Due to be available in April, Addy (renamed from Ally due to a legal issue) draws interpretations from the data ExtraHop is picking up real-time.
Network performance management (NPM) is typically about watching what’s happening to the network. ExtraHop adds the wrinkle of observing the metadata of the passing traffic. When interpreted correctly, this wire data can provide extra real-time insight into what the network is doing.
That was the core insight that led to ExtraHop’s founding in 2007 by former F5 engineers Jesse Rothstein and Raja Mukerji. “Instead of looking at endpoints to gather log files or instrumental data, we realized all these transactions are flying by us every moment,” says Isaac Roybal, ExtraHop’s director of products.
Addy could provide any number of insights, but ExtraHop is first focusing on security applications. That’s partly because the RSA Conference is taking place in San Francisco this week, but it’s also because of the results of Addy’s beta tests. One customer was able to use Addy to detect early signs of the massive denial-of-service attack on DNS provider Dyn, for example. The company was able to reroute traffic to avoid the problem. (ExtraHop had the same experience, Roybal says.)
ExtraHop expects Addy to be used by security operations personnel as a way to cull the massive amount of data available off the network. That’s a problem that is attracting plenty of possible solutions based on machine learning or artificial intelligence. Yesterday, for instance, IBM announced a service called Watson for Cyber Security, which combines security operations with Watson’s ability to ingest volumes of security literature.
One factor making Addy possible now, as opposed to 10 years ago, is the availability of seemingly unlimited compute power in the cloud. That makes it possible to scale up a machine-learning agent to provide a useful real-time service, Roybal says.
NPM vendors such as NetScout and Riverbed make use of real-time analytics in similar ways to ExtraHop — as do competitors in application performance management (APM), including AppDynamics (being acquired by Cisco), Dynatrace, and New Relic. ExtraHop considers its focus on wire data to be its competitive edge. Moreover, the company considers its software to be a platform, which it can augment with cloud-native inventions like Addy.