The typical use case for ExtraHop Reveal(x) that we use is from a security perspective, specifically Network Detect and Response. The ExtraHop solution has both the network analytics and the security side of it, and a typical use case is the security side of the entire solution. We position it in a network to do security-based analytics, detections, and threat and anomaly detection. That's what we position it for and use it for.
Assistant VP, Idm Compliance at a financial services firm with 1,001-5,000 employees
Real User
Top 5
May 29, 2025
Being in a financial institution, we have certain regulations such as PCI DSS, so we want to ensure any connection from a non-PCA segment is not being connected to a core segment; vice versa connection should not happen. We have something called a server segment and a workstation segment, so apart from the whitelisted internet connection, no connection should be established from the server segment. These are the monitoring use cases we have implemented in ExtraHop Reveal(x) so far.
Cyber Security Engineer II at a healthcare company with 10,001+ employees
Real User
Sep 26, 2023
I'm on the cybersecurity team. I do a lot of the blue threat-hunting and incident response. The things I deal with have nothing to do with network performance, but I handle the detections and things that ExtraHop Reveal(x) can pick up.
Information Security Assurance Engineer at School District of Lee County
Real User
Sep 7, 2022
Initially, we deployed Reveal as a standalone solution for network detection and response. It provided us with data and analytics on server-to-server enterprise networking. We used it to gain visibility into the amount of traffic and where it's going. For example, it will say that 28 gigs of data went to Google and break that down based on all the sites that have been visited. It also tells you about the authentication data and helps you visualize how data moves across your network. Based on that, you can adjust the routing tables to make things work a little more evenly. It will also help you identify specific types of malware and how it moves across devices, what protocols and ports it uses, etc. Unlike Crowdstrike, Reveal(x) doesn't require you to deploy sensors. CrowdStrike puts a sensor on the computer, so I know exactly how many devices are going through it. It's roughly 50,000. Those aren't people using it. Those are just devices that exist in the world. ExtraHop just looks at traffic, so each device connected to the network goes through it, and that's around 230,000 devices, and it's monitoring all the traffic to and from the internet.
Senior monitoring engineer at a financial services firm with 10,001+ employees
Real User
Jul 11, 2022
It's used by application owners and network engineers for troubleshooting application performance issues or network performance issues. It's a hybrid solution. We have on-prem sensors and trace appliances and a cloud control appliance.
ExtraHop is an enterprise cyber analytics company. ExtraHop analyzes all network interactions in real-time and leverage machine learning to identify threats, deliver critical applications.
Currently, most organizations have solutions to instrument their endpoints and monitor the north-south traffic traversing their perimeter.
However, there is much less instrumentation on what is going on within the enterprise … this activity is also known as East-West communications. Many of the tools that we’ve been buying are not designed to turn on the lights in this Darkspace. For example, your DBA doesn’t want you to put an agent on a production database because it adds overhead.
Some of the standard use cases include:- IT MODERNIZATION ( Like Data centre Consolidation, Cloud Migration, Edge Devices & IoT SDN & Virtualization )
NETWORK PERFORMANCE ( Like Remote Site Visibility, Infrastructure Refresh, Triage & Troubleshooting )
Sales Engineer | Technical Sales | Pre-Sales at SUSE
Vendor
Aug 12, 2020
We have implemented the ExtraHop Reveal(x) solution at multiple clients. They range from government, retail to financial. We collect north-south and east-west traffic via a visibility layer (packet brokers, taps, spans) and then feed that traffic to the ExtraHop Reveal (x) solution. The volume ranges from 1 GB solutions up to 40 GB solutions with 100 GB in the pipeline. Initially, we approached them for application performance analysis, but we now use it to assist the security teams as well. The behavioral analytics and ability to go back in history is proving extremely valuable.
ExtraHop Reveal(x) is a highly effective network traffic analysis (NTA) solution that leverages a cloud-native architecture to empower organizations to overcome a world filled with increasingly sophisticated threats. It identifies 25% more threats than its competitors. Additionally, organizations that employ Reveal(x) say they resolve issues 77% percent faster than they would if they were using other similar solutions.
