ExtraHop applies machine learning to wire data monitoring

Because no product can maintain market share without a good side serving of machine learning.

network room data center
Credit: Thinkstock

The technology industry is perhaps the biggest user (some might say abuser) of buzzwords. Who can recall the scene on HBO's comedy "Silicon Valley" where startup after startup tried to show just how hip they were by detailing their focus on social, mobile and local? We had SoLoMo, MoLoSo, LoSoMo and every other combination under the sun.

The reality is that, 9 times out of 10, buzzwords mean nothing other than giving potential customers the ability to tick another box on their assessment forms.

So I was a little skeptical when ExtraHop -- a vendor that offers organizations the ability to monitor all of the traffic occurring across their networks -- pitched me on its new SaaS offering that, according to the company, has lots of machine-learning goodness on tap.

You see, machine learning is the enterprise IT flavor du jour. As a concept it is pretty simple: that platforms will, over time, automatically learn from decisions and outcomes to become more effective. But often the reality of machine learning offerings is sadly less than what is promised, hence my initial skepticism.

So, what is it that ExtraHop already does, and what will this machine learning addition add to its customers?

ExtraHop is quick to label itself a wire data monitoring company. It takes real-time network data and helps organizations make sense of it. ExtraHop points to the top-shelf Fortune 500 companies using its platform as justification for all the differentiation it is at pains to articulate -- quoted customers include Sony, Lockheed Martin, Microsoft, Adobe and Google.

In a space that is getting increasingly complex as application performance monitoring vendors and infrastructure monitoring vendors converge on the same space, ExtraHop is deftly taking a step to the side by reframing the conversation as a wire data one. I'm not completely sold on the difference being valid but, nomenclature aside, this is an article about ExtraHop's new offering, not how it describes itself.

The new offering, ExtraHop Addy, according to the company, is the industry's first SaaS offering that processes all digital transactions from the network and applies machine learning to detect anomalies in real time. There are a lot of vendors that might disagree with that assessment (Splunk, anyone?) but, no matter.

What Addy does is use the data from the core ExtraHop platform and from it build continuous baselines for every device, network and application, and then proactively detect and surface potential issues in the environment. Then the machine learning comes in: The core algorithm and heuristics continuously learn by incorporating feedback from in-house and crowd-sourced domain expertise, thereby (as promised) reducing the number of false positives.

My POV

I’ve always felt a little uncomfortable with ExtraHop's strong assertion that it's fundamentally different from the other monitoring vendors out there. To be honest, I see no huge need to differentiate at all -- it is a busy space but one with a very real and very broad customer need. There's space for all comers. The fact of the matter is that, as ExtraHop itself points out, organizations overwhelmingly want to be data-driven, but the quality of the data and the ability to access it at the pace of business is a significant barrier.

But, rather than a critique of ExtraHop per se, this is all about its machine-learning innovations. I really like the idea of a platform ingesting real data and developing dynamic baselines and hypotheses from it. That said, it strikes me that this sort of dynamic baseline generation is pretty much table stakes by now -- anyone relying on static baselines or forcing users to react to changing environments to manually set trigger points and alarm levels is sadly behind the times.

So that's not a criticism of Addy at all; it looks like a solid offering. But I rail against the "unique," "industry-first" and "groundbreaking" tone of the announcement. Addy is useful and a very valuable addition to ExtraHop customers, but it really doesn't strike me as something completely new.

Even if it's got all the best buzzwords.

This article is published as part of the IDG Contributor Network. Want to Join?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10