What is our primary use case?
We have implemented the ExtraHop Reveal(x) solution at multiple clients. They range from government, retail to financial. We collect north-south and east-west traffic via a visibility layer (packet brokers, taps, spans) and then feed that traffic to the ExtraHop Reveal (x) solution. The volume ranges from 1 GB solutions up to 40 GB solutions with 100 GB in the pipeline. Initially, we approached them for application performance analysis, but we now use it to assist the security teams as well. The behavioral analytics and ability to go back in history is proving extremely valuable.
How has it helped my organization?
The analytic views (L2 to L7), with a vast amount of enterprise protocols, standard dashboards, as well as various applications or security dashboards that can be added, gave a very quick ROI. The technical teams are able to gain views of their networks, servers, applications, etc. and the management level is able to gain overview dashboards to assist them as well. Security teams are able to gain insight into the behavior of security elements, which enables them to track the event back in time to see exactly what happened and what elements were involved with the incident. It is also very useful to have the AI/ML element with Reveal (x). The ability to decrypt at the line rate proved invaluable. Various triggers and integration options are available to continually add value to the clients' specific environment.
What is most valuable?
We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well. The ability to integrate with various other solutions enables improvement in existing processes.
What needs improvement?
Netflow - Processing Netflow can be cumbersome as it requires triggers to truly gain value and insight. This in turn can add a bit of load to the hardware. The focus of ExtraHop Reveal (x) is live packet data.
Triggers - While the triggers are great for specific use cases, it can add load to the hardware and requires some development skill, which can be costly.
VoIP - While we can view SIP and RTP (quality, MOS, etc.) it is not the best solution for VoIP itself. There are better solutions for more detailed VoIP monitoring. It can solve some problems, but not all problems.
For how long have I used the solution?
We have been using ExtraHop for quite a few years and we have been using their Reveal (x) platform since it went to market.
What do I think about the stability of the solution?
It is very stable. Have not had any issues.
What do I think about the scalability of the solution?
The solution can scale up to 100GB and it works.
How are customer service and technical support?
99% of the time it was great. Only had one incident that took some time, but it was resolved eventually with a positive outcome.
Which solution did I use previously and why did I switch?
We have used other solutions from other vendors like NetScout, Sinefa, etc. where the client budget, requirement and focus changed. Some clients prefer certain vendors since they might have a standing relationship with them.
How was the initial setup?
Design can take some time, the visibility layer can be quite intricate, but the actual ExtraHop Reveal (x) solution is extremely easy to deploy.
What about the implementation team?
Initially, we depended on the vendor team, but later we deployed mostly ourselves with some input from the vendor team. They were always very helpful and professional.
What was our ROI?
The ROI is fairly immediate, if you attach a service or dedicated resource. That determines how much you win.
What's my experience with pricing, setup cost, and licensing?
It is important to understand the data you feed any of these solutions. We always recommend a visibility layer (packet brokers, taps, etc.), but that incurs a new cost that can delay the project. So work on a strategy that delivers visibility and a solution that enables your teams. All of this will add to the project and cost. What you put in is what you will get out.
Which other solutions did I evaluate?
NetScout - TruView, nGeniusOne, Sinefa, nTopNG, Sintrex Flow.
What other advice do I have?
Generally, I enjoy working with this solution and the teams from ExtraHop. Just be sure that you always attache a service or a dedicated resource to any such solution to get the most value out of it.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)