Enterprise 
  • ExtraHop Reveal(x) 360

What XDR (Extended Detection and Response) Solution is Supported by ExtraHop Networks?

ExtraHop Networks do not currently offer a full XDR solution, however their Reveal(x) NDR platform can be integrated with Exabeam Fusion XDR or Exabeam Fusion SIEM to provide faster threat response and develop a more rounded XDR solution. ExtraHop is the only NDR vendor within the XDR Alliance, an open cybersecurity ecosystem of vendors.


Funding Rounds

Cloud Security

How does ExtraHop deliver cloud security?

ExtraHop deliver multi-cloud security solutions for Amazon Web Services (AWS), Microsoft Azure and Google Cloud through their Reveal(x) 360 solution, which extends NDR services to the cloud. The solution features deep visibility into SSL/TLS encrypted traffic, and offers intelligence across multi-cloud, remote work, IoT and hybrid environments. Cloud-based machine learning detects anomalous behavior and malicious activity to protect APIs and misconfigurations, accelerating threat hunting. Clients can deploy ExtraHop sensors in the cloud, data centers and remote sites to decrypt and process network data. The data is extracted and is sent to Reveal(x) 350 for analysis, investigation and real-time threat detection. This data can be accessed via the Reveal(x) 360 user interface. 

  • AWS: Reveal(x) 360 offers a SaaS-based Network Detection and Response (NDR), which allows clients to utilize a cloud-native solution for securing hybrid enterprises - even for workloads deployed in orchestration platforms such as Amazon Elastic Container Service (ECS), containers such as Amazon Elastic Kubernetes Service (EKS) and compute engines such as AWS Fargate. The ExtraHop sensors will analyze and decrypt network traffic, collecting metadata for further analysis, investigation and real-time threat detection. Clients are also offered a cloud-based record warehouse which allows for query, index record search, and drill-down investigation in all areas of the hybrid environment. Sensors with continuous packet capture (PCAP) enable detailed forensics services for Reveal(x) 360 for AWS. The service is further able to integrate with Amazon VPC Traffic Mirroring for agent-less visibility, to improve the efficiency of DevOps processes. Reveal(x) offer intelligent response, integrated with services such as Amazon CloudWatch, AWS EC2, Amazon CloudTrail, Amazon Lambda, S3 and Amazon VPC Flow Logs. 
  •  Microsoft Azure: ExtraHop’s Reveal(x) 360 cloud-native NDR platform protects Azure, AKS and hybrid environments, with automated discovery and asset classification, as well as machine learning to provide threat detection and investigation. The service offers complete visibility into all assets in the cloud environment, helping to defend misconfigurations and insecure APIs and prevent unauthorized access, whilst offering full payload analysis which includes SSL/TLS encrypted traffic in real-time. Real-time detection and intelligent response offer real-time analysis of security threats. 
  • Google Cloud: Security for Google Cloud is available from ExtraHop Reveal(x) 360. It has the capability to protect containers such as Google Kubernetes Engine (GKE), and offers deep visibility as well as detection using machine-learning. The service also offers native integration with Google Cloud Packet Mirroring to improve the efficiency of the DevOps processes. This service includes: complete visibility with out-of-band decryption for SSL/TLS encrypted traffic, real-time detection to protect misconfigurations and insecure APIs and intelligent response. 
  • Cloud Record Store: Offers 90-day lookback,with the capability to purchase more capacity whilst leveraging on-demand pricing. 
  • Unified Security: Supports remote and on-premises users by being accessible from anywhere, using a secure, web-based UI which enables unified security in a single management pane. 
  • Global Intelligence: Reveal(x) 360 is able to analyze petabytes of anonymized threat telemetry, which is collected every day from 15 million devices and workloads worldwide. 
  • Line-Rate Decryption: The solution is capable of decrypting SSL/TLS 1.3 encrypted traffic - which includes cipher suites that support Perfect Forward Secrecy (PFS). 
  • Continuous PCAP: Packet capture enables detailed forensic investigation, powered by Reveal(x) 360 Ultra Sensors. 
  • Automated Inventory: Reveal(x) 360 automatically and continuously provides classification, asset discovery and dependency mapping across all environments. 
Cloud Access

Cloud Access

Amazon Web Services40
Microsoft Azure30
Google Cloud30
Remote Users

How does ExtraHop support remote users?

ExtraHop offer remote access security, which allows clients to monitor usage, maintain uptime and defend their distributed workforce against cyberattacks. The offering is part of the Reveal(x) NDR solution, creating visibility across on-premises, hybrid and cloud infrastructures. This includes:

  • Remote Access Tool Policies
  • Solve Remote Access and VPN Issues
  • Detect and Investigate Suspicious Logins
  • Monitor and Secure Active Directory
  • Correlate Performance Across Tiers 
  • Understand Resource Utilization
Managed, co-managed & DIY services

What is the ExtraHop managed, co-managed and DIY services solution? 

ExtraHop offer managed services via their service provider partners (See, Which service providers and partners do ExtraHop Networks support?). ExtraHop offer two forms of authorized managed services provider partners: ExtraHop Managed Services provider partners and ExtraHop MSP resale partners. 

