back caretBlog

When L3 Stats Just Aren't Enough

Picture 2At ExtraHop, we sometimes talk about L2 and L3 statistics as "table stakes". For a network and application management solution, you need to have visibility into those layers. But by and large, they are just not enough to solve some of the more complex problems in today's environments.

Case in point. We were doing a pilot (or as we call it Proof of Value) at a customer site. On day 3 of the installation, they had a network event. Using the legacy network tools they owned, the customer looked at L3 statistics and saw an anomaly in the network utilization trend.

So they gave ExtraHop a call and asked us to analyze the problem - "why did the network utilization drop 20% from our norm?" We first looked at the network, and verified their observation that the bandwidth utilization did fall off a cliff. But more interestingly, we looked at the associated applications and application servers. From there, we quickly found a pile of application errors, HTTP 500s. The real issue is these application errors. The average size of a completed transaction was about 6KB, while the error message was just a few hundred bytes in size. Failing transactions instead of successful completions drastically reduced the overall traffic on the network.

So the "network problem" they detected via the legacy L3 tools was only a symptom of the real problem. While the ExtraHop system was able to see both sides and point to the correct root cause. This exercise was a perfect showcase for the kind of power our L7 application analysis can bring, and as a result, the client signed on happily as a customer.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed