One of the nice things about the tech industry is that experts are happy to share their knowledge and experiences so that everyone benefits. Rasika Nayanajith fits that mold well.
A network engineer who holds several certifications, including CWNE #153, CCIE #22989 (R&S, Wireless), Rasika writes about what he's learned while studying for those exams as well as his journey of practicing mindfulness with Vipassana meditation on his personal blog.
Rasika recently posted an extensive review of the ExtraHop platform on his blog and we wanted to ask him a few further questions about his experience using the product.
What are you responsible for as a network engineer? What does your day-to-day routine look like?
I am Team Leader for networks at one of the leading universities in Australia and responsible for managing wired and wireless network connectivity.
Why did your organization decide to purchase ExtraHop?
Primarily, we were looking for a product to replace our NetFlow monitoring tool. But we also needed more application visibility as many of our applications have moved to the cloud environment in the past several years. So ExtraHop was a perfect fit for our requirements.
We conducted an extensive four-week proof-of-concept with ExtraHop and uncovered a lot of issues that convinced us of the product's value. Some brief observations:
- The product was very easy to implement with no agents required
- We could use SPAN feeds to ingest the data without needing further instrumentation
- The product automatically discovers and classifies many protocols, collects metrics, and maps dependencies
- Creating dashboards in ExtraHop is very easy
- The platform is very extensible and open with triggers and Open Data Stream functionality
- There is a unified web interface for multiple nodes, with the ability drill down from top-level aggregate views into transactions with just a couple of clicks
- We could use our own network storage to extend our long-term metrics lookback
What types of problems has ExtraHop helped to solve for your organization?
ExtraHop gave us clear visibility into network traffic that helped us to understand our applications' traffic flows much better. For example, we identified certain database traffic was unencrypted, even though the application owners thought that traffic was encrypted across the network. ExtraHop was able to identify those database queries on the wire. As a result, application owners implemented necessary traffic encryption policies on that system to secure that database traffic.
In the past, we did not have that kind of application visibility, so we were not able to help application teams effectively. With ExtraHop, we gave them greater visibility into their traffic flows and provided direction on what to focus on when they do application troubleshooting. All of these activities helped us to gain more credibility for the network team and make our internal customers happy.
ExtraHop also helped us to diagnose network issues by simply baselining network traffic where we could easily identify anomalies. Wire data from ExtraHop has sub-second accuracy, giving us a lot of confidence that we can make use of its analytics to resolve many network security-related incidents.
What do you wish other network engineers knew about ExtraHop?
They should know about the power of this tool and how it can help to make your life easy as a network engineer. Once they experience how ExtraHop make their job easier, they will never let it go from their monitoring toolset.
For my own part, I would like to see ExtraHop provide wireless-specific metrics (by CAPWAP protocol analysis, WLC NetFlow analysis) and provide us similar analytics on Wi-Fi performance. That is one of the challenges many of us face today where user experience is different when they are accessing services using wired and wireless mediums. If ExtraHop can help us to identify those issues, that will be a significant differentiator between ExtraHop and its competitive products.