ExtraHop Reveal(x) Benefits
Some of the ways that organizations can...
The typical use case for ExtraHop Reveal(x) that we use is from a security perspective, specifically Network Detect and Response. The ExtraHop solution has both the network analytics and the security side of it, and a typical use case is the security side of the entire solution. We position it in a network to do security-based analytics, detections, and threat and anomaly detection. That's what we position it for and use it for.
Being in a financial institution, we have certain regulations such as PCI DSS, so we want to ensure any connection from a non-PCA segment is not being connected to a core segment; vice versa connection should not happen. We have something called a server segment and a workstation segment, so apart from the whitelisted internet connection, no connection should be established from the server segment. These are the monitoring use cases we have implemented in ExtraHop Reveal(x) so far.
We have IoT devices, network traffic, and all these traffic. ICT and non-ICT, all.
It can detect new attacks or expired certificates. It's especially effective in identifying Netria attacks or any other online threats that may occur.
I use ExtraHop Reveal(x) since it helps provide notifications related to the network traffic in my company so that the necessary action can be taken.
I'm on the cybersecurity team. I do a lot of the blue threat-hunting and incident response. The things I deal with have nothing to do with network performance, but I handle the detections and things that ExtraHop Reveal(x) can pick up.
We use the solution for an advanced layer of security. It provides us with network visibility to identify types of attacks.
Our company uses the solution to send sensors to the Reveal 360 cloud for customers. We have about 500 customers using the solution.
Initially, we deployed Reveal as a standalone solution for network detection and response. It provided us with data and analytics on server-to-server enterprise networking. We used it to gain visibility into the amount of traffic and where it's going. For example, it will say that 28 gigs of data went to Google and break that down based on all the sites that have been visited. It also tells you about the authentication data and helps you visualize how data moves across your network. Based on that, you can adjust the routing tables to make things work a little more evenly. It will also help you identify specific types of malware and how it moves across devices, what protocols and ports it uses, etc. Unlike Crowdstrike, Reveal(x) doesn't require you to deploy sensors. CrowdStrike puts a sensor on the computer, so I know exactly how many devices are going through it. It's roughly 50,000. Those aren't people using it. Those are just devices that exist in the world. ExtraHop just looks at traffic, so each device connected to the network goes through it, and that's around 230,000 devices, and it's monitoring all the traffic to and from the internet.
It's used by application owners and network engineers for troubleshooting application performance issues or network performance issues. It's a hybrid solution. We have on-prem sensors and trace appliances and a cloud control appliance.
We are not a user, but a service provider.
ExtraHop is an enterprise cyber analytics company.
ExtraHop analyzes all network interactions in real-time and leverage machine learning to identify threats, deliver critical applications.
Currently, most organizations have solutions to instrument their endpoints and monitor the north-south traffic traversing their perimeter.
However, there is much less instrumentation on what is going on within the enterprise … this activity is also known as East-West communications. Many of the tools that we’ve been buying are not designed to turn on the lights in this Darkspace. For example, your DBA doesn’t want you to put an agent on a production database because it adds overhead.
Some of the standard use cases include:-
IT MODERNIZATION ( Like Data centre Consolidation, Cloud Migration, Edge Devices & IoT SDN & Virtualization )
NETWORK PERFORMANCE ( Like Remote Site Visibility, Infrastructure Refresh, Triage & Troubleshooting )
SECURITY OPERATIONS ( Like Threat Detection & Response, SOC Modernization, Cloud Security, Hygiene & Compliance )
We have implemented the ExtraHop Reveal(x) solution at multiple clients. They range from government, retail to financial. We collect north-south and east-west traffic via a visibility layer (packet brokers, taps, spans) and then feed that traffic to the ExtraHop Reveal (x) solution. The volume ranges from 1 GB solutions up to 40 GB solutions with 100 GB in the pipeline. Initially, we approached them for application performance analysis, but we now use it to assist the security teams as well. The behavioral analytics and ability to go back in history is proving extremely valuable.
We primarily use the solution for three main aspects: security, visibility, and application performance.