One giant hop for analytics

Is my data secure

This is a pertinent question for ExtraHop and the answers were maybe not as solid as they might have been. While the data is encrypted while in transit, out the box data is not encrypted when stored on the explore box. Traditionally this would not have been an issue, but with the capability of storing personal data customers will need to carefully consider what data they will actually be keeping to analyse.

One of the use cases that Roybal talked about was IoT, and if data collected included employee movements via swipe card data that is passed over the wires then there may be an issue (in simplistic terms) about whether that data should be protected. It is also pertinent to Employee Law and what data can be collected and whether it relates to employee surveillance.

Blood explained further: “Out of the box we support decrypting SSL as long as perfect forward secrecy isn’t being used and we have access to the keys and certificate. We can decrypt that traffic in real time. If the customer is using home grown encryption, some of it will look like opaque data.”

Blood also believes that ElasticSearch may support encryption and inferred that customers could take advantage of this capability, especially as there seems to be some custom programming possible on the platform which enables customers to decrypt other types of encrypted data if they wish. This is achieved through the REST API that allows users to control, and administrate any physical virtual appliance through any programming language.

New features

Besides the HL7 capabilities version 5.0 is enabled for more than 45 different protocols, these include four new protocols Kerberos, MSMQ (Microsoft Message Queue) Telnet and DHCP. The platform also supports ODS (Open Data Stream) with support for Kafka messaging and the ability to integrate to Splunk and Mongodb amongst others. This piping out of data and the ability for analytics packages to interrogate the data for even greater insight makes this new appliance very interesting, but is it cost effective.

For companies looking to purchase the device ExtraHop have a PoV exercise (Proof of Value), that they will sometimes engage with companies on. Roybal explained this as “We have an initiative called POV, … we can start to scrape the data into ExtraHop and then start to show problem areas that customers can address right away. That does spit out a calculation of what that would save them as well. … … we need data from the organisation to understand their profile, what they are trying to accomplish and then we use industry benchmarks as well as costing estimates to give an overall value.”

Conclusion

Despite being version five, this feels like a new entrant to the market. There are still quite a few unanswered questions and there is potentially a lot that ExtraHop could do to enhance the appliance. There is actually little analysis of the data out of the box for example, or rather there could be a lot more. ExtraHop could go down three different routes for this: build, buy or develop themselves as they move forward into the new future of wire analytics.

Christian Renaud, Senior Analyst at 451 Research commented on the new platform said: “Cloud, virtualisation, and software-defined everything have upended the traditional enterprise playbook.

“The next frontier of business operations is technology-driven, complex, dynamic, and lightning fast. Managing it is going to require a fundamentally different approach. ExtraHop is at the forefront of this sea-change, tapping a rich source of data and applying sophisticated analytics capabilities that not only put IT teams back in command of the datacenter but give enterprises tangible insights that drive business value.”

Renaud is correct, ExtraHop have produced something that can leverage customer data previously unavailable, the use cases are still being explored and it will be interesting to see what their customers manage to achieve.