ExtraHop Reveal(x) Alternatives and Competitors

Get our free report covering Darktrace, Awake Security, Corelight, and other competitors of ExtraHop Reveal(x). Updated: June 2021.
510,204 professionals have used our research since 2012.

Read reviews of ExtraHop Reveal(x) alternatives and competitors

JG
Head of Information Security at a engineering company with 10,001+ employees
Real User
Top 10
Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT

What is our primary use case?

One of the interesting things that made us lean towards going with Awake was that it fulfilled a couple of use cases. One was the core NDR functionality. We wanted it to be able to monitor our network traffic and alert us on security-relevant events. Another request we had was that because our security team was pretty resource-constrained, we wanted a solution that could provide an in-house managed service for monitoring it, as a partner. Awake was able to provide that, with their MNDR team. and that was something that we found pretty valuable.

Pros and Cons

  • "The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that."
  • "One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far."

What other advice do I have?

One thing to be aware of, for someone else using Awake, is to be ready, at the beginning, to clearly define what is expected network activity and what is not. That helps both teams. For us, it has been an interesting challenge because our network is quite complex. In the life sciences, we have pretty varied environments for physical manufacturing, R&D, and SGNA. It spans the whole gamut. What helps in that environment is being very clear, up front, about documenting and giving context to the Awake MNDR team about which devices are domain controllers and the kinds of traffic they should expect…
Cybersecurity Architecture Manager at Banco de Chile
Real User
Top 5
A stable and scalable solution for investigating cases

What is our primary use case?

We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.

Pros and Cons

  • "It is a stable solution."
  • "It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."

What other advice do I have?

I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network. I would rate Darktrace an eight out of ten.
Get our free report covering Darktrace, Awake Security, Corelight, and other competitors of ExtraHop Reveal(x). Updated: June 2021.
510,204 professionals have used our research since 2012.