What do you like best about the product?

Overall, RevealX is easy to use and provides great visibility into the network. ExtraHop has very thorough documentation and if you can't find what you're looking for the support and training teams are always willing to help. I've experienced a quick turnaround for questions around the product. The training team is excellent at maintain user engagement in a virtual setting. The product is also super customizable which is great for unique use and abuse cases.
I use RevealX almost daily, my top three pros from a technical perspective are the increased visibility of the network, customizing doesn't mean learning a new language, and low barrier to entry for analysts who are new to networking and security.

What do you dislike about the product?

My top three cons for the product are that when adjusting baseline metrics, the baseline completely resets and there is a 3-4 week period before the baseline is calculated. Going off the above, it does not perform "lookback" searches for detections, meaning I can't craft a detection today and then see if the logic matches any stored data in the tool. Some of the customization areas need a bit of work so that they tie into the other features of the product.

What problems is the product solving and how is that benefiting you?

ExtraHop enables us to have better visibility. This has resulted in us making configuration changes on hardware and network devices to decrease our attack surface.

What do you like best about the product?

ExtraHOP provides great visibility for performance and security issues in our environment. Many of the detections, dashboards, and device groups provide easy starting points for learning to use extraHOP. Then, building custom dashboards and detections is very simple. We use extraHOP every day to assist us resolving problemes. The customer support and partnership we have with extraHOP has been key to our success.

What do you dislike about the product?

You need to really understand your environment from the network layer to the application layers. extraHOP provides many options, but you need to determine what works best for your environment. It does take some time for planning the implementation properly but the planning and design time is worth it.

What problems is the product solving and how is that benefiting you?

extraHOP has helped us solve authentication issues, storage issues, server issues, network performance issues, security problems and other application problems. We had many blind spots and extraHOP has helped us gain visibility to many of our services.

What do you like best about the product?

We've tested the product using reputable 3rd party pentesters manual and automated. And we've compared it with other products. The difference between seeing that you are being compromised and not seeing it is huge. How do you choose a competitive product that is cheaper if it doesn't see that you are being compromised? Or how do you rest at night knowing that you've done everything you can to safeguard your network? Extrahop's visibility is far above the rest.

What do you dislike about the product?

It is pricey. So if you are Misinformed and think that backups, firewalls, and anti-virus solutions are going to save you then you aren't going to understand the price of this product.

What problems is the product solving and how is that benefiting you?

Mainly keeping our company from experiencing a ransomware event. We have staff dedicated to keeping their eye on the product and chasing down alerts 24/7/365.

What do you like best about the product?

I like that ExtraHop identifies the alert in a mannert that is easy to follow. It gives the risk level of the alert, shows the metrics, breaks down the records for the incident, shows the packets involved, and even includes a pcap of the packets that can be used in WireShark to analyze further. It also gives the Mitre techniques as well as mitigation options to mitigate the attack.

What do you dislike about the product?

I haven't found to many things I dislike about ExtraHop. It is not an automated system that will block an attack as it is happening, but it does e-mail out alerts so that I have the ability to begin investigating the incident as soon as possible leading to a faster mitigation scenario.

What problems is the product solving and how is that benefiting you?

As an ISP our network security is very important. ExtraHop is a tool to help ensure we are seeing any attack in realtime, giving us the ability to troubleshoot and mitigate the issue in a speedy manner. We have the abilty to isolate traffic quickly when an issue arises.

What do you like best about the product?

1. Seamless monitoring.
2. Simple and straightforward rule tuning.
3. Dashboard capabilities

What do you dislike about the product?

1. Lot of false positives.
2. Machine learning model is not flexible to the requirements.
3. Sometimes performance issues.

What problems is the product solving and how is that benefiting you?

Its providing detections that are required to ensure all the permiters are covered.