CyberWhite Limited

ExtraHop Reveal (x) - Cloud Native Network Detection and Response

Reveal(x) providies unparalleled Visibility, Anomaly & Threat Detection and Response. It is compatible with major cloud providers plus on-premise and private clouds. Reveal(x) comes with cloud scale machine learning (ML) to detect threats and anomalous behaviours, provides 360-degree visibility of network traffic, fast investigation workflows and response automation.


  • Industry leader in real-time cloud cyber threat detection.
  • Complete visibility of your environment
  • Automatically discover and classify all cloud assets.
  • Track rogue instances, and flag exposed resources.
  • Decode 70+ enterprise protocols
  • Decrypt SSL/TLS in real time
  • Automatically flag indicators of credential harvesting and brute force attacks.
  • Limit tool sprawl by integrating with third-party solutions.
  • Respond in a few clicks, erasing hours spent manually investigating
  • Easily customize alerts and dynamic activity groups.


  • Cloud scale ML using 5000+ features to detect threats.
  • Correlate threats against your critical assets.
  • Automatically categorise devices into highly specific peer groups
  • Spot strange behaviours with minimal false positives.
  • Detect threats hiding in your own encrypted traffic.
  • Enriches every detection with context
  • Risk scoring, attack background and expert-guided next steps
  • Powerful integrations with third-party solutions
  • Results within minutes of being connected.


£1,200.00 to £15,000.00 a device a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 6 6 7 3 4 4 4 6 9 0 5 5 1 9


CyberWhite Limited David Horn
Telephone: 07377 416121

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
None. We provide full support services remotely or ad-hoc services onsite.
System requirements
  • ExtraHop-hosted Machine Learning requires outbound https connection
  • Data Feed established via taps or port mirror (physical/virtual)

User support

Email or online ticketing support
Email or online ticketing
Support response times
ExtraHop works in collaboration with the customer to establish priority ranking of any open support ticket. Communication cadence and priority levels are mutually established by Customer and ExtraHop on a case-by-case basis. In addition, CyberWhite have the ability to triage tickets and manage them on behalf of the client. For additional information of support policies please see Appendix A of our policies documentation found here -
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Basic Support: Helpdesk / remote problem diagnosis and support, 8 x 5.
Platinum Support - 24 / 7 / 365.
Base support is included.
Support available to third parties

Onboarding and offboarding

Getting started
A number of professional services packages are available and these are tailored to specific requirements. These include options for: Online Training, Remote & Onsite Implementation, Pre & Post Sales Support and End User Documentation.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Inbound and Outbound APIs may be used. Typically these would be configured on service deployed so data that is imported and can be stored on users systems. It is possible to export views manually as pdf's and csv's.
End-of-contract process
Once the licences expires, this means that the contract has ended. This then means that data interfaces cannot be accessed. Physical appliances would be returned to ExtraHop (disk wipes may be performed beforehand).

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
ExtraHop Reveal(x) can monitor the communication to/from mobile and desktop devices. The main requirement is that the data feed (enabled via taps or port mirrors) includes all this communication.
Service interface
Description of service interface
There is a portal/interface on each deployed monitoring sensor as well as a central portal that can be either deployed in customer environment or as a SaaS.
Accessibility standards
None or don’t know
Description of accessibility
The ExtraHop User Interface is the primary portal to information provided by our products and services. The UI is designed to current industry standards.
Accessibility testing
ExtraHop has evaluated the product accessibility using the VPAT format. A copy of the accessibility assessment is available upon request.
What users can and can't do using the API
The API is REST-based. The API is extensive although mostly focused on regular day to day tasks. A limited number of one-off administrative tasks are only available via the WebUI.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
It is possible to customise alerts and dashboards plus integrations to third-party solutions.
Dashboards are customisable (drag and drop), analysis engines are customisable (javascript), inbound/outbound connectors enabling integration are customisable (javascript).


Independence of resources
Hosted using the AWS platform


Service usage metrics


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Manually via the Web UI or automatically via customisable logic (javascript)
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • Xls

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Any identifiable meta data is anonymised and sent over mutually authenticated encrypted (TLS 1.2 PFS ciphersuite connection to ExtraHop's ML service.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
All data in transit is encrypted. Raw data stored in the ExtraHop Trace appliance is encrypted at rest. A copy of the ExtraHop Security Privacy and Trust document may be made available for additional details on data protection in the platform.

Availability and resilience

Guaranteed availability
Whilst ExtraHop strives to provide the highest level of service, we do not provide individual availability guarantees.
Approach to resilience
Snapshots are taken frequently of dedicated cloud devices to quickly restore customer services should a problem ensue.
Outage reporting
Should an extended outage occur customers can be notified via email if requested.

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
Users do not access the hosted ML service directly. Users access the portal which is a part of the Reveal(x) solution deployed in their own environment.
Access restrictions in management interfaces and support channels
RBAC is a key part of the product limiting/enabling functionality; additionally users can be defined to groups and given selected access to dashboards.
Access restriction testing frequency
At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Users authenticate in the same way regardless of whether access is to 'user' or admin' functions. A property of local/remote user accounts is the access level which governs whether admin functions are available or not.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • SOC 2
  • SOC3
  • Please see

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
ExtraHop uses ISO 27001 as the standard model. ExtraHop are SOC2 and GDRP certified. Please the ExtraHop web site for additional information on their security posture and certifications.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Generally speaking all configuration is stored in git.
All changes go through a staged and documented peer review process and testing regime before being pushed to production.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
ExtraHop uses a custom vulnerability management process based on Nessus scans. Scans are undertaken monthly and remediated according to priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
ExtraHop uses a custom monitoring system. This comprises a series of technologies and services to monitor the network for potential compromise.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ExtraHop bases its incident management process on NIST 800-61. Alerts are set for critical processes and logs are reviewed regularly.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£1,200.00 to £15,000.00 a device a month
Discount for educational organisations
Free trial available
Description of free trial
The parameters of the free trial will be discussed and success criteria agreed.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.