ExtraHop Brings Packet Capture into the Modern Era, Makes Traditional Tools Obsolete

Surgical Packet Capture Pinpoints Exact Source of Problems, Saving IT Organizations Massive Amounts of Time, Effort, and Cost

 

SEATTLE, WA — November 8, 2012 — ExtraHop Networks, the leading provider of network-based application performance management (APM) solutions, today announced a new policy-based, precision packet-capture method that renders traditional packet-capture methods obsolete. With the new solution, IT operations teams can identify root causes of errors and suspicious activity much faster with a concise and relevant packet capture of the exact offending application flow, while avoiding the storage requirements, complex identification, and high costs that characterize legacy packet capture techniques.

"Packet capture is a tried-and-true method of analyzing the root cause of network and application issues," said Will Cappelli, Gartner Research Vice President. "However, traditional packet-capture tools are simply too cumbersome and expensive to handle the growing volume and speed of data center networks. For packet capture to remain a viable solution for IT operations, performance monitoring vendors need to enable a new, different approach that is more precise and intelligent."

Although traditional packet capture products that store multiple terabytes of data are sometimes required for compliance, this legacy approach should not be used for diagnostics for the following reasons:

1. Burdensome guesswork and wait-and-see delays. Legacy packet captures rely on educated guesses of where to look. IT teams often must wait for the problem to occur again before they can capture the packets needed to pinpoint the problem.
2. Excessive storage demands. The alternative is to constantly store all packets, and at rates such as 10Gbps, this approach will fill more than 100TB of storage in one day—an extremely expensive proposition.
3. Inefficient and personnel-intensive analysis. If the correct traffic can be captured, skilled network engineers must spend hours if not days digging through gigabytes of data to find the problem.

The ExtraHop method of policy-based, precision packet capture is unique and made possible by the full-stream reassembly and high-speed, real-time processing of the ExtraHop system. With ExtraHop, IT Operations teams, for the first time, can surgically capture the right packets at the right time:

1. Passive, real-time approach. The ExtraHop system passively processes application and network traffic in real-time, performing full-stream reassembly for millions of flows.
2. Customizable for every environment with AI Triggers. Using Application Inspection Triggers (AI Triggers) technology, IT teams can set a policy for anomalous or suspicious events they would like to capture.
3. Surgical precision for accurate analysis. When an event such as an application error, a malformed request, or suspicious file access occurs, ExtraHop automatically records the packets for the application and network flow that preceded and caused that event.
4. Instant replay to save money and time. For the first time, IT operations teams have an exact replay of what caused a particular error or slowdown immediately after an event, saving considerable money and time.

"Finding a problem in a small packet capture is hard. Finding a problem in a large packet capture is like looking for a snowflake in an avalanche," said Jesse Rothstein, ExtraHop CEO. "Using Application Inspection Triggers and precision packet capture, IT teams can detect an event and go back in time to record just the packets that are of interest. Much like the flux capacitor, our packet buffer is what makes time travel possible, enabling ExtraHop to provide the operational intelligence that IT teams need to drive down costs, increase productivity, and keep services running smoothly."