Video: 10 Minute IT Jams – Who is ExtraHop?

Cloud-based cybersecurity firm ExtraHop is making waves in the enterprise sector. In a recent interview, Glenn Maloney, the company's ANZ Regional Sales Manager, offered insights into ExtraHop's platform, its rapid growth, and why network detection and response (NDR) technology is gaining unprecedented traction.

ExtraHop was founded in 2007, and while Maloney describes the business as "a start-up but not a start-up", he emphasised the company's ability to reinvent itself. "We reinvented ourselves I think about five years ago where we really sort of got pulled into the security markets," Maloney said. "Prior to that we were a network performance management and diagnostics platform."

Today, ExtraHop protects some of the world's most recognisable brands, both globally and across Australia and New Zealand. At its core, the company provides cloud-native network detection and response for what Maloney calls the "hybrid enterprise" - organisations operating across both on-premises and cloud environments.

ExtraHop's two principal offerings are Reveal(x) 360 and Reveal(x) Enterprise. "The main difference between those two is really just one is a SaaS hosted solution and the other isn't," Maloney explained. The Reveal(x) platform itself is "a passive, agentless solution – two really, really key points there. We don't sit in line; we'll sit basically taking a copy of unstructured network data, analysing that in real time and providing security and network performance insights into what's happening across the hybrid enterprise."

What sets ExtraHop apart in the crowded cybersecurity market? According to Maloney, it's the combination of speed, scale, and intelligence. "What really blows my mind about the solution is the speed at which we can provide these insights into what's going on out there," he said, describing the system as having "5000 pre-built metrics analysing over 70 different enterprise protocols", able to process up to 100 gigabits of traffic in real time. "Some real enterprise-grade solutions," he added.

Industry analysts agree the market is growing swiftly. "It's a really exciting market to be in. It's growing at 60% year on year," Maloney said. Quoting recent research, he noted, "Gartner just recently released a market share report... they actually came back and said that we had a 382% increase in our NDR billings from 2018 to 2019. So it's certainly a very exciting time to be at ExtraHop and in the network detection and response market."

For organisations looking to improve their Security Operations Centre (SOC) visibility, NDR fills a crucial role. "You might have heard of the SOC visibility triad, which is a Gartner-endorsed strategy," Maloney explained. He describes the triad as having three essential components: endpoint detection and response (EDR), a security information and event management (SIEM) system, and a strong NDR platform. "ExtraHop is obviously the only network detection response platform that you should be considering," Maloney said with a laugh, while emphasising that NDR is designed to complement, not replace, EDR and SIEM solutions.

He pointed out that, as organisations adopt more cloud services, Internet of Things (IoT) devices, and bring-your-own-device (BYOD) policies, the traditional agent-based model of cybersecurity simply can't keep up. "You just simply can't deploy agents out into that area... so ExtraHop can provide a comprehensive inventory of all the devices within an organisation because the network ultimately sees everything."

Maloney also highlighted three bold claims recently released by the company: "eliminate blind spots with 100% coverage, detect threats faster than existing tools, and help organisations respond more quickly to alerts". He said, "Having a platform like ExtraHop that really monitors that east-west visibility is certainly very important, and we can actually help organisations respond 84% quicker to alerts that might be generated."

Alert fatigue among security teams is a growing concern. "Something that I'm hearing constantly out in the market is that SOC teams are just overloaded, they've got alert fatigue, they just don't know what they should be going and dealing with," Maloney said. "So, it's a fantastic time to obviously look at a platform like ExtraHop."

Integration is also a critical part of ExtraHop's go-to-market strategy. "One of the things that I've loved about being at ExtraHop is that we've got such an API and technology integration-friendly platform," Maloney said. Recent collaborations include CrowdStrike, AWS, Google Cloud Platform, and keysight, among others. For example, with CrowdStrike, ExtraHop enables automatic quarantine of infected endpoints after detecting network threats, a vital capability as agents cannot be deployed to every IoT or BYOD device.

Maloney explained, "Us working in collaboration with them really gives back to that SOC visibility triad picture... There's some fantastic stuff that we're doing with those platforms." He also cited partnerships with traffic mirroring providers such as AWS and Google, and visibility foundation providers like Ixia and Gigamon.

The company's distribution-first business model ensures local support. In New Zealand, Maloney praised their close work with Chilisoft, saying, "Alex and the team over there [have] been doing an absolutely fantastic job in introducing ExtraHop out into the market." In Australia, ExtraHop works with Orchid Tech and NextGen Distribution.

Whether partner or end user, Maloney encourages those interested to "get in contact with one of the distribution partners that I mentioned or reach out to me directly." He added, "We're certainly open to working with anyone out there in the market."

As the interview drew to a close, Maloney reflected on ExtraHop's progress and the rapid changes in enterprise security. "It's certainly a very exciting time to be at ExtraHop and in the network detection and response market," he said. "Thank you very much for having me."