Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

ExtraHop mines the network to glean operations intelligence

John Dix | Oct. 7, 2013
Rothstein, founder of Extrahop, updates us on the company and what he has learned about things about virtual loss.

To a large degree wire data has been neglected. Yes, there have been products like network probes and packet sniffers for three decades or more, but I would say they only scratch the surface of what's available on the wire. At ExtraHop we founded the company on the premise that there is this tremendously rich, tremendously deep source of data on the wire, and by leveraging gains in processing power and storage capacity, that we could extract and analyze and derive intelligence from that data. It has required a completely different technology approach than you would do for any of the other sources of data. But it is, I believe, every bit as valuable.  

I tell organizations that, as a best practice, they should probably have a product that is focused on each of these four sources. I wish I could say that there's one that does it all, but there isn't, because these do require pretty fundamentally different approaches.  

APM providers argue they can see it all, embedded as they are in the applications. What are you providing they can't?
APM is really focused on code-level instrumentation, and there are probably three fundamental differences between us and APM. One is philosophical. We define the application differently. APM tends to define the application as the code running on a server and they instrument that. At ExtraHop we define the application as the entire application delivery chain. That includes the client devices, the network transport, the front end, the middleware, the transaction queuing, back-end storage and even other ancillary services. It's a chain because if any one link fails, the entire application is down, and any one link can be a bottleneck. I can't tell you how many applications I've seen where the code is running fine but the application fails because of something like DNS resolutions aren't completing. That has to be considered part of that delivery chain.  

No.2 is audience. Traditional APM tends to be used more by developers who have intimate knowledge of the application code, whereas IT operation teams can get more out of our wire data analysis because it is focused on production-level systems. We answer the questions they care about most, like "What's happening right now? Did something change in my environment? Are transactions succeeding or failing? Is this better or worse than it usually is? What resources are people trying to access?"  

And the third difference is between custom applications versus off-the-shelf packaged applications. APM solutions are much more popular with organizations that are developing custom applications because they're writing the code and the code is changing and they need to see how that's performing. We really sell to both. Yes, we absolutely are used by organizations that are writing custom applications, but we're also used by organizations who are dependent on packaged applications that they don't have very intimate knowledge of, but still absolutely care how well it's working.


Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.