Initially, we deployed Reveal as a standalone solution for network detection and response. It provided us with data and analytics on server-to-server enterprise networking. We used it to gain visibility into the amount of traffic and where it's going. For example, it will say that 28 gigs of data went to Google and break that down based on all the sites that have been visited. 

It also tells you about the authentication data and helps you visualize how data moves across your network. Based on that, you can adjust the routing tables to make things work a little more evenly. It will also help you identify specific types of malware and how it moves across devices, what protocols and ports it uses, etc.

Unlike Crowdstrike, Reveal(x) doesn't require you to deploy sensors. CrowdStrike puts a sensor on the computer, so I know exactly how many devices are going through it. It's roughly 50,000. Those aren't people using it. Those are just devices that exist in the world. ExtraHop just looks at traffic, so each device connected to the network goes through it, and that's around 230,000 devices, and it's monitoring all the traffic to and from the internet.

We are a healthcare organization with more than 80 facilities, but I'm the only one who uses ExtraHop. When there are performance issues with an HTTP app, ExtraHop enables us to identify the causes within a few minutes. We can see what transactions are being impacted by something that may be happening within the server environment.

We set up a number of traffic sources that are typically either ERSPANs or TAPs and place ExtraHop appliances at critical places within the network. That traffic is typically fed into a packet. We have four small devices designed to go into small data centers. We're continually rotating those around to different facilities to help identify issues. They have helped us to understand what's going on.

The ExtraHop appliance enables you to do what an expert using Wireshark can do. However, it's all in the firmware, so you can do real-time analysis without the need to boil terabytes worth of data to find out what's happening.

It's used by application owners and network engineers for troubleshooting application performance issues or network performance issues.

It's a hybrid solution. We have on-prem sensors and trace appliances and a cloud control appliance.

I'm on the cybersecurity team. I do a lot of the blue threat-hunting and incident response. The things I deal with have nothing to do with network performance, but I handle the detections and things that ExtraHop Reveal(x) can pick up.

We are using ExtraHop Reveal(x) for lateral movement and for behavioral analytics.

Our company uses the solution to send sensors to the Reveal 360 cloud for customers. We have about 500 customers using the solution. 

It can detect new attacks or expired certificates. It's especially effective in identifying Netria attacks or any other online threats that may occur.

I use ExtraHop Reveal(x) since it helps provide notifications related to the network traffic in my company so that the necessary action can be taken.

We have implemented the ExtraHop Reveal(x) solution at multiple clients. They range from government, retail to financial. We collect north-south and east-west traffic via a visibility layer (packet brokers, taps, spans) and then feed that traffic to the ExtraHop Reveal (x) solution. The volume ranges from 1 GB solutions up to 40 GB solutions with 100 GB in the pipeline. Initially, we approached them for application performance analysis, but we now use it to assist the security teams as well. The behavioral analytics and ability to go back in history is proving extremely valuable.

We primarily use the solution for three main aspects: security, visibility, and application performance.

We use the solution for an advanced layer of security. It provides us with network visibility to identify types of attacks.