Uncover attackers hiding on your network
Rating: 10 out of 10
IncentivizedUse Cases and Deployment Scope
Extrahop has been an integral piece in our Security Operations Centre and has repeatedly uncovered suspicious activity earlier in the attack kill-chain than other tooling.
We purchased ExtraHop to enhance our network based detections and for their complimentary approach to Crowdstrike as an EDR. Crowdstrike provides strong visibility at the endpoint level; however, that assumes it is installed on all devices. ExtraHop analyzes all network traffic regardless if the device is corporate managed or what technologies exist on the endpoint. This results in clear visibility into what is actually occurring on the network.
Furthermore, we also have utilized ExtraHop quite extensively for other projects including mapping out network communication flows, and gaining insight into system dependencies through network communications prior to deccomissioning assets.
Overall, it has been a great purchase and become fundamental to our information security program.
We purchased ExtraHop to enhance our network based detections and for their complimentary approach to Crowdstrike as an EDR. Crowdstrike provides strong visibility at the endpoint level; however, that assumes it is installed on all devices. ExtraHop analyzes all network traffic regardless if the device is corporate managed or what technologies exist on the endpoint. This results in clear visibility into what is actually occurring on the network.
Furthermore, we also have utilized ExtraHop quite extensively for other projects including mapping out network communication flows, and gaining insight into system dependencies through network communications prior to deccomissioning assets.
Overall, it has been a great purchase and become fundamental to our information security program.
Pros
- Network discovery
- Network based detections for suspicious/malicious activity and behaviour
- Insight into data flow between systems
- Visibility into network errors
Cons
- Reporting
- Prevention
Likelihood to Recommend
ExtraHop is a must have for on-premise environments where traffic passes through a physical data centre or network operations centre giving complete visibility into what is happening on the corporate network. This works flawlessly if business operations are in office. For hybrid or remote setups, the solution still works well by placing ExtraHop traffic between the VPN termination and firewall and setting up a span port.
ExtraHop works well for cloud based deployments as well with their virtual appliances; however, it does not have the same edge against competition as many CNAPP solutions can gather similar data using graph API's provided by the cloud service provider. That said, ExtraHop does provide some unique features that CNAPP's do not around network operations.
ExtraHop works well for cloud based deployments as well with their virtual appliances; however, it does not have the same edge against competition as many CNAPP solutions can gather similar data using graph API's provided by the cloud service provider. That said, ExtraHop does provide some unique features that CNAPP's do not around network operations.
Vetted Review
5 years of experience