Big Data collection and Analytics

The volume of data that ExtraHop are now able to collect over the wire is massive and they believe that the new appliance delivers the ability to analyse that data using their visual query language. The ExtraHop theory is that everything travels over the wire so collecting it should be easy. They believe installation is simple, 15 minutes to install the appliance to add value, but in deeper questioning it is not so straight forward.

As Blood commented: “There is definitely due diligence that needs to happen.” What he means is that while some companies are able to open up span ports from switches in core racks that can deliver all wire data, this is not going to be case in every organisation. Companies need to think carefully about how they move the data about their network so that they are able to feed all the data back to the ExtraHop appliances without creating new bottlenecks on the network and slowing it down.

Isaac Roybal, Principal Product Marketing Manager (Source ExtraHop)
Isaac Roybal, Principal Product Marketing Manager

So what about the analytics that ExtraHop are providing with Explore? Roybal commented: “We are releasing our Explorer appliance, the point of this is to enable enterprises to explore data their way. We are giving customers loads of data, but we are giving them in a way that they can make sense of it.”

ExtraHop are not delivering a complex analytics solution to rival Tableau and the like, what they are delivering is a single multi-dimension view of customer data with filtering. The intent was not to create a new analytics engine but a single point for all data captured on the wire that can be used for a business benefit. What business benefit they are yet to determine in many instances, but the appliance is new and there is already excitement within the healthcare area.

Roybal explained a specific use case:

“We had a customer that we were talking to about 5.0, and for them they said:

This is great, because not only can we see the drug orders coming in through the system, but now we can also start to store that information in terms of which drugs were administered by which doctors and how often.

They also see new use cases where they can start to see which certain drugs were administered together. If it’s a deadly combination, it can give a red flag and alert them right away as the order comes in before its delivered to the actual medical drug pump via telnet.

It’s a whole new dimension to the business, they can get their chief safety officer involved…It is actually saving people’s lives.’”

This is achieved by looking into HL7 data and it is this use case where the ExtraHop appliance could be a winner for them. The analytics themselves, while delivered through a GUI interface, will be nothing to shout about but as the appliance is open allowing other analytics tools to analyse the data further this will deliver a step beyond what has been done before.

Justin Long, Senior IT Manager at McKee Foods sums this viewpoint up neatly by commenting: “ExtraHop has quickly become my go-to solution to really understand what’s happening in the IT environment.

“By exposing the relationships and interconnections between our systems, the new ExtraHop Explore appliance is going to help us understand our infrastructure even better, and give us new insight into how performance impacts reverberate across tiers. Frankly, it’s going to help us answer questions that we don’t even know to ask yet.”

This step change is not just about new use cases but also enhancing the ability of network engineers to understand what is happening on the network. It seems unlikely that ExtraHop will have the same level of analysis as specialised network analyser tools, but if that can create views and some add on elements they may be able to replicate this. In fact it is the kind of acquisition that ExtraHop might look to complete in order to deliver such specialist solutions for their new found data sets.

Brent Blood, Sr. Manager, Technical Marketing Engineering at ExtraHop Source ExtraHop
Brent Blood, Sr. Manager, Technical Marketing Engineering at ExtraHop

Blood explained the difference from previous versions by saying: “Historically before version five ships we were storing metadata. On that network traffic, we take the packet, assemble them together into TCP strings or flows of data and analyse up to layer seven. However we are not storing the individual transactions. We are maintaining summary data about key things within that.

“For example we see a transaction for a given URI. We will maintain metrics about the URI, ie how quickly it will respond. It’s not looking at the individual pieces.

“In version five, we are not only have the summary roll up metrics, but we are going to have the individual transactions that made them up stored separately, We will not store the full packet data, what we will be storing, for eg If you are looking at a graph and see a spike in traffic. Prior to V5 we couldn’t tell you what made up the spike. We just knew that there was one. Now we will be able to show you the individual events to make that traffic up on a fine basis. We are storing metadata about those flows.”

<More: Is my data secure?>

1 COMMENT

  1. We received the following reponses back from ExtraHop around the pricing model for the upgrade and the new appliance. The information will be well received by customers looking to enhance their solution.

    Q1 : Is there an upgrade cost for version 5.0

    “Customers who have 4.0 will get 5.0 as a free upgrade. ”

    Q2 : What is the cost structure for the new appliances?

    “The Discover and Explore appliances, whether physical or virtual, do have a per node cost associated with them. Through this model, customers can ingest as much data as they want without incurring a “data tax” like other some other solutions in the market.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here