ExtraHop, which has shifted the emphasis of their business to security with Network Detection and Response, is looking to be seen as the NDR vendor of choice for the channel.

LAS VEGAS – Seattle-based ExtraHop has pivoted from its original Network Performance Management [NPM] focus into security with Network Detection and Response [NDR], particularly around the cloud.  At the AWS Re:Invent event here, the company deepened its support for AWS, with the automated quarantining of compromised Amazon EC2 instances, and the introduction of continuous packet capture.

“ExtraHop has been around for over 10 years, and while we were built for the NPM space, we could always do much more,” said Ryan Davis, Senior Product Manager for the cloud business at ExtraHop. “By 2015, while our sales were mainly NPM, we had begun to realize that customers used us for other use cases – with security being the most common.”

“Three quarters of our customers had a security case, even though we didn’t have a security product,” said Mark Fitzmaurice, ExtraHop’s VP of Channel. “The legacy performance management isn’t where our focus is now. We are security-first.”

The focus on security product was strengthen two years ago with the launch of ExtraHop Reveal(x), an NDR product that provides both real-time threat detection inside the perimeter, as well guided investigation through network traffic analysis. In June of this year, ExtraHop Reveal(x) Cloud was introduced for AWS.

“Reveal(x) was built for the SecOps market, to provide value for security teams,” Davis said. “In the last 12 months, we have announced a number of cloud products. Grabbing network packets in the cloud was cumbersome, and struggled to scale, so we partnered with the cloud providers when they released Virtual Network TAP [vTAP] for Azure, and VPC traffic mirroring for AWS to obtain full packet feeds. These virtual taps now open up a complementary cloud SOC visibility triad, tapping into logs, endpoint data, and network data.” Most recently, ExtraHop announced an integration with ExtraHop Reveal(x) and Google Cloud Platform [GCP] through the new packet mirroring feature announced by GCP at Google NEXT ’19 UK.

Davis said that traffic mirroring’s passive network monitoring is basically undetectable to attackers, and can’t be turned off. The native traffic mirroring in the public clouds also lets copies of the traffic be easily routed to analysis tools.“

“Now we are trying to educate about NDR and build its value,” he stated.

ExtraHop made a pair of announcements at this year’s Re:Invent event.

“We announced a new integration with AWS that can automatically quarantine a comprised EC2 instance, utilizing the cloud native tools to quarantine and shut it down,” Davis said. “The affected instance can also be simply blocked, ticketed or tagged, if desired.”

Davis said that this capability puts more meaning into the R in NDR.

“This automation capability opens up remediation within the cloud, and is valuable for customers to get value from network data without having to bring a tool set into their bag,” he commented.

“In addition to the automation, we also announced continuous packet capture in AWS,” Davis added.

While ExtraHop also works with the Microsoft and Google clouds, Davis pointed out that ExtraHop’s virtual tap AWS cloud offerings are more advanced simply because AWS is the most advanced of the three clouds in this area.

“Azure has announced vTap, but it still hasn’t reached General Availability,” he said. “Google just announced their Virtual Tap three weeks ago. AWS is ahead in this space.”

While ExtraHop has always had a channel focus, Fitzmaurice stated that since his arrival two years ago, they have increased channel resources significantly.

“I inherited a strong channel culture coming in two years ago, but since then we have driven business aggressively through the channel and robustly built out our channel team,” he said. “In the last two years, we have had a sharp increase in that channel head count. We also built out the team globally, in EMEA and APAC. We have two channel sales people who cover Canada out of the U.S.” ExtraHop’s Panorama Partner Program was also enhanced last May.

At the same time that internal channel resources were increased, the decision was made to focus the sales effort on the most productive partners.

“When I got here, we had too many partners for the revenue generated,” Fitzmaurice stated. “We sharply grew revenue by focusing on fewer partners – around those who were very active and the most invested. Since then, we have also recruited new ones, particularly MSSPs and cloud-first GSIs, to take advantage of the workloads migrating to the cloud.  When we launched ExtraHop Reveal(x) Cloud last June, it also enabled existing partners to go after managed security services.”

“We are leading with cloud-native now,” Davis said. “Before, it had been ad hoc, so wide but not deep. Now we are hiring resources to go after those specifically.

“We want to be seen as the NDR vendor of choice for the channel,” Davis emphasized.