Interview: Why 'the ExtraHop moment' is creating revelations in network visibility
FYI, this story is more than a year old
Carl Gough is the general manager of ExtraHop for New Zealand, New South Wales and Queensland. He joined 6 months ago to spearhead expansion across the territory — find partners, gain visibility and bring detection solutions to A-NZ.
“We are a real-time analytics company. As an appliance, our product sits passively on a network and analyse traffic. We analyse every single digital transaction that occurs and turn that into actionable data — solving problems, finding root causes, detecting security issues or simply providing insights to help business growth. We provide businesses the capability to stay on their front-foot and detect problems before their customers are affected.”
Headquartered in Seattle, WA, ExtraHop has grown quickly since 2007 — gaining customers such as Sony, Microsoft, Google, Adobe and Lockheed Martin. Their product has been increasingly integrated into cybersecurity protocols and they are now poised for truly global expansion.
Robin Block sat down with Carl to learn how ExtraHop’s technology has enabled their growth and understand what they offer the cybersecurity landscape.
What does ExtraHop do and why is it important — how does it relate to cybersecurity?
Carl: The potential security implications of our product were realised several years ago. The visibility afforded by our appliance — our ability to reconstruct TCP and UDP flows — aids security processes and is itself a useful tool for threat detection. The capacity of machine learning protocols, for example, to effectively operate is directly dependent on the breadth of data. We collect upwards of 4,600 metrics per packet, and index that information in real time. That capacity is pretty much an order of magnitude higher than our competitors.
Our analytics, however, don’t have to be about security — they are applicable to almost anything. We consider ourselves the ultimate source of truth for an enterprise. We provide complete visibility across a network. We see all the dependencies and interconnections — from applications right through the infrastructure. It is second layer to seventh layer visibility, the likes of which you have never seen before.
The auto-discovery capabilities we offer are nearly unprecedented. Most other companies have to deploy an agent to achieve similar scanning capabilities. However, that actually can’t solve the problem because that requires knowing where to put that agent. If you don't know what you have, then you don’t know where to start.
We have been told by customers in New South Wales that we did things in a week what had taken them 2 years to complete. The number of conversations I have had with companies and government agencies around this particular problem gives me a high level of confidence in saying that no one else can come close to our auto-discovery and dependency mapping capabilities.
How have you approached growth and market penetration in Australia and New Zealand?
Carl: A lot of our success in getting around market noise is simply through referrals. The best sales pitch is being able to prove what you can do. A huge part of that is simply being able to deliver on promises to the first customers that take a chance on you. In the last 5 months, we have developed success stories and that is bringing customers to us. That is particularly true in Australia — it is a small market, people know each other.
We often end up speaking with Heads of Security, Risk and Compliance. Cybersecurity is interesting because it has its own vertical, but it is actually a horizontal business problem. What really matters is the ability to manage risk.
We have been lucky to pick up some key partners here in the cybersecurity space. The fact that we are able to attract those partners, as well as internal talent and analytics customers, tells me that we are solving the right problems. Discovery is a big problem to which people need a simple solution — we are that simple solution.
What do you see in the future?
Carl: Over the next 12 months, we have to build our team and scale. The goal is to become the default choice when it comes to real time visibility and discovery. Initiatives such as The New Payments platform — real-time payments designed to support an ‘always on economy’ — are a substantial opportunity for us as is all of the work around APRA reporting.
Both require visibility that follows suit. Given the OIAC mandatory breach notification requirements coming into play in February 2018, real-time visibility to operate safely and protect customers and your reputation, are going to be crucial.
A big part of our value proposition is that over the last 20 years, everyone has bought specific monitoring tools to do specific siloed based North South things — but, none that bring East-West visibility where often the problems are sitting. As a result, most have only a partial version of the truth and that is where the unproductive war room and finger pointing blame game begins. But, more importantly, that is why things are missed and damage occurs.
One of the most satisfying things about working for ExtraHop is seeing almost revelatory moments on some of our client’s faces when we plug in our appliance and shine a light on what is actually going on. There are stories passed around our sales department about CIOs being nearly brought to tears by our system helping solve a problem that had plagued them for years. We call it “Their ExtraHop moment”.
There are a lot of companies and government agencies that need our help understanding what assets they have in order to manage it, but more importantly, secure it. This is a big opportunity for us both, but in saying that, we only want to work with companies that have the willingness and desire to adapt the way they bring visibility to solve problems.
Article by Robin Block.