Managed Services provider partners leverage SOCs, and regularly inspect integrations with ExtraHop. Typically these partners provide EDR and SIEM services, and often partner with SOAR vendors for managed remediation services. ExtraHop MSP Resale Partners differ because they typically do not have their own SOC. Instead, they are able to partner with High Wire Networks via ExtraHop to provide clients with ExtraHop Managed Service via SYNNEX - this is only available in North America.


Leaders in the Cybersecurity Market

*Statistics from 2020
Check Point5.4%
Palo Alto Networks7.8%
Trend Micro3.5%

What Reporting and Management is available via the ExtraHop Portal?

The ExtraHop Customer Portal allows clients to report issues with their solution. There are two tiers of maintenance and support plans offered which are accessible via the Customer Portal: Gold, which offers support services that are active from Monday - Friday from 6am until 6pm local time; and Platinum, which offers constant support services, every day of the week for 24 hours a day. The portal also allows clients to deploy services such as the ExtraHop Trace Appliance in Azure and offers system notices.

Years active

Number of years active

Service Level Agreement

What is the ExtraHop SLA?

Below is a table displaying the main focus points of the ExtraHop Networks Service Level Agreement (SLA). 

Hardware Appliance Lifecycle and End-of-Life Policy:

Product Model 

End of Sale Date

End of Firmware Upgrades

End of Support 

Final Supported Firmware

EDA 1100

January 31, 2020

January 31, 2023

January 31, 2024


EXA 5100

December 31, 2018

December 31, 2021

December 31, 2022

8.7 (Q4 2021)

EDA 9100

September 30, 2018

September 30, 2021

September 30, 2022

8.7 (Q4 2021)

EDA 8100

September 30, 2018

September 30, 2021

September 30, 2022

8.7 (Q4 2021)

ETA 6150

September 30, 2018

September 30, 2021

June 30, 2023

8.7 (Q4 2021)

EDA 6100

July 26, 2018

September 30, 2021

September 30, 2022

8.7 (Q4 2021)

EDA 3100

June 30, 2018

June 30, 2021

June 30, 2022

8.7 (Q4 2021)

EH 3000

October 1, 2016

December 18, 2019

October 1, 2020


EH 8000

September 30, 2015

March 31, 2019 

September 30, 2019 


EH 6000

September 30, 2015

March 31, 2019 

September 30, 2019 


EH 5000

April 1, 2013

November 3, 2015

December 31, 2016


EH 2000

April 1, 2013

November 3, 2015

May 3, 2016


EH 2000 (1G)

December 31, 2010

June 30, 2014

September 30, 2015


EH 5000 (10G)

March 31, 2010

June 30, 2014

September 30, 2015


(ExtraHop Networks, 2021) Find out more at: 

ExtraHop Support Plans:




Software Maintenance and Upgrade Assurance


Monday-Friday Standard business days 6AM-6PM local time

Initial Response Times (coverage hours)

Initial response time is the time between ExtraHop creating a support case and first contacting the client. 


Severity 1

Phone or Web



Severity 2

Phone or Web



Severity 3/4

Phone or Web



12Next coverage day

Communication Cadence (coverage hours) 

Communication cadence and priority levels are mutually established by client and ExtraHop on a case-by-case basis. 


Priority 1 



Priority 2 


24Next coverage day

Priority 3 



3 coverage days

Priority 4 



5 coverage days

Hardware Replacement 

Subject to ExtraHop authorization and ExtraHop’s End-of-Life Policy, replacements will be shipped same day if authorized by 12PM PST, otherwise next business day PST


Subject to ExtraHop authorization and ExtraHop’s End-of-Life Policy, replacements will be shipped within 3 coverage days

(ExtraHop Networks, 2021) Find out more at:

Frequently Asked Questions
Which industries do ExtraHop deliver solutions for?
ExtraHop Managed Services
ExtraHop Partners
Ask a question

Send your local contact from ExtraHop a message, this form will reach ExtraHop directly.

Contact ExtraHop
Complete the form to get in touch with a representative from ExtraHop.

Download the the complete guide to 10 SD WAN solutions.

The most comprehensive top 10 guide we have ever created.

Similar Companies

There are no results matching your selection.


Deployment Region

Europe, Middle East and Africa33.33%
North America33.33%
Proposition Focus

Proposition Focus


Industry Coverage

Energy and Utilities4%

Other Focus

Remote users30
Other Products and Services 30
List your business

List your business with Netify Learn More →


Geographic Focus


Please complete the form to ask a question or send a message directly to ExtraHop. Netify have carefully curated global sales contacts based on your IP location. If you do not receive contact, please check your junk folder.

Book a demo of the ExtraHop SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

A Netify Vendor Briefing is a 30 minute Zoom research session for IT decision makers, and an opportunity to learn about the vendors products, services and business strategies specifically or a related technology or market. We'll also discuss their competitors and which other solutions your business should consider. If you do not receive contact, please check your junk folder.

Netify is the first dedicated global SD WAN & SASE comparison marketplace.

List Your Business