Try our new research platform with insights from 80,000+ expert users

ExtraHop Reveal(x) vs Qualys Multi-Vector EDR comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

ExtraHop Reveal(x)
Ranking in Network Detection and Response (NDR)
6th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
13
Ranking in other categories
Network Traffic Analysis (NTA) (4th)
Qualys Multi-Vector EDR
Ranking in Network Detection and Response (NDR)
26th
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
1
Ranking in other categories
Endpoint Detection and Response (EDR) (72nd)
 

Featured Reviews

Jordan Swanson - PeerSpot reviewer
It helps you visualize how data moves across your network
I rate ExtraHop Reveal(x) 10 out of 10. This is more of a nice-to-have rather than a must-have solution. Something like a CrowdStrike or a next-gen AV is an essential product, whereas NDR is more of a nice-to-have thing. If you only have a little bit of traffic, you're probably not going to get anything out of it. It's better for a medium-to-large enterprise. It's more appropriate for companies wh a massfootprints or industrial applications using use nonstandard devices. It's helpful for things that use SCADA, the Internet of Things, somethingings that don't fit neatly into other management categories. Itty common for industrial, construction, or maintenance devices to be a little lackluster in their security. Major breaches like the Colonial Pipeline hack and attempted hacks on nuclear power plants all went through Internet of Things vulnerabilities and other devices where security wasn't part of their plan. This helps you cover yourself by monitoring the traffic. With something like CrowdStrike, you need to put the CrowdStrike sensor on it, but Reveal(x) looks at everything on the network.
reviewer1668453 - PeerSpot reviewer
Provides contextual alerts and risk ratings on findings
It's kind of difficult to quantify areas for improvement. In the larger picture, one challenge is that the NDR space is very crowded today. I can mention half a dozen names just off the top of my head. There are at least 12 to 20 different players. All of them are well-known brand names, and it's difficult to compare them. They all claim to be giving you the same network difference capability: catching malware, dealing with all the minor taxonomy of attack, all that. Still, it's very difficult to compare them side by side because they all do things a little differently, and they all have different presentations and output. We haven't deployed it, so I can't give you what we felt about it exactly. But in the larger perspective, the critical feature is really giving a clear separation between a low, high, and medium criticality. You need a rating that is really true to the actual attack. There's one other capability we are evaluating them for, and it's for custom alerts detection. A lot of these products are trying to profile the threats that are already out there in the industry. They're very well known and published. Today, there are targeted acts being played against organizations, so you have to be sensitive to how your firewalls, protocols, and your HTTP are all operating. You might have some fine-tuned threats that are targeting you, and you should be able to build custom defenses. They should have some openness in terms of how you specify your threats. You get a standard library of threats. On top of it, every organization builds its own.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The security features of this solution are the most valuable."
"The solution works well for sending sensors."
"Reveal X integrates seamlessly with CrowdStrike. If you see something sketchy on the network, you can quarantine devices through ExtraHop and it'll push to the CrowdStrike server."
"The solution's initial setup process is easy."
"Setting up the solution is relatively easy."
"The most valuable features of ExtraHop Reveal(x) are the detection and alerting of network behavior and anomalies."
"When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment."
"We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well."
"They can provide you very contextual alerts on if something bad is happening—coming into your network or going out of your network. As part of that, they gather a lot of threat intelligence and map your connections against that. The larger benefit is that they give you a risk rating on their findings."
 

Cons

"It needs integration with more security vendors."
"I would like to see more cloud capability."
"Currently, we have to check manually as we do not receive any notifications about new patches, maintenance, or firmware releases."
"There is a little training online, but it'd be cool if ExtraHop provided certifications. CrowdStrike does elective training that gives you a certification as a Falcon administrator. It'd be nice to see ExtraHop have something like that"
"ExtraHop Reveal(x) could improve by allowing a longer look back in the feature. Right now you have a limit of 30 days to look back on your activity. I've used Darktrace before, and they allow you the ability to play back events. This would be a good feature to have in ExtraHop Reveal(x)."
"Agent management could certainly use some focus. It should also be a little bit easier to work with collections. We should be able to nest collections within collections. There should be better nesting."
"They used to have the ability to decode Citrix sign-on, setup, and tear down. Unfortunately, Citrix has stopped sharing that knowledge. Citrix has continued to change its model of processing, making it harder and harder to troubleshoot."
"The solution should include more support protocols."
"My challenge is actually comparing offerings from different vendors across a threat spectrum that is very large. We are talking about millions of threats. How are you confident that Blue Hexagon is catching all one million of them and Palo Alto is doing the same thing? They all have their strengths. Within that, Blue Hexagon might cover 990,000 of them. Palo Alto might cover another 990,000. It's a bit difficult to compare them and say, "Oh, are they catching the same 990,000?" I don't know."
 

Pricing and Cost Advice

"The solution is based on an annual subscription model and is expensive."
"I would rate the price a three out of five. It could be less expensive."
"I rate ExtraHop Reveal(x) six out of 10 for affordability. We pay for an annual license. It's always one of those trade-offs. You get a lot of value, but ExtraHop isn't exorbitantly priced. You can pay extra for additional features like the ability to decode HL7 traffic, which is crucial for EMR environments."
"I rate the price of ExtraHop Reveal(x) a seven on a scale of one to ten, where one is a high price, and ten is a low price."
"It's difficult to state the setup cost. All the NDRs range anywhere between $500,000, plus or minus, to $2 million. There's a spread of pricing here, depending on who you are talking to. Obviously the major brand names want more money. They typically bundle it with their other offerings. With Cisco, for example, you don't just buy an NDR. So, typically it gets rolled into the cost."
report
Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
823,875 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
14%
Healthcare Company
7%
Government
6%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is the best network monitoring software for large enterprises?
We just did an assessment for our 47 datacenters around North America. The top two enterprise-level network monitoring solutions were ExtraHop first, Riverbed SteelCenter second. Their negotiated c...
What open source tool can one use to measure bandwidth from one's upstream service provider?
One I am looking closely at is AppNeta. They have an appliance that can digest the flow and do a better job than Netflow. The other one we are using is ExtraHop. This has both a Datacenter Hig...
What do you like most about ExtraHop Reveal(x)?
With ExtraHop Reveal(x), it gives me more visibility into the packets. It doesn't provide the entire packet capture, but it offers more information on how connections are made at the network layer....
Ask a question
Earn 20 points
 

Also Known As

Reveal(x), Revealx
Blue Hexagon
 

Overview

 

Sample Customers

Wood County Hospital
Pacific Dental Services, Greenhill and Co, Heffernan Insurance Brokers
Find out what your peers are saying about Darktrace, Vectra AI, Trend Micro and others in Network Detection and Response (NDR). Updated: November 2024.
823,875 professionals have used our research since 2012.