Blue Cube Security Ltd

ExtraHop Reveal(x) – Cloud Native Network Detection and Response

A Cloud Cyber Security Platform, providing Visibility, Anomaly & Threat Detection and Response. Compatible with all major cloud providers, as well as on premise and private clouds. Cloud scale machine learning (ML) to detect threats and anomalous behaviors, provides 360 visibility of network traffic, fast investigation workflows and response automation.


  • Industry leader in real-time cloud cyber threat detection.
  • Complete visibility of your environment
  • Automatically discover and classify all cloud assets.
  • Track rogue instances, and flag exposed resources.
  • Decode 70+ enterprise protocols
  • Decrypt SSL/TLS in real time
  • Automatically flag indicators of credential
  • Limit tool sprawl
  • Respond in a few clicks,
  • Easily customize alerts and dynamic activity groups.


  • Cloud scale ML using 5000+ features to detect threats.
  • Correlate threats against your critical assets.
  • Automatically categorize devices into highly specific peer groups
  • Spot strange behaviors with minimal false positives.
  • Detect threats hiding in your own encrypted traffic.
  • Enriches every detection with context
  • Risk scoring, attack background and expert-guided next steps
  • Powerful integrations with third-party solutions
  • Results within minutes of being connected.


£2,000 to £24,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 2 4 0 0 3 1 6 9 7 2 9 4 1 7


Blue Cube Security Ltd Operational Admin Support
Telephone: 0345 0943070

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
  • ExtraHop-hosted Machine Learning requires outbound https connection
  • Data Feed established via taps or port mirror (physical/virtual)

User support

Email or online ticketing support
Email or online ticketing
Support response times
1-4 hours (dependant on severity)
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is accessed through the Support Portal. The support portal is a public facing website which contains access to our Online Help Desk,Web Chat and documentation such as setup guides, videos and forums.
Web chat accessibility testing
Not Known / Not Tracked.
Onsite support
Yes, at extra cost
Support levels
Platinum Support (24x7x365)
Support available to third parties

Onboarding and offboarding

Getting started
A number of Professional Services packages are available.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Inbound and Outbound APIs may be used. Typically these would be configured on service deployed so data that is importand can be stored on users systems. It is possible to export views manually as pdf's and csv's.
End-of-contract process
Licences expire meaning data interfaces cannot be accessed. Physical appliances would be returned to Extrahop (disk wipes may be performed beforehand).

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
ExtraHop Reveal(x) can monitor the communication to/from mobile and desktop devices. The main requirement is that the data feed (enabled via taps or port mirrors) includes all this communication.
Service interface
Description of service interface
There is a portal/interface on each deployed momitoring sensor as well as a central portal that can be either deployed in customer environment or as a SaaS.
Accessibility standards
None or don’t know
Description of accessibility
While ExtraHop strives to create a user interface that meets industry standards for accessibility, ExtraHop has not pursued official review of our services today.

The ExtraHop User Interface is the primary portal to information provided by our products and services. The UI is designed to current industry standards.
Accessibility testing
ExtraHop has evaluated our product accessibility using the VPAT format. Please see the attached Accessibility assessment.
What users can and can't do using the API
There is a REST-based API

The API is extensive although mostly focused on regular day to day tasks. A limited number of one-off administrative tasks are oly available via the WebUI.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Possible to customise alerts and dashboards plus integrations to third-party solutions

Dashboards are customisable (drag and drop), analysis engines are customisable (javascript), inbound/outbound connectors enabling integration are customisable (javascript)


Independence of resources
ExtraHop provides an interface to the product that scales to hundreds of users. As related to our cloud services (Machine learning and anomaly detection) all customers have dedicated cloud scalable instances as it relates to their deployment. No one user or customer can impact the use or performance of any other user or customer.


Service usage metrics


Supplier type
Reseller providing extra support
Organisation whose services are being resold
ExtraHop, Splunk, Trend , Sophos, Qualys, Netscout, Imperva, CyberArk, Fortinet

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other data at rest protection approach
Data sent to ExtrHop Anomaly Service is anonymized
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Manually via the Web UI or automatically via customisable logic (javascript)
Data export formats
  • CSV
  • Other
Other data export formats
  • Manually via the Web UI
  • Javascript logic
  • Flexible connectors (HTTP(s),
  • Kafka,
  • Syslog or raw socket
  • MongoDB,
Data import formats
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
Other protection between networks
Any identifiable meta data is anonymised and sent over mutually authenticated encrypted (TLS 1.2 PFS ciphersuite connection to ExtraHop's ML service.
Data protection within supplier network
Other protection within supplier network
All data in transit is encrypted. Raw data stored in the ExtraHop Trace appliance is encrypted at rest. Please see the ExtraHop Security Privacy and Trust document for additional details on data protection in the platform

Availability and resilience

Guaranteed availability
While ExtraHop strives to provide the highest level of service, we do not provide individual availability guarantees.
Approach to resilience
Snapshots are taken frequently of dedicated cloud devices to quickly restore customer services should a problem ensue.
Outage reporting
Should an extended outage occur customers can be notified via email if requested.

Identity and authentication

User authentication needed
User authentication
Other user authentication
Users do not access the hosted ML service directly. Users access the portal which is a part of the Reveal(x) solution deployed in their own evironment.
Access restrictions in management interfaces and support channels
RBAC is a key part of the product limiting/enabling functionality; additionally users can be defined to groups and given selected access to dashboards.
Access restriction testing frequency
At least once a year
Management access authentication
Description of management access authentication
Users authenticate in the same way regardless of whether access is to 'user' or admin' functions. A property of local/remote user accounts is the access level which governs whether admin functions are available or not.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • SOC2
  • SOC3
  • GDPR

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ExtraHop uses ISO 27001 as the standard model. We are SOC2 and GDRP certified. Please see our web site for additional information on our security posture and certifications.
Information security policies and processes
ExtraHop has built and implemented a Security Operations Framework comprising an extensive set of policies and procedures. This framework, based on the NIST Cyber Security Framework, undergoes annual SOC 2 Type 2 audits and is employed in creating and offering all ExtraHop products and services.

ExtraHop has developed a Security Operations Framework based on ISO27001 and is adopting NIST CyberSecurity Framework controls. Policy is written against these frameworks.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Generally speaking all configuration is stored in git.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Scans are done monthly and remediated according to priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
ExtraHop uses a custom monitoring system.

Alerts are set up for critical processes. Logs are reviewed regularly.
Incident management type
Supplier-defined controls
Incident management approach
ExtraHop bases it's incident management process on NIST 800-61

When an incident is raised, an incident manager is appointed to run the incident to completion. Root cause analyses are encouraged.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£2,000 to £24,000 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
Full service scope can be supplied.

Timescales are subject to client requirement

Please make request via our website:
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.