In July 2016, the biggest thing in security was ransomware. Several major ransomware attacks had made headlines in the preceding months, with healthcare hit particularly hard. This was in the early days, before ransomware like WannaCry and NotPetya would take down organizations on a global scale, but even so it was taking up a lot of real estate on security blogs and tech websites.
When I joined ExtraHop as CEO in July 2016, ransomware was a headline maker for us, too. Our platform, which had long been used by IT Operations teams, was increasingly being used in security, and ransomware detection was the flagship use case. But back then, ExtraHop was an IT Operations company. Our buyers were IT architects and Directors of Networking. Network and application performance was our DNA, not SecOps.
I've been in technology for more than three decades, and my experience spans everything from engineering to marketing to general management. In my years working for leading organizations, among them the Danaher companies, I've learned a thing or two about opportunity. First, seizing opportunity requires more than seeing it. If you don't have the know-how and the operational discipline to truly take advantage of an opportunity, the decision to pursue it is brash, not bold. Second, when it comes to separating opportunity from fantasy, listen to your customers.
It was customers who ultimately guided the decision to take a hard look at the security market. By 2016, nearly three-fourths of our customers were using us for security in some capacity, whether it was ransomware or hygiene and compliance. But our product was originally designed around an IT Operations workflow using the language of IT Ops. To seriously pursue a security buyer, we'd have to build a product purpose-built for security workflows and users – one that would have a chance of being taken seriously in the crowded, noisy, hype-filled security market.
While we believed the market opportunity was there, pursuing it was a risk. We'd need to hire security experts across R&D, sales, and marketing. We'd have to invest both human resources and dollars in product development, and later, demand generation and awareness. And we'd have to do it quickly. The emerging network traffic analysis category was starting to gain momentum and it was occupied by some well-funded up-and-comers with a propensity for hype. After a decade as an IT Operations vendor, deciding to turn the ship and heavily pursue the security market with an entirely new product line was in many ways a bet-the-company move.
We decided to bet for two reasons: first, the market opportunity was staring us in the face; and second, ExtraHop had long demonstrated an ability to run fast and lean. Indeed, while many technology vendors go out and tout huge venture capital investments, ExtraHop runs so efficiently that our last round was a Series C almost five years ago. Since then, top-flight talent and smart execution allowed us to scale and grow fast without needing to return to the well again and again.
And so, in 2017, we decided to run hard at the security market. We hired top talent from leading security vendors around the world. We expanded our expertise in machine learning. And in January 2018, we launched Reveal(x) to the market.
Just shy of one year later, the results speak for themselves. Our security business has taken off, growing by more than 10x in the second half of 2018 and propelling the company to blow way past $100 million in bookings. And our customers absolutely love it!
All too often, bet-the-company decisions are made based on excitement and ambition. They confuse brashness for boldness. They fail to take into account viability – not only in terms of strategy and market opportunity, but in the operational foundation required to execute.
Our move to security was bold. We bet the company, and we're winning.