ExtraHop Reveal(x) Case Study: How TRWD Boosted Cyber Defense

This ExtraHop Reveal(x) case study highlights how a small, resource-limited IT team at Tarrant Regional Water District (TRWD) in North Texas turned to network detection and response (NDR) to take control of their cybersecurity. With over 2.1 million people depending on them for water and flood management, TRWD needed to address the growing risk of advanced persistent threats, despite not having a dedicated in-house security team.
 

Their solution was ExtraHop Reveal(x), a behavior-based NDR platform that delivers full network visibility and real-time anomaly detection. Initially deployed to improve visibility across TRWD’s infrastructure, Reveal(x) quickly proved valuable beyond its original goal. It now supports real-time threat detection, compliance efforts, and application performance monitoring across the district’s distributed network.

Reveal(x) helped TRWD detect and respond to high-profile threats like SUNBURST. Although DNS logging was not enabled on their domain controllers, the team was able to investigate potential indicators of compromise using DNS data stored by Reveal(x). The platform’s ability to capture and retain detailed network metadata turned a potentially difficult incident into a manageable investigation.

This ExtraHop Reveal(x) case study also shows how the platform supports evolving needs. As TRWD’s environment changes, so do their configurations. Reveal(x) adapts with them, providing scalable protection against threats targeting physical, cloud, and IoT infrastructure.

By mapping common use cases across security, cloud visibility, and IT operations, ExtraHop demonstrates how Reveal(x) helps customers stay ahead of advanced attackers and simplify incident response.

See the extended case study